Infected w/ Virtumonde??

Joseph M. · Dec 1, 2007

Hi all,
I have used this forum b4 and it has proven very helpful,
well, i downloaded something that had a virus on it. i am protecting my laptop w/ comodo. the virus immediatly went to work and comodo was catching it. The threat alert would come up and i would deny it. that happened about 15 times, during that time, i was trying to delete the file, but it said it was not accesable. I accidentaly did let one through though-ljjklkj.dll
that i believe was a file that caused a prob.
i can no longer log into my laptop any other way than in safe mode. it tries to startup, but during the xp loading screen it flashes the blue stop error screen, citing error
*** STOP: 0X0000006F (0XC00000ZZ,0X00000000,0X00000000,0X00000000)
at this point i ran safe mode, did a spybot(i couldnt update, but it did find 2 virtumonde. i told it to fix those and they havnt come back. i also ran atf-cleaner and vundo-fix, they both did not find anything.

i am unable to do a kaspersky, but a hijack this log will follow.

Joseph M. · Dec 1, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:37 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\cfp.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink\ElnIE.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V2 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {73F24B2F-4F7A-4BC2-A685-0333C49D1042} - C:\WINDOWS\system32\ljjklkj.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop\apdproxy.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink\TaskPanl.exe" -winstart
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled
O4 - Global Startup: Acrobat Assistant.lnk.disabled
O4 - Global Startup: Call of Duty(R) 2 Multiplayer (Safe Mode).lnk = ?
O4 - Global Startup: Call of Duty(R) 2 Multiplayer.lnk = ?
O4 - Global Startup: Call of Duty(R) 2 Single Player (Safe Mode).lnk = ?
O4 - Global Startup: Call of Duty(R) 2 Single Player.lnk = ?
O4 - Global Startup: CallWave.lnk.disabled
O4 - Global Startup: Documentation
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: RAMASST.lnk.disabled
O4 - Global Startup: Uninstall Call of Duty(R) 2.lnk = C:\Program Files\Common Files\InstallShield\Driver\9\Intel 32\IDriver.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink\Accelerator\\pac-image.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6F9B617-843A-4ACA-A8EF-33B40C76B419}: NameServer = 207.69.188.185 207.69.188.186
O18 - Protocol: bw+0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480

Joseph M. · Dec 1, 2007

\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C900692F-1347-457C-ABDE-1EC50EE39FFB} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: ljjklkj - C:\WINDOWS\SYSTEM32\ljjklkj.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

--
End of file - 22375 bytes

Joseph M. · Dec 1, 2007

Any assistence would be greatly appreciated.
JLM

Joseph M. · Dec 2, 2007

Ty, Prob. fixed

I was able to take care of it, everything shows up clean.
sorry about the post

Infected w/ Virtumonde??

Joseph M.

New member

Joseph M.

New member

Joseph M.

New member

Joseph M.

New member

Joseph M.

New member