Computer Problems & Virtumonde Problems !! Please HELP!!

FantasyGirl · Sep 13, 2007

My computer is very slow right now. Im having lots of problems with pop ups and spybot says it deletes virtumonde but then it returns again. Can someone please look over my highjack log and tell me if they notice anything wrong that they can help me fix. Thank you so much!

Logfile of HijackThis v1.99.1
Scan saved at 1:12:09 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SSC\NSCTOP.EXE
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\cxmkyyrj.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\lwt7rw68.slt\prefs.js)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\yixyqhjg.dll",forkonce
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/installers/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/installers/cab/Install-Errorprotector-Free.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42B7CE7C-E69A-4BDB-88C0-F524928BF52C}: NameServer = 4.2.2.1,192.168.1.1
O18 - Protocol: bw+0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\cxmkyyrj.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE

ken545 · Sep 14, 2007

Hello FantasyGirl

Welcome to Safer Networking.

Please read Before You Post

You do have some issues going on, lets do this.

Download VundoFix to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

C:\Program Files\HijackThis\HijackThis.exe <--Go here and right click on the HJT Icon, (looks like a red stick of dynamite with a plunger) and rename it to FantasyGirl.exe <-- Don't forget the .exe and post a new log.

I need to see the Vundofix log, the Combofix log and a New HJT log with it renamed please

FantasyGirl · Sep 14, 2007

Thank you for taking the time to help me. I greatly appreciate it. Here are the three logs that you requested. I hope I did everything right. I guess I have to post them one by one because when I try to post this all together it says my thread can only have 20000 characters. Anyways, here's the HIGHJACK LOG:

HIGHJACK LOG:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:29 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\FantasyGirl.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\lwt7rw68.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1BB8A0E6-5396-420A-930C-5B0F533551C0} - C:\WINDOWS\system32\aujwgcoc.dll
O2 - BHO: (no name) - {52DA17F7-1938-411F-AC09-4DBA1C3CEA18} - C:\WINDOWS\repair\pm3niet.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm238YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files/installers/cab/Install-Errorprotector-Free.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42B7CE7C-E69A-4BDB-88C0-F524928BF52C}: NameServer = 4.2.2.1,192.168.1.1
O18 - Protocol: bw+0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE

FantasyGirl · Sep 14, 2007

Here's the VUNDOFIX LOG:

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 8:51:21 PM 9/13/2007

Listing files found while scanning....

C:\WINDOWS\repair\pm3niet.dll
C:\WINDOWS\repair\tein3mp.bak1
C:\WINDOWS\repair\tein3mp.bak2
C:\WINDOWS\repair\tein3mp.ini
C:\WINDOWS\repair\tein3mp.ini2
C:\WINDOWS\repair\tein3mp.tmp
C:\windows\system32\acapibpi.dll
C:\windows\system32\awfbtaqy.ini
C:\windows\system32\awujohqk.ini
C:\windows\system32\bdwyerbv.dll
C:\windows\system32\bkhirwje.dll
C:\WINDOWS\system32\buwfhhph.dll
C:\windows\system32\bydbsfuq.dll
C:\windows\system32\cphybnsh.dll
C:\windows\system32\ctxjdqfs.dll
C:\windows\system32\cyelqwjy.ini
C:\windows\system32\dbulqijd.ini
C:\windows\system32\djiqlubd.dll
C:\windows\system32\djnatnhb.dll
C:\windows\system32\dlmceswb.dll
C:\windows\system32\drlydmoh.dll
C:\windows\system32\ejwrihkb.ini
C:\WINDOWS\system32\esncqkma.dll
C:\windows\system32\faxhlxnk.ini
C:\windows\system32\fcnnpuku.dll
C:\windows\system32\feiueeqf.dll
C:\windows\system32\finwmmbx.dll
C:\windows\system32\fjjpdjwn.dll
C:\windows\system32\focexuni.dll
C:\windows\system32\fqeeuief.ini
C:\windows\system32\ftkfxanu.ini
C:\windows\system32\gebyw.dll
C:\windows\system32\ggbtgnjr.ini
C:\windows\system32\gjhqyxiy.ini
C:\windows\system32\gpelcixi.dll
C:\windows\system32\homdylrd.ini
C:\windows\system32\hxfxnpfr.ini
C:\windows\system32\hyhdstmc.dll
C:\WINDOWS\system32\ifoihaxd.dll
C:\windows\system32\imhginxu.dll
C:\windows\system32\inuxecof.ini
C:\windows\system32\iovphhig.dll
C:\windows\system32\ipbipaca.ini
C:\WINDOWS\system32\iqbvtkcf.dll
C:\windows\system32\irfwpiny.dll
C:\windows\system32\ivkckvyn.dll
C:\windows\system32\ixiclepg.ini
C:\windows\system32\kakdfdvd.dll
C:\windows\system32\kcecnknw.dll
C:\WINDOWS\system32\kgwjynsj.dll
C:\windows\system32\knxlhxaf.dll
C:\windows\system32\kpjiqvgs.dll
C:\windows\system32\kqhojuwa.dll
C:\windows\system32\lcuyyfdl.dll
C:\windows\system32\ldfyyucl.ini
C:\windows\system32\lftliqws.ini
C:\windows\system32\ltmaofam.dll
C:\windows\system32\mfuklppq.dll
C:\windows\system32\nielipqc.dll
C:\windows\system32\nmekjgik.dll
C:\windows\system32\nnpdllhx.dll
C:\windows\system32\noauqptr.ini
C:\windows\system32\nujykhps.dll
C:\WINDOWS\system32\nvneffwj.dll
C:\windows\system32\olvatbrx.dll
C:\windows\system32\pelyhckh.dll
C:\windows\system32\penlchfq.ini
C:\windows\system32\pimsmvpl.dll
C:\windows\system32\pkaylxct.ini
C:\windows\system32\qfhclnep.dll
C:\windows\system32\qneusbpi.dll
C:\windows\system32\rfpnxfxh.dll
C:\windows\system32\rjngtbgg.dll
C:\windows\system32\rtpquaon.dll
C:\windows\system32\sfqdjxtc.ini
C:\WINDOWS\system32\sprxpapd.dll
C:\WINDOWS\system32\supaamon.dll
C:\windows\system32\swqiltfl.dll
C:\windows\system32\tcxlyakp.dll
C:\windows\system32\tkoiuccr.dll
C:\windows\system32\tljxobqc.dll
C:\windows\system32\txwjpkyt.dll
C:\windows\system32\tykpjwxt.ini
C:\windows\system32\unaxfktf.dll
C:\windows\system32\urqitalv.dll
C:\windows\system32\vajkxsvl.dll
C:\windows\system32\vbreywdb.ini
C:\windows\system32\vgnnwroi.dll
C:\windows\system32\vlatiqru.ini
C:\windows\system32\vuuktowu.dll
C:\windows\system32\wnknceck.ini
C:\windows\system32\wpvjopyo.dll
C:\windows\system32\wybeg.tmp
C:\windows\system32\xbmmwnif.ini
C:\windows\system32\xqqepbkn.dll
C:\WINDOWS\system32\yixyqhjg.dll
C:\windows\system32\yjwqleyc.dll
C:\windows\system32\yqatbfwa.dll
C:\windows\system32\ythsurpm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\repair\pm3niet.dll
C:\WINDOWS\repair\pm3niet.dll Has been deleted!

Attempting to delete C:\WINDOWS\repair\tein3mp.bak1
C:\WINDOWS\repair\tein3mp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\repair\tein3mp.bak2
C:\WINDOWS\repair\tein3mp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\repair\tein3mp.ini
C:\WINDOWS\repair\tein3mp.ini Has been deleted!

Attempting to delete C:\WINDOWS\repair\tein3mp.ini2
C:\WINDOWS\repair\tein3mp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\repair\tein3mp.tmp
C:\WINDOWS\repair\tein3mp.tmp Has been deleted!

Attempting to delete C:\windows\system32\acapibpi.dll
C:\windows\system32\acapibpi.dll Has been deleted!

Attempting to delete C:\windows\system32\awfbtaqy.ini
C:\windows\system32\awfbtaqy.ini Has been deleted!

Attempting to delete C:\windows\system32\awujohqk.ini
C:\windows\system32\awujohqk.ini Has been deleted!

Attempting to delete C:\windows\system32\bdwyerbv.dll
C:\windows\system32\bdwyerbv.dll Has been deleted!

Attempting to delete C:\windows\system32\bkhirwje.dll
C:\windows\system32\bkhirwje.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\buwfhhph.dll
C:\WINDOWS\system32\buwfhhph.dll Has been deleted!

Attempting to delete C:\windows\system32\bydbsfuq.dll
C:\windows\system32\bydbsfuq.dll Has been deleted!

Attempting to delete C:\windows\system32\cphybnsh.dll
C:\windows\system32\cphybnsh.dll Has been deleted!

Attempting to delete C:\windows\system32\ctxjdqfs.dll
C:\windows\system32\ctxjdqfs.dll Has been deleted!

Attempting to delete C:\windows\system32\cyelqwjy.ini
C:\windows\system32\cyelqwjy.ini Has been deleted!

Attempting to delete C:\windows\system32\dbulqijd.ini
C:\windows\system32\dbulqijd.ini Has been deleted!

Attempting to delete C:\windows\system32\djiqlubd.dll
C:\windows\system32\djiqlubd.dll Has been deleted!

Attempting to delete C:\windows\system32\djnatnhb.dll
C:\windows\system32\djnatnhb.dll Has been deleted!

Attempting to delete C:\windows\system32\dlmceswb.dll
C:\windows\system32\dlmceswb.dll Has been deleted!

Attempting to delete C:\windows\system32\drlydmoh.dll
C:\windows\system32\drlydmoh.dll Has been deleted!

Attempting to delete C:\windows\system32\ejwrihkb.ini
C:\windows\system32\ejwrihkb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\esncqkma.dll
C:\WINDOWS\system32\esncqkma.dll Has been deleted!

Attempting to delete C:\windows\system32\faxhlxnk.ini
C:\windows\system32\faxhlxnk.ini Has been deleted!

Attempting to delete C:\windows\system32\fcnnpuku.dll
C:\windows\system32\fcnnpuku.dll Has been deleted!

Attempting to delete C:\windows\system32\feiueeqf.dll
C:\windows\system32\feiueeqf.dll Has been deleted!

Attempting to delete C:\windows\system32\finwmmbx.dll
C:\windows\system32\finwmmbx.dll Has been deleted!

Attempting to delete C:\windows\system32\fjjpdjwn.dll
C:\windows\system32\fjjpdjwn.dll Has been deleted!

Attempting to delete C:\windows\system32\focexuni.dll
C:\windows\system32\focexuni.dll Has been deleted!

Attempting to delete C:\windows\system32\fqeeuief.ini
C:\windows\system32\fqeeuief.ini Has been deleted!

Attempting to delete C:\windows\system32\ftkfxanu.ini
C:\windows\system32\ftkfxanu.ini Has been deleted!

Attempting to delete C:\windows\system32\gebyw.dll
C:\windows\system32\gebyw.dll Has been deleted!

Attempting to delete C:\windows\system32\ggbtgnjr.ini
C:\windows\system32\ggbtgnjr.ini Has been deleted!

Attempting to delete C:\windows\system32\gjhqyxiy.ini
C:\windows\system32\gjhqyxiy.ini Has been deleted!

Attempting to delete C:\windows\system32\gpelcixi.dll
C:\windows\system32\gpelcixi.dll Has been deleted!

Attempting to delete C:\windows\system32\homdylrd.ini
C:\windows\system32\homdylrd.ini Has been deleted!

Attempting to delete C:\windows\system32\hxfxnpfr.ini
C:\windows\system32\hxfxnpfr.ini Has been deleted!

Attempting to delete C:\windows\system32\hyhdstmc.dll
C:\windows\system32\hyhdstmc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ifoihaxd.dll
C:\WINDOWS\system32\ifoihaxd.dll Has been deleted!

Attempting to delete C:\windows\system32\imhginxu.dll
C:\windows\system32\imhginxu.dll Has been deleted!

Attempting to delete C:\windows\system32\inuxecof.ini
C:\windows\system32\inuxecof.ini Has been deleted!

Attempting to delete C:\windows\system32\iovphhig.dll
C:\windows\system32\iovphhig.dll Has been deleted!

Attempting to delete C:\windows\system32\ipbipaca.ini
C:\windows\system32\ipbipaca.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iqbvtkcf.dll
C:\WINDOWS\system32\iqbvtkcf.dll Has been deleted!

Attempting to delete C:\windows\system32\irfwpiny.dll
C:\windows\system32\irfwpiny.dll Has been deleted!

Attempting to delete C:\windows\system32\ivkckvyn.dll
C:\windows\system32\ivkckvyn.dll Has been deleted!

Attempting to delete C:\windows\system32\ixiclepg.ini
C:\windows\system32\ixiclepg.ini Has been deleted!

Attempting to delete C:\windows\system32\kakdfdvd.dll
C:\windows\system32\kakdfdvd.dll Has been deleted!

Attempting to delete C:\windows\system32\kcecnknw.dll
C:\windows\system32\kcecnknw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\kgwjynsj.dll
C:\WINDOWS\system32\kgwjynsj.dll Has been deleted!

Attempting to delete C:\windows\system32\knxlhxaf.dll
C:\windows\system32\knxlhxaf.dll Has been deleted!

Attempting to delete C:\windows\system32\kpjiqvgs.dll
C:\windows\system32\kpjiqvgs.dll Has been deleted!

Attempting to delete C:\windows\system32\kqhojuwa.dll
C:\windows\system32\kqhojuwa.dll Has been deleted!

Attempting to delete C:\windows\system32\lcuyyfdl.dll
C:\windows\system32\lcuyyfdl.dll Has been deleted!

Attempting to delete C:\windows\system32\ldfyyucl.ini
C:\windows\system32\ldfyyucl.ini Has been deleted!

Attempting to delete C:\windows\system32\lftliqws.ini
C:\windows\system32\lftliqws.ini Has been deleted!

Attempting to delete C:\windows\system32\ltmaofam.dll
C:\windows\system32\ltmaofam.dll Has been deleted!

Attempting to delete C:\windows\system32\mfuklppq.dll
C:\windows\system32\mfuklppq.dll Has been deleted!

Attempting to delete C:\windows\system32\nielipqc.dll
C:\windows\system32\nielipqc.dll Has been deleted!

Attempting to delete C:\windows\system32\nmekjgik.dll
C:\windows\system32\nmekjgik.dll Has been deleted!

Attempting to delete C:\windows\system32\nnpdllhx.dll
C:\windows\system32\nnpdllhx.dll Has been deleted!

Attempting to delete C:\windows\system32\noauqptr.ini
C:\windows\system32\noauqptr.ini Has been deleted!

Attempting to delete C:\windows\system32\nujykhps.dll
C:\windows\system32\nujykhps.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nvneffwj.dll
C:\WINDOWS\system32\nvneffwj.dll Has been deleted!

Attempting to delete C:\windows\system32\olvatbrx.dll
C:\windows\system32\olvatbrx.dll Has been deleted!

Attempting to delete C:\windows\system32\pelyhckh.dll
C:\windows\system32\pelyhckh.dll Has been deleted!

Attempting to delete C:\windows\system32\penlchfq.ini
C:\windows\system32\penlchfq.ini Has been deleted!

Attempting to delete C:\windows\system32\pimsmvpl.dll
C:\windows\system32\pimsmvpl.dll Has been deleted!

Attempting to delete C:\windows\system32\pkaylxct.ini
C:\windows\system32\pkaylxct.ini Has been deleted!

Attempting to delete C:\windows\system32\qfhclnep.dll
C:\windows\system32\qfhclnep.dll Has been deleted!

Attempting to delete C:\windows\system32\qneusbpi.dll
C:\windows\system32\qneusbpi.dll Has been deleted!

Attempting to delete C:\windows\system32\rfpnxfxh.dll
C:\windows\system32\rfpnxfxh.dll Has been deleted!

Attempting to delete C:\windows\system32\rjngtbgg.dll
C:\windows\system32\rjngtbgg.dll Has been deleted!

Attempting to delete C:\windows\system32\rtpquaon.dll
C:\windows\system32\rtpquaon.dll Has been deleted!

Attempting to delete C:\windows\system32\sfqdjxtc.ini
C:\windows\system32\sfqdjxtc.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\sprxpapd.dll
C:\WINDOWS\system32\sprxpapd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\supaamon.dll
C:\WINDOWS\system32\supaamon.dll Has been deleted!

Attempting to delete C:\windows\system32\swqiltfl.dll
C:\windows\system32\swqiltfl.dll Has been deleted!

Attempting to delete C:\windows\system32\tcxlyakp.dll
C:\windows\system32\tcxlyakp.dll Has been deleted!

Attempting to delete C:\windows\system32\tkoiuccr.dll
C:\windows\system32\tkoiuccr.dll Has been deleted!

Attempting to delete C:\windows\system32\tljxobqc.dll
C:\windows\system32\tljxobqc.dll Has been deleted!

Attempting to delete C:\windows\system32\txwjpkyt.dll
C:\windows\system32\txwjpkyt.dll Has been deleted!

Attempting to delete C:\windows\system32\tykpjwxt.ini
C:\windows\system32\tykpjwxt.ini Has been deleted!

Attempting to delete C:\windows\system32\unaxfktf.dll
C:\windows\system32\unaxfktf.dll Has been deleted!

Attempting to delete C:\windows\system32\urqitalv.dll
C:\windows\system32\urqitalv.dll Has been deleted!

Attempting to delete C:\windows\system32\vajkxsvl.dll
C:\windows\system32\vajkxsvl.dll Has been deleted!

Attempting to delete C:\windows\system32\vbreywdb.ini
C:\windows\system32\vbreywdb.ini Has been deleted!

Attempting to delete C:\windows\system32\vgnnwroi.dll
C:\windows\system32\vgnnwroi.dll Has been deleted!

Attempting to delete C:\windows\system32\vlatiqru.ini
C:\windows\system32\vlatiqru.ini Has been deleted!

Attempting to delete C:\windows\system32\vuuktowu.dll
C:\windows\system32\vuuktowu.dll Has been deleted!

Attempting to delete C:\windows\system32\wnknceck.ini
C:\windows\system32\wnknceck.ini Has been deleted!

Attempting to delete C:\windows\system32\wpvjopyo.dll
C:\windows\system32\wpvjopyo.dll Has been deleted!

Attempting to delete C:\windows\system32\wybeg.tmp
C:\windows\system32\wybeg.tmp Has been deleted!

Attempting to delete C:\windows\system32\xbmmwnif.ini
C:\windows\system32\xbmmwnif.ini Has been deleted!

Attempting to delete C:\windows\system32\xqqepbkn.dll
C:\windows\system32\xqqepbkn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yixyqhjg.dll
C:\WINDOWS\system32\yixyqhjg.dll Has been deleted!

Attempting to delete C:\windows\system32\yjwqleyc.dll
C:\windows\system32\yjwqleyc.dll Has been deleted!

Attempting to delete C:\windows\system32\yqatbfwa.dll
C:\windows\system32\yqatbfwa.dll Has been deleted!

Attempting to delete C:\windows\system32\ythsurpm.dll
C:\windows\system32\ythsurpm.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.8

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 9:04:02 PM 9/13/2007

Listing files found while scanning....

No infected files were found.

FantasyGirl · Sep 14, 2007

And here's the COMBO FIX LOG:

ComboFix 07-09-13.3 - "Owner" 2007-09-13 21:12:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.276 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\err.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\acpkfpfh.exe
C:\WINDOWS\system32\aglmthxe.exe
C:\WINDOWS\system32\aujwgcoc.dll
C:\WINDOWS\system32\bdhxmcav.exe
C:\WINDOWS\system32\belldbnv.dll
C:\WINDOWS\system32\bhhquaqt.exe
C:\WINDOWS\system32\bigpnoyx.exe
C:\WINDOWS\system32\bocbbilf.dll
C:\WINDOWS\system32\ccxvcapp.exe
C:\WINDOWS\system32\ceqqqyyq.exe
C:\WINDOWS\system32\cmmnklrw.dll
C:\WINDOWS\system32\cppskpwv.exe
C:\WINDOWS\system32\dipuadcn.exe
C:\WINDOWS\system32\djfitucd.exe
C:\WINDOWS\system32\djoduogk.exe
C:\WINDOWS\system32\dtaxtgla.dll
C:\WINDOWS\system32\duajvjta.exe
C:\WINDOWS\system32\ehlhbwjw.exe
C:\WINDOWS\system32\eysexquk.exe
C:\WINDOWS\system32\fnnjtalk.exe
C:\WINDOWS\system32\gbhpbroy.exe
C:\WINDOWS\system32\gcjxtcqa.exe
C:\WINDOWS\system32\gnxlljov.exe
C:\WINDOWS\system32\gpcaanuf.dll
C:\WINDOWS\system32\gvqduhug.dll
C:\WINDOWS\system32\hkynpxum.dll
C:\WINDOWS\system32\htlvnxhk.dll
C:\WINDOWS\system32\hwbubgjr.dll
C:\WINDOWS\system32\ifdrfnfp.dll
C:\WINDOWS\system32\ifnriahm.dll
C:\WINDOWS\system32\ilrrjqfk.exe
C:\WINDOWS\system32\inejxhbb.exe
C:\WINDOWS\system32\inhdwfgl.exe
C:\WINDOWS\system32\iuxifpgv.exe
C:\WINDOWS\system32\jayntmhj.exe
C:\WINDOWS\system32\jeafhvcl.exe
C:\WINDOWS\system32\jpkitshu.exe
C:\WINDOWS\system32\kecdbuli.exe
C:\WINDOWS\system32\kthjjpxg.exe
C:\WINDOWS\system32\lexxkdbe.exe
C:\WINDOWS\system32\luybnbyh.exe
C:\WINDOWS\system32\lvqybnye.exe
C:\WINDOWS\system32\madvyelv.exe
C:\WINDOWS\system32\mbndqrnd.exe
C:\WINDOWS\system32\mhairnfi.ini
C:\WINDOWS\system32\muxpnykh.ini
C:\WINDOWS\system32\mwdoygag.exe
C:\WINDOWS\system32\nbhnoxqw.exe
C:\WINDOWS\system32\nclsnygd.exe
C:\WINDOWS\system32\ngxhkont.exe
C:\WINDOWS\system32\nndlkpdt.dll
C:\WINDOWS\system32\nrfhnowk.exe
C:\WINDOWS\system32\onwkhijp.exe
C:\WINDOWS\system32\onxotcne.exe
C:\WINDOWS\system32\oqxyqrkf.exe
C:\WINDOWS\system32\otowquvt.exe
C:\WINDOWS\system32\pagktkph.exe
C:\WINDOWS\system32\pgcocrdb.dll
C:\WINDOWS\system32\pnqjxidl.dll
C:\WINDOWS\system32\ptbiiwmo.exe
C:\WINDOWS\system32\pvwcfndq.dll
C:\WINDOWS\system32\pyxqcstk.exe
C:\WINDOWS\system32\qalotlyg.exe
C:\WINDOWS\system32\qvgsfngo.dll
C:\WINDOWS\system32\rocogruc.exe
C:\WINDOWS\system32\saurfseu.exe
C:\WINDOWS\system32\skasmdfi.exe
C:\WINDOWS\system32\sxldshpu.dll
C:\WINDOWS\system32\syhfvtdg.exe
C:\WINDOWS\system32\ticjiybl.exe
C:\WINDOWS\system32\tlfjvvgs.exe
C:\WINDOWS\system32\ucobqrgf.exe
C:\WINDOWS\system32\uplgufpf.exe
C:\WINDOWS\system32\uuhqhsmx.exe
C:\WINDOWS\system32\vqmjpukb.exe
C:\WINDOWS\system32\wfvbhmso.exe
C:\WINDOWS\system32\wigmwpag.exe
C:\WINDOWS\system32\wnrbxjnl.exe
C:\WINDOWS\system32\xakwwfev.exe
C:\WINDOWS\system32\xgqepaqd.exe
C:\WINDOWS\system32\xitxdsqa.exe
C:\WINDOWS\system32\xjajcbla.exe
C:\WINDOWS\system32\xoypvcje.exe
C:\WINDOWS\system32\xsaspmld.exe
C:\WINDOWS\system32\ylfwdcag.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-13 21:10 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 20:51 <DIR> d-------- C:\VundoFix Backups
2007-08-29 14:52 <DIR> d-------- C:\Program Files\Intuit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 14:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-13 02:00 --------- d-------- C:\Program Files\ewido anti-spyware 4.0
2007-09-12 20:34 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-12 20:34 --------- d-------- C:\Program Files\Common Files\aolshare
2007-08-29 14:51 --------- d-------- C:\Program Files\TurboTax
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-07-12 14:12 19532 --a------ C:\Program Files\hijackthis.log
2005-05-14 00:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 18:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 04:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 02:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 19:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 22:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 05:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 17:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 20:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 07:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52DA17F7-1938-411F-AC09-4DBA1C3CEA18}]
C:\WINDOWS\repair\pm3niet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WANMiniportService"=2 (0x2)
"VAIOMediaPlatform-VideoServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-VideoServer-AppServer"=3 (0x3)
"VAIOMediaPlatform-Mobile-Gateway"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-UPnP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-HTTP"=3 (0x3)
"VAIOMediaPlatform-IntegratedServer-AppServer"=3 (0x3)
"VAIO Entertainment UPnP Client Adapter"=3 (0x3)
"VAIO Entertainment TV Device Arbitration Service"=3 (0x3)
"VAIO Entertainment File Import Service"=3 (0x3)
"VAIO Entertainment Aggregation and Control Service"=3 (0x3)
"SymWSC"=2 (0x2)
"Sony TV Tuner Manager"=3 (0x3)
"Sony TV Tuner Controller"=3 (0x3)
"SNDSrvc"=2 (0x2)
"SBService"=3 (0x3)
"SAVScan"=2 (0x2)
"ose"=3 (0x3)
"navapsvc"=3 (0x3)
"Giga Pocket Hardware Detector"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOL ACS"=2 (0x2)

R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
R3 smrt;Sony MPEG RealTime encoder board;C:\WINDOWS\system32\DRIVERS\smrt.sys
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys
S4 VAIO Entertainment File Import Service;VAIO Entertainment File Import Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
S4 VAIO Entertainment UPnP Client Adapter;VAIO Entertainment UPnP Client Adapter;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe -RunBySCM

.
Contents of the 'Scheduled Tasks' folder
"2005-03-20 18:32:16 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2007-09-14 04:14:33 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 21:14:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-13 21:15:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 21:15
.
--- E O F ---

ken545 · Sep 14, 2007

Good Morning,

You did quite well :bigthumb:, your system was pretty heavily infected with the Vundo Trojan. Just some leftovers to take care of.

Just to keep you abreast of what we are doing, the reason I had you rename HJT is because the thieves that have written the Vundo Trojan have written it to evade a HJT scan and by renaming it to something else, if Vundo is present it will show up on your log.

Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {1BB8A0E6-5396-420A-930C-5B0F533551C0} - C:\WINDOWS\system32\aujwgcoc.dll
O2 - BHO: (no name) - {52DA17F7-1938-411F-AC09-4DBA1C3CEA18} - C:\WINDOWS\repair\pm3niet.dll (file missing)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZCxdm238YYUS

This is where you got into trouble by downloading these two programs, they are what got you infected.
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://cdn.downloadcontrol.com/files...ector-Free.cab

Download Pocket Killbox to your desktop.

Highlight the file with the complete path inside the Quote Box and press Ctrl C on your keyboard.

C:\WINDOWS\system32\aujwgcoc.dll

Open Pocket Killbox
Go to File > Paste from clipboard
Set it to Delete on Reboot
Tick the box that says End Explorer shell while killing file
If its not greyed out..Click the radio button that say Unregister .dll before deleting.
Make sure Single File is selected
Click on the Red circle with the white X
It will ask you to confirm the deletion...Say yes
It will ask you to reboot, say yes

If you get a message "pending operations has been stopped by external process!" then reboot the computer manually.

Please download ATF Cleaner by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up

Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:

Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems and install the update
Java Runtime Environment Version 6 Update 2 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify

I like to to do the offline installation and save the setup file in case I may need it in the future

Let me see one last HJT log to make sure nothing has returned. How are things running now???

FantasyGirl · Sep 14, 2007

WOW!! What I huge difference. Thank you Thank you Thank you!! I really appreciate all time you took helping me. So, is there a really good free program that I can download that will help secure my computer from this happening to me again, or does it even need it? Also, should I keep all the new programs that you had me download or will they slow down my computer by keeping them? I was going to keep all your instructions just incase this happens to me again. Again, thank you so much.

Here is the last hijackthis log, please let me know if everything looks good:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:46 AM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\SSC\NSCTOP.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\FantasyGirl.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\lwt7rw68.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712....akamai.com/6712/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{42B7CE7C-E69A-4BDB-88C0-F524928BF52C}: NameServer = 4.2.2.1,192.168.1.1
O18 - Protocol: bw+0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {2357E8B5-FB26-4239-906C-60BD93E6A185} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE

ken545 · Sep 14, 2007

Your log looks very good :bigthumb: You did very well following all my instructions, thank you.

As far as Combofix, Vundofix and Killbox, you can drag them to the trash bin, there not something you run once in awhile, remove the wrong thing and you can get into trouble. If you run into problems in the future ( lets hope not ) there will always be a new version as the dirt bags that write this garbage are adding new files all the time.

ATF cleaner was written by Atribune, one of our very talented and dedicated malware fighters. You can run that every week or so as all the temp files and such will build up and tend to slow you down.. I would check just the following.

1. Windows temp.
2. Current user temp.
3. All users temp.
4. Temporary Internet files
5. Cookies <-- Just remember your log on and passwords that you need.

You can keep HJT and keep it renamed , lets hope you will never need it again :lip:

Just keep in mind that all the legit anti virus and spyware programs will never pop up with a warning and offer a free scan, thats the number 1 method of getting infected.

Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.

How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
Tom Coyote
TonyKlein CastleCops
Grinler BleepingComputer
Geeks To Go
Dslreports

Here are some free programs to install, there all free and highly recommended by the great people in the Malware Removal Community

Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.
Spyware Blaster It will prevent most spyware from ever being installed.
Spyware Guard It offers realtime protection from spyware installation attempts.
IE-Spyad
IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
(cookies etc) from the sites listed, although you will still be able to connect to the sites.
Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
painless download and install, it will no way interfere with IE, you can use them both.
Zone Alarm Here is a free Firewall from Zone Labs, I
wouldn't access the internet without it.

In my above links, run the System Restore Program because all the bad stuff we removed is most likley backed up in that program and you need to flush it out. Post back if you have problems with it.

Safe Surfn
Ken

FantasyGirl · Sep 15, 2007

Thanks for the tip about the restore point. I deleted all my old restore points and created a new one. I also downloaded all the programs that you recommended to me except that there was a problem with IE-Spyad and Zone Alarm.

I clicked the link you gave me for IE-Spyad but was a little confussed where to find the download link. I tried to just do a websearch for the program and clicked on a site that had the download page but it said this " Please Note: the original IE-SPYAD format that used .REG files to load and unload the Restricted Sites list is no longer available and will not be maintained. The same holds true for IE-SPYAD2. Both are replaced by what used to be called IE-SPYAD for ZonedOut. ZonedOut is a free utility that loads and unloads a plain text list of domains into the Restricted sites zone. You can think of ZonedOut as an improved replacement for the .BAT file utility used in the "original" IE-SPYAD. This new version of IE-SPYAD provides the same protection as the old version, but is easier to use and maintain.

I really didnt want to download it until I talked to you about it. Did the program change its name, is that what its saying? Or is it just someone that is trying to get me to download thier program instead of the IE-Spyad? I dont trust anybody anymore so I wanted to ask you what you think I should do.

As for the ZoneAlarm program there seems to be a problem. I saved the program to my desktop and tried to install it. The download and install window pops up and I click to install it but then a ZoneAlarm Security Suite window pops up and says " Setup was unable to find the msi package or patch 'http:\\redirect.zonelabs.com\redirect\route?mode=1&pp=inclient&date=1&dest=stub&oem=1025&prod=0&lang=en&link_id=1'

Do you know what that means or what I should do?

FantasyGirl · Sep 15, 2007

Sorry, one more thing. About the Combofix, Vundofix and Killbox programs, do I have to uninstall them through the add and remove program in the control pannel because I tried but I couldnt find them listed. Is that why you said just to drag them into the trash bin? I wasnt sure. I just wanted to make sure I deleted all their program and log files that came with the program.

ken545 · Sep 15, 2007

The site for IE Spyad seems ok, but this is the link to the program, I am going to have to update my links in this forum for IE SpyAd. This link should take you to PCWorld Magazine

http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html

As far as Zone Alarm, thats a new one on me. . I have heard good things about the Comodo Firewall and this one is free also. Give it a try.

http://www.personalfirewall.comodo.com/

Ken

ken545 · Sep 15, 2007

We most have replied at the same time :laugh:

There is not Add Remove for those programs, just right click on them and delete them.

Ken

Computer Problems & Virtumonde Problems !! Please HELP!!

FantasyGirl

New member

ken545

Emeritus-Security Expert

FantasyGirl

New member

FantasyGirl

New member

FantasyGirl

New member

ken545

Emeritus-Security Expert

FantasyGirl

New member

ken545

Emeritus-Security Expert

FantasyGirl

New member

FantasyGirl

New member

ken545

Emeritus-Security Expert

ken545

Emeritus-Security Expert