[Resolved] tdss removal

primox1 · 20th May 2009

Hello, im new here and would like to thank everyone in advance. im using spyware terminator currently because it is the only one that works on my system. it recognizes that i have tdss.asz,tdss.atb, and tdss.ade. the problem i have is that it can't remove it. the program suggest to run in safe mode and i have the same problem. is there a different way to remove these.
this is my report.

Logfile of Spyware Terminator v2.5.6.316 (db:3.005.019.000)
Scan Time: 5/20/2009 12:33:13 AM length: 96 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 44945 (Critical:3)
Filter: No System items, No Safe items, No Invalid items

Running Processes
LBTServ.exe [Logitech, Inc.] : C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
aawservice.exe [Lavasoft] : C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
AppleMobileDeviceService.exe [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
AVGIDSWatcher.exe [AVG] : C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
YahooAUService.exe [Yahoo! Inc.] : C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
VTTimer.exe [S3 Graphics, Inc.] : C:\WINDOWS\system32\VTTimer.exe
MotiveSB.exe [Motive, Inc.] : C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
ycommon.exe [Yahoo!, Inc.] : C:\Program Files\Yahoo!\browser\ycommon.exe
SetPoint.exe [Logitech, Inc.] : C:\Program Files\Logitech\SetPoint\SetPoint.exe
iPodService.exe [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe
hptskmgr.exe [Hewlett-Packard Company] : C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
KHALMNPR.EXE [Logitech, Inc.] : C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60341
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = 127.0.0.1;localhost
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
02 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - [Yahoo! Inc] : C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

Toolbars
03 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

StartUps
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HPHUPD05 : [Hewlett-Packard] : C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, VTTimer : [S3 Graphics, Inc.] : C:\WINDOWS\system32\VTTimer.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Motive SmartBridge : [Motive, Inc.] : C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - Startup: %STARTUPALL%\Logitech SetPoint.lnk [Logitech, Inc.] : C:\Program Files\Logitech\SetPoint\SetPoint.exe

Shell Extensions
Microsoft Outlook - {00020D75-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office\MLSHEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\Office\OLKFSTUB.DLL
SampleView - {7F67036B-66F1-411A-AD85-759FB9C5B0DB} - [XSS] : C:\WINDOWS\system32\ShellvRTF.dll
Logitech Gallery - {B446400D-0030-457b-8F64-422A19605186} - [Logitech Inc.] : C:\Program Files\Logitech\ImageStudio\NameSpc.dll
IntelliType Pro Zooming Property Page - {97FA8AA2-EE77-4FF2-9449-424D8924EF21} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLZM.DLL
IntelliType Pro Scrolling Property Page - {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLWHL.DLL
IntelliType Pro Key Settings Property Page - {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLKEY.DLL
IntelliType Pro Wireless Control Panel Property Page - {A2569D1F-4E06-43EC-9825-0088B471BE47} - [Microsoft Corporation] : C:\Program Files\MICROSOFT INTELLITYPE PRO\ITCPLWIR.DLL
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : C:\Program Files\iTunes\iTunesMiniPlayer.dll
LogiExt Class - {B9B9F083-2B04-452A-8691-83694AC1037B} - [Logitech, Inc.] : C:\Program Files\Logitech\SetPoint\mcplext.dll
KbLogiExt Class - {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} - [Logitech, Inc.] : C:\Program Files\Logitech\SetPoint\kbcplext.dll

Protocol Handler
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb GA Pluggable Protocol - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
BackWeb Proactive Portal Pluggable Protocol - {f51d5d63-c82e-4b13-af3f-e79941c69a2f} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
CZipHandler Object - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - [Hewlett-Packard Company] : C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
BackWeb Proactive Portal Pluggable Protocol - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - [Logitech] : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Services
23 - [Lavasoft] : C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
23 - [Arcsoft, Inc.] : C:\WINDOWS\system32\drivers\Afc.sys
23 - [Agere Systems] : C:\WINDOWS\system32\DRIVERS\AGRSM.sys
23 - [Realtek Semiconductor Corp.] : C:\WINDOWS\system32\drivers\ALCXWDM.SYS
23 - [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [AVG Technologies] : C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys
23 - [AVG Technologies] : C:\WINDOWS\system32\Drivers\AVGIDSErHr.sys
23 - [AVG Technologies] : C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys
23 - [AVG Technologies] : C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys
23 - [AVG] : C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
23 - [Promise Technology, Inc.] : C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
23 - [VIA Technologies, Inc.] : C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23 - [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
23 - [Logitech, Inc.] : C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\srvkp.sys
23 - [Copyright (C) VIA/S3 Graphics Co, Ltd.] : C:\WINDOWS\system32\DRIVERS\vtmini.sys
23 - [Yahoo! Inc.] : C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Winlogon Notify
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [Intel Corporation] : C:\WINDOWS\system32\igfxsrvc.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTServ, DLLName : [Logitech, Inc.] : C:\Program Files\Common Files\Logitech\Bluetooth\lbtserv.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn, DLLName : [Logitech, Inc.] : C:\Program Files\Common Files\logitech\bluetooth\LBTWlgn.dll

Threat Files
<Backdoor.TDSS.asz> [Microsoft Corporation] : C:\WINDOWS\system32\TDSSnrsr.dll
<Backdoor.TDSS.atb> [Microsoft Corporation] : C:\WINDOWS\system32\TDSSriqp.dll
<Backdoor.TDSS.ade> [Microsoft Corporation] : C:\WINDOWS\system32\TDSSofxh.dll

Advanced Files Report
%COMMONFILES%\Logitech\Bluetooth\lbtserv.dll [Logitech, Inc.] [Logitech SetPoint] MD5=EF5DE15A1BD78E5DBF032373C526BAB7 SIZE=145936
%COMMONFILES%\logitech\bluetooth\LBTWlgn.dll [Logitech, Inc.] [Logitech SetPoint] MD5=E0467A631430E7F8B1ECD1D811D85015 SIZE=72208
%COMMONFILES%\Logitech\Bluetooth\LBTServ.exe [Logitech, Inc.] [Logitech SetPoint] MD5=47C12F1A54B5C1B51008D7629C1D4F7B SIZE=121360
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\aawservice.exe [Lavasoft] [Ad-Aware 2007 Service] MD5=0629361FAC4576BA48AB39F4903DCE9E SIZE=587096
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\CEAPI.dll [Lavasoft] [CEAPI Dynamic Link Library] MD5=759C45CA544A92DE4B88618894A15587 SIZE=738664
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\PKArchive85u.dll [PKWARE, Inc.] [PKWARE Archive API] MD5=46374252AFA0A37F4F7AF528F6F16B96 SIZE=907096
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\Update.dll [Update Dynamic Link Library] MD5=72CCE73551D24D7863369F3BFD6548C9 SIZE=525664
%PROGRAMFILES%\Logitech\SetPoint\lgscroll.dll [Logitech, Inc.] [Logitech SetPoint] MD5=2B0CB70F976AEDFEC925C0AC485634AB SIZE=45584
%PROGRAMFILES%\SBC Self Support Tool\SmartBridge\SBHook.dll [Motive Communications, Inc.] [Motive System] MD5=E83E2885CCE4786DC757BE7A1AD8473E SIZE=122880
%SYSDIR%\igfxpph.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=93E9FC1A26808CC29235DD75DCF8AACD SIZE=225280
%SYSDIR%\hccutils.DLL [Intel Corporation] [Intel(R) Common User Interface] MD5=11671F812E89402A3A46FC4152ADF824 SIZE=118784
%SYSDIR%\igfxres.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=81FC49B3DF8B39F68C490E8C063D45DC SIZE=155648
%SYSDIR%\igfxsrvc.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=3C29995B8199D4ACCEBF29B0C143E44F SIZE=339968
%SYSDIR%\igfxdev.dll [Intel Corporation] [Intel(R) Common User Interface] MD5=21F0A42DC7BB6380D2B013370DB55115 SIZE=143360
%SYSDIR%\E_FLBCCA.DLL [SEIKO EPSON CORPORATION] [EPSON Bi-directional Printer] MD5=A4EC6B9766E2A7FAA77283697BC5C307 SIZE=76800
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple Inc.] [Apple Mobile Device Service] MD5=B8E865D24F2753A35CC2A9A6A3CE1AD4 SIZE=116040
%PROGRAMFILES%\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [AVG] [AVG IDS] MD5=1895B71FD4BB7D51A34449BD13EFCED9 SIZE=563720
%PROGRAMFILES%\AVG\AVG8\IdentityProtection\agent\Bin\boost_thread-vc71-mt-1_32.dll MD5=E5322258C0859233BCAEC8E12FC2D05A SIZE=57344
%PROGRAMFILES%\AVG\AVG8\IdentityProtection\agent\Bin\boost_log-vc71-mt-1_32.dll MD5=4751DE5B5F266F700BA89ECDCA108AB0 SIZE=77824
%PROGRAMFILES%\Yahoo!\SoftwareUpdate\YahooAUService.exe [Yahoo! Inc.] [Yahoo! AutoUpdater] MD5=DD0042F0C3B606A6A8B92D49AFB18AD6 SIZE=602392
%SystemDiskRoot%\HP\KBD\led.dll [Hewlett-Packard Company] [Hewlett-Packard Company LED DLL] MD5=F68A3F0D63BE926ED65ED1C8C5B03A3D SIZE=49152
%SystemDiskRoot%\HP\KBD\USB.dll [Hewlett-Packard Company] [Hewlett-Packard Company USB DLL] MD5=6B43FBC9887F35D21E6F90A715DB7086 SIZE=77824
%SystemDiskRoot%\HP\KBD\ps2.dll [Hewlett-Packard Company] [Hewlett-Packard Company PS2 DLL] MD5=94F6FEC3F5C5532F264FFE05709DE767 SIZE=61440
%SystemDiskRoot%\HP\KBD\msg.dll [Hewlett-Packard Company] [Hewlett-Packard Company MSG DLL] MD5=BC973071B50CD7624D63628DFD9C8E1F SIZE=61440
%SystemDiskRoot%\HP\KBD\osd.dll [Hewlett-Packard Company] [Hewlett-Packard Company OSD DLL] MD5=104FE6327CC1FBEF0F120C0ECBEAB89C SIZE=118784
%SystemDiskRoot%\HP\KBD\sct.dll [Hewlett-Packard Company] [Hewlett-Packard Company ONL DLL] MD5=E22FDDC4068F231CAD3BFA0A4B7C2323 SIZE=81920
%SystemDiskRoot%\HP\KBD\onl.dll [Hewlett-Packard Company] [Hewlett-Packard Company ONL DLL] MD5=AB529AB0BFD476644A6DB2357C98D1D5 SIZE=61440
%SystemDiskRoot%\HP\KBD\aol.dll [Hewlett-Packard Company] [Hewlett-Packard Company AOL DLL] MD5=3C45D593036FF03305DDC13DA20AF1F4 SIZE=61440
%SystemDiskRoot%\HP\KBD\url.dll [Hewlett-Packard Company] [Hewlett-Packard Company URL DLL] MD5=5961DE96D270750FC6E087AA750CA710 SIZE=57344
%SystemDiskRoot%\HP\KBD\cfg.dll [Hewlett-Packard Company] [Hewlett-Packard Company CFG DLL] MD5=261E5E3602941656A1442B255C936B9E SIZE=94208
%SystemDiskRoot%\HP\KBD\MSIKBDIF.DLL [Hewlett-Packard Company] [Hewlett-Packard Company MSIKBDIF DLL] MD5=60DB5561F7B646FA217E9EA6561E6705 SIZE=69632
%SYSDIR%\VTTimer.exe [S3 Graphics, Inc.] [S3 Graphics, Inc. Utilities] MD5=09F1A97848BFAB3F36EB216681465B85 SIZE=53248
%PROGRAMFILES%\Yahoo!\browser\YBrwRes.dll [Yahoo!, Inc.] [Yahoo! YBrwRes] MD5=7D56C695A8E100F4BD5A556B84A14C82 SIZE=151552
%PROGRAMFILES%\Yahoo!\browser\YCommonPS.dll [YCommon Dynamic Link Library] MD5=121CC19AE7C7F1A2E32854AA42AD8574 SIZE=8704
%SYSDIR%\lvmaenum.dll [Logitech Inc.] [Logitech QuickCam] MD5=9B0D0EF8C7041A65769F12185EBF09D2 SIZE=229376
%PROGRAMFILES%\SBC Self Support Tool\SmartBridge\httpclient52.dll [Motive Communications, Inc.] [Motive System] MD5=910D46D3565D5DD5BCB48CD3C2F5F842 SIZE=159744
%PROGRAMFILES%\SBC Self Support Tool\SmartBridge\clientutil52.dll [Motive Communications, Inc.] [Motive System] MD5=BF4EC2F072A9BE248116B57AD5AF4CCF SIZE=282624
%PROGRAMFILES%\SBC Self Support Tool\SmartBridge\SBRes.dll [Motive, Inc.] [Motive System] MD5=A555CA44B3A4C2DEBCF5B58B50FDD307 SIZE=73728
%PROGRAMFILES%\SBC Self Support Tool\SmartBridge\alertfilter.dll [Motive Communications, Inc.] [Motive System] MD5=140EBD85AECAC7B3C0C2C3887CD6786B SIZE=217088
%PROGRAMFILES%\Yahoo!\browser\ycommon.exe [Yahoo!, Inc.] [YCommon Exe Module] MD5=1646F316309B7D559AEFC9429E808D35 SIZE=217088
%PROGRAMFILES%\Yahoo!\browser\ycommon.dll [Yahoo!, inc.] [Yahoo!, inc. YCommon] MD5=E8E45B561CD148027D7903BFC557DF0B SIZE=73104
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized .DLL [Apple Inc.] [iTunes] MD5=D5EDAED18929F66E16F59713822C8410 SIZE=43520
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\iTunesHelper.DLL [Apple Inc.] [iTunes] MD5=D723885BC459EEE7DB7A82CDED01C5CD SIZE=42496
%PROGRAMFILES%\Logitech\SetPoint\SetPoint.exe [Logitech, Inc.] [Logitech SetPoint] MD5=9A0DE67429BD3810F1373736D03C673F SIZE=809488
%SYSDIR%\KemUtil.dll [Logitech, Inc.] [Logitech SetPoint] MD5=112EA9F7AEB5401A0CBE73C0A3F3CC7F SIZE=145936
%PROGRAMFILES%\Logitech\SetPoint\SetPointCOM.dll [Logitech, Inc.] [Logitech SetPoint] MD5=1FB5102CEBBBC7AB6FE1A0BAC2C96823 SIZE=32272
%SYSDIR%\kemutb.dll [Logitech, Inc.] [Logitech SetPoint] MD5=3E3CC9C47237851743988C74573153FA SIZE=170512
%SYSDIR%\KemWnd.dll [Logitech, Inc.] [Logitech SetPoint] MD5=2E825EDC4BFB4E55ACAD499FEB7F7D4D SIZE=117264
%SYSDIR%\KemXML.dll [Logitech, Inc.] [Logitech SetPoint] MD5=1ABB622AF2D719DB38EF79727E5C8040 SIZE=84496
%PROGRAMFILES%\Logitech\SetPoint\Macros\MacroCore.dll [Logitech, Inc.] [Logitech SetPoint] MD5=60FB197366A09A606A098FF0FC70564B SIZE=1051152
%PROGRAMFILES%\Logitech\SetPoint\WebBrowserSupport.dll [Logitech, Inc.] [Logitech SetPoint] MD5=1190373392034AFA26BA6316454C7FEB SIZE=170512
%PROGRAMFILES%\Logitech\SetPoint\IMHook.dll [Logitech, Inc.] [Logitech SetPoint] MD5=E81A53D6AFD16637FB7785051AB9B391 SIZE=17424
%PROGRAMFILES%\Logitech\SetPoint\Macros\MacroAppSwitch.dll [Logitech, Inc.] [Logitech SetPoint] MD5=E0F2FD6E48536213D94F5E17F68C750D SIZE=145936
%COMMONFILES%\Logishrd\KHAL2\KhalApi.dll [Logitech, Inc.] [Logitech SetPoint] MD5=F40D58FD5B2CDB6F9FE5BEBC55522F6E SIZE=236048
%PROGRAMFILES%\Logitech\SetPoint\kgame.dll [Logitech, Inc.] [Logitech SetPoint] MD5=947DFEAC4A5AD7A881CCE5C430BE4AB1 SIZE=76304
%PROGRAMFILES%\Logitech\SetPoint\GameHook.dll [Logitech, Inc.] [Logitech SetPoint] MD5=955F4FB88D1169F3E8CDCBD756813D11 SIZE=64016
%COMMONFILES%\Logitech\bluetooth\lbtinte.dll [Logitech, Inc.] [Logitech SetPoint] MD5=04E0366A48F1A9F6346D05D01DD1E1A5 SIZE=88592
%PROGRAMFILES%\Logitech\SetPoint\LCabHandler.dll [Logitech, Inc.] [Logitech SetPoint] MD5=96602671FFAB4F5D5FF6F1134DC13000 SIZE=129552
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=D2E8EFB8AF35FCF5A7AF22F5A0CE1A82 SIZE=536872
%PROGRAMFILES%\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized .DLL [Apple Inc.] [iTunes] MD5=8FF5D8F1BB658CE8841902AAAAB5DE44 SIZE=43520
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPodService.DLL [Apple Inc.] [iTunes] MD5=2F5DF20959E1AB594C8649CF7846604A SIZE=42496
%PROGRAMFILES%\HP\hpcoretech\comp\hptskmgr.exe [Hewlett-Packard Company] [hp coretech (COmponent REuse TECHnology)] MD5=981A3E9F6DE5BF23CDF1520D6E34770D SIZE=135168
%PROGRAMFILES%\HP\hpcoretech\HPCmpMgr.dll [Hewlett-Packard Company] [hp coretech (COmponent REuse TECHnology)] MD5=87F897DB64AE5B834D63813417E0D8D3 SIZE=102400
%COMMONFILES%\Logishrd\KHAL2\KHALMNPR.EXE [Logitech, Inc.] [Logitech SetPoint] MD5=7A79FB28C82FCA77EF4A21EC69D1FABB SIZE=76304
%COMMONFILES%\Logishrd\KHAL2\KHALITCH.DLL [Logitech, Inc.] [Logitech SetPoint] MD5=0D80E4657C38990CEA057822D4BDB7BA SIZE=133648
%COMMONFILES%\Logishrd\KHAL2\KHALMW.DLL [Logitech, Inc.] [Logitech SetPoint] MD5=9561CAB8F28F7BA5B27C9D52D5EDFE1B SIZE=141840
%COMMONFILES%\Logishrd\KHAL2\KHALHPP.DLL [Logitech, Inc.] [Logitech SetPoint] MD5=C946E5C56AB2C3F673F62B56BD4DEAD9 SIZE=219664
%COMMONFILES%\Logishrd\KHAL2\KHALMOU.DLL [Logitech, Inc.] [Logitech SetPoint] MD5=95D7E6031387DCC4DB7046BBF5FA181B SIZE=141840
%COMMONFILES%\Logishrd\KHAL2\KHALHID.DLL [Logitech, Inc.] [Logitech SetPoint] MD5=9FEE0A8819E2FFA4B29D9D77C7F6E3F2 SIZE=141840
%COMMONFILES%\Logishrd\KHAL2\KHALUSB.DLL [Logitech, Inc.] [Logitech SetPoint] MD5=C31F9BD196F24AE633366687A1632DBA SIZE=125456
%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=5ADE87BAB92BF73E2FD63A7946D0F3A0 SIZE=911600
deskpan.dll
%PROGRAMFILES%\Microsoft Office\Office\MLSHEXT.DLL [Microsoft Corporation] [Microsoft Exchange] MD5=0C2306F8FD0F8F30B7EE5102B274D704 SIZE=32256
%PROGRAMFILES%\Microsoft Office\Office\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Outlook] MD5=3E406507005702D4D783A8F6DC18F21A SIZE=49202
%SYSDIR%\ShellvRTF.dll [XSS] [XSS ShellvRTF] MD5=8305E5132173A9E9CE591CAD4EB5C9B4 SIZE=122880
%PROGRAMFILES%\Logitech\ImageStudio\NameSpc.dll [Logitech Inc.] [Logitech ImageStudio] MD5=80C1AD5F52BBF7B3738755E265BBB699 SIZE=53248
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLZM.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=9BAA63DABB71CE38C91B4855CC2E6B77 SIZE=204800
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLWHL.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=2407FBDB9CB080E8B05928C7FB935C09 SIZE=229376
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLKEY.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=F7BE7817102BE20FF88E3346EBDD9158 SIZE=352256
%PROGRAMFILES%\MICROSOFT INTELLITYPE PRO\ITCPLWIR.DLL [Microsoft Corporation] [Microsoft IntelliType Pro] MD5=D8C2B64A3E2867B40BEF26218A06E6F7 SIZE=200704
%PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=55BE33BC1E556A2DDFBC27295CE65BC6 SIZE=132392
%PROGRAMFILES%\Logitech\SetPoint\mcplext.dll [Logitech, Inc.] [Logitech SetPoint] MD5=D7497BA671F80DB778335E0028AA1616 SIZE=109072
%PROGRAMFILES%\Logitech\SetPoint\kbcplext.dll [Logitech, Inc.] [Logitech SetPoint] MD5=654A5E81090B1AD07DD53C60B3994DF1 SIZE=109072
%SYSDIR%\drivers\Afc.sys [Arcsoft, Inc.] [Arcsoft(R) ASPI Shell] MD5=A7B8A3A79D35215D798A300DF49ED23F SIZE=11776
%SYSDIR%\DRIVERS\AGRSM.sys [Agere Systems] [Agere SoftModem Driver] MD5=029E01CB2938BEC5AF31BF47B6AF0159 SIZE=1066278
%SYSDIR%\drivers\ALCXWDM.SYS [Realtek Semiconductor Corp.] [Windows (R) WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)] MD5=8D6C30E515717248E0E52B85FD7AC466 SIZE=2279424
%SYSDIR%\svchost.exe -k netsvcs
%PROGRAMFILES%\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSD river.sys [AVG Technologies] [AVG IDS] MD5=ED3AFCBFBCA44AD5881456F16FD1B3E8 SIZE=121352
%SYSDIR%\Drivers\AVGIDSErHr.sys [AVG Technologies] [AVG IDS] MD5=93ADCD7B4BDE0B23F14E13462DA51D07 SIZE=25608
%PROGRAMFILES%\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSF ilter.sys [AVG Technologies] [AVG IDS] MD5=37A36BF92CB08C74A2B530DB1D170878 SIZE=30216
%PROGRAMFILES%\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSS him.sys [AVG Technologies] [AVG IDS] MD5=D848F8DA65E59C8D01044DACFC61A64B SIZE=27232
%SYSDIR%\svchost.exe -k bthsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\fasttx2k.sys [Promise Technology, Inc.] [Promise FastTrak Series Driver] MD5=1E580770BDECE924494B368AC980749E SIZE=142336
%SYSDIR%\DRIVERS\fetnd5bv.sys [VIA Technologies, Inc.] [VIA Rhine Family Fast Ethernet Adapter] MD5=338D7CFCF5E2F76EEE845DBF4504F4C3 SIZE=43008
%SYSDIR%\DRIVERS\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=AB8A6A87D9D7255C3884D5B9541A6E80 SIZE=15464
%SYSDIR%\DRIVERS\L8042Kbd.sys [Logitech, Inc.] [Logitech SetPoint] MD5=D8D3F1C1E82117A3776A2D320A7B3694 SIZE=20240
%SYSDIR%\DRIVERS\LHidFilt.Sys [Logitech, Inc.] [Logitech SetPoint(TM)] MD5=8B30311241F97B35167AFE68D79E8530 SIZE=35472
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\LMouFilt.Sys [Logitech, Inc.] [Logitech SetPoint(TM)] MD5=48D7422A6C4EEC886B56AC534CFA3ACF SIZE=37392
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\SISAGPX.sys [Silicon Integrated Systems Corporation] [SiS AGPv3.5 Filter for Windows XP] MD5=61CA562DEF09A782D26B3E7EDEC5369A SIZE=36992
%SYSDIR%\DRIVERS\srvkp.sys [Silicon Integrated Systems Corporation] [SiS (R) WindowsXP Display Manager] MD5=837D26F79A1647066D75C5C811887475 SIZE=11520
%SYSDIR%\DRIVERS\vtmini.sys [Copyright (C) VIA/S3 Graphics Co, Ltd.] [UniChrome(Pro) IGP Driver] MD5=949F86F5A8E493574BBB830C3D18E4A9 SIZE=172544
%PROGRAMFILES%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll [Logitech] [RunnerDLL Module] MD5=4E854D45FE7E1BE8211F2813D0763FF2 SIZE=40999
%PROGRAMFILES%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [Logitech] [RunnerDLL Module] MD5=4E854D45FE7E1BE8211F2813D0763FF2 SIZE=40999
%PROGRAMFILES%\HP\hpcoretech\comp\hpuiprot.dll [Hewlett-Packard Company] [hp coretech (COmponent REuse TECHnology)] MD5=25709AEA0B57A61E67C35DDD7994C9ED SIZE=81920

End of Report

Remove Process:

Preparing structures
Creating System Restore Point
Remove Backdoor.TDSS.asz
Deleted File: C:\WINDOWS\system32\TDSSnrsr.dll
Deleted File: C:\WINDOWS\system32\TDSSnrsr.dll
File Deletion Failed: C:\WINDOWS\system32\TDSSnrsr.dll
Remove Backdoor.TDSS.atb
Deleted File: C:\WINDOWS\system32\TDSSriqp.dll
Deleted File: C:\WINDOWS\system32\TDSSriqp.dll
File Deletion Failed: C:\WINDOWS\system32\TDSSriqp.dll
Remove Backdoor.TDSS.ade
File Deletion Failed (Failed) : C:\WINDOWS\system32\TDSSofxh.dll
File set for deletion after restart: C:\WINDOWS\system32\TDSSofxh.dll
File Deletion Failed: C:\WINDOWS\system32\TDSSofxh.dll
Closing System Restore Point
Done

**Juliet** · 20th May 2009

Hi and welcome

We may hit a few obstacles but we'll give it a go.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

Download worksnow from HERE:

* IMPORTANT !!! Save worksnow to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Quote:

AVG 8
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

Click on Tools.
Select Advanced Settings.
In the left hand pane, scroll down to "Resident Shield".
In the main pane, deselect the option to "Enable Resident Shield."
To re-enable AVG 8, please select "Enable Resident Shield" again.

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

Double click on worksnow & follow the prompts.

Note: worksnow will run without the Recovery Console installed.
As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v7...d7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v7...7/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download DDS and save it to your desktop.

Disable any script blocking protection
Double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.

Please include the contents of both logs in your next reply. The scan will instruct you to post the attach log as an attachment.
No need for that though ..... just post it as you would any other log.

You may need several replies to post the requested logs, otherwise they might get cut off.

**Juliet** · 20th May 2009

bump....to display reply.

primox1 · 21st May 2009

ok here is my new report. will wait for further instructions
thanks

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/8/2008 10:40:25 PM
System Uptime: 5/20/2009 8:10:15 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Kelut
Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2083/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 45.386 GiB free.
D: is FIXED (FAT32) - 5 GiB total, 0.717 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\7D6ECBE01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\7D6ECBE01800
Service: NIC1394

==== System Restore Points ===================

RP53: 1/26/2009 9:34:41 PM - System Checkpoint
RP54: 2/23/2009 10:13:19 PM - Software Distribution Service 3.0
RP55: 3/3/2009 10:01:32 PM - Removed AVG Free 8.0
RP56: 5/17/2009 11:12:09 PM - Installed AVG Free 8.0

==== Installed Programs ======================

Ad-Aware
Ad-aware 6 Personal
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Photoshop CS2
Adobe Reader 8.1.1
Adobe Stock Photos 1.0
Agere Systems PCI Soft Modem
AiO_Scan
AIOMinimal
AiOSoftware
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ArcSoft PhotoImpression 6
ArcSoft Print Creations
CameraDrivers
CCleaner (remove only)
CDDRV_Installer
CiD Help
Crawler Toolbar with Web Security Guard
EPSON C120 User's Guide
EPSON Printer Software
Fax
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HpSdpAppCoreApp
InterVideo WinDVD 4
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 13
Java(TM) 6 Update 7
KBD
KhalInstallWrapper
Logitech SetPoint
Logitech® Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft IntelliType Pro 5.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MUSICMATCH® Jukebox
Nikon Transfer
Overland
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
PS2
PSShortcutsP
Python 2.2 combined Win32 extensions
Python 2.2.1
Readme
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
SBC Yahoo! Anti-Spy
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Spyware Terminator
Tetris Worlds
Toolkit View(HP)
Ultimate Mahjon
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Driver Package - (mr7910) Image 08/08/2006 1.4.0.0
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/20/2009 8:35:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 1BBEFF78430821F6F7739C0B794E169B service to connect.
5/20/2009 8:35:21 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 7630FAE65FC41AE89B3521B761EB63E9 service to connect.
5/20/2009 8:32:29 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 24D7AE89CF0088260F8D07E2B0458A38 service to connect.
5/20/2009 8:20:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 56D5FF8DD1ADC592611A0D767BC0C24F service to connect.
5/20/2009 8:20:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the EDD7A27CEA25709E2E411C991539A02D service to connect.
5/20/2009 8:12:35 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the A3893168544C9100738960E47AA23440 service to connect.
5/20/2009 8:08:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CA226F453AF4CF55F2913C15FEBB85E8 service to connect.
5/20/2009 8:00:00 PM, error: Schedule [7901] - The At69.job command failed to start due to the following error: %%2147942402
5/20/2009 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
5/20/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/20/2009 7:58:36 PM, error: Service Control Manager [7034] - The Ad-Aware 2007 Service service terminated unexpectedly. It has done this 1 time(s).
5/20/2009 12:43:00 AM, error: Schedule [7901] - The At49.job command failed to start due to the following error: %%2147942402
5/20/2009 12:31:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/20/2009 12:28:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
5/20/2009 12:27:38 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/20/2009 1:06:42 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/20/2009 1:06:21 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
5/20/2009 1:06:15 AM, error: Service Control Manager [7034] - The AVGIDSWatcher service terminated unexpectedly. It has done this 1 time(s).
5/20/2009 1:06:10 AM, error: Service Control Manager [7034] - The Spyware Terminator Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s).
5/20/2009 1:06:07 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
5/20/2009 1:05:50 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/20/2009 1:00:00 AM, error: Schedule [7901] - The At50.job command failed to start due to the following error: %%2147942402
5/20/2009 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
5/20/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
5/19/2009 9:00:00 PM, error: Schedule [7901] - The At70.job command failed to start due to the following error: %%2147942402
5/19/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
5/19/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/19/2009 8:05:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/19/2009 8:05:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/19/2009 8:04:49 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 avgio avipbb Beep Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip WS2IFSL
5/19/2009 8:04:49 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2009 8:04:49 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2009 8:04:49 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2009 8:04:49 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2009 8:04:49 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/19/2009 10:57:36 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/18/2009 11:00:00 PM, error: Schedule [7901] - The At72.job command failed to start due to the following error: %%2147942402
5/18/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
5/18/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
5/18/2009 10:20:00 PM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/18/2009 10:19:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
5/18/2009 10:19:48 PM, error: Service Control Manager [7023] - The Human Interface Device Access service terminated with the following error: The specified module could not be found.
5/18/2009 10:00:02 PM, error: Schedule [7901] - The At71.job command failed to start due to the following error: %%2147942402
5/18/2009 10:00:02 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
5/18/2009 10:00:02 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 20:52:10.78 on Wed 05/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.78 [GMT -7:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
TB: {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No File
TB: {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - No File
TB: {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHUPD05] c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [YBrowser] c:\program files\yahoo!\browser\ybrwicon.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212994192812
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yvwrctl.cab
TCP: {83998832-8C64-4EFB-9D19-570F38C35BFB} = 69.50.166.94,69.31.80.244
TCP: {D477902B-9B27-4710-A845-919857A71B51} = 69.50.166.94,69.31.80.244
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: igfxcui - igfxsrvc.dll
Notify: LBTServ - c:\program files\common files\logitech\bluetooth\lbtserv.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\nxwxekv4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-2-26 25608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-24 64160]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-10-5 11840]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-2-26 563720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-2-26 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-2-26 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-2-26 27232]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2008-10-5 68865]
S2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-10-5 149761]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-2-26 5576712]
S3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-10-5 52032]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [2004-9-21 245760]
S3 StreamSurge;StreamSurge Driver;c:\windows\system32\drivers\ss.sys --> c:\windows\system32\drivers\ss.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-16 24652]

=============== Created Last 30 ================

2009-05-20 20:07 161,792 a------- c:\windows\SWREG.exe
2009-05-20 20:07 130,048 a------- c:\windows\PEV.exe
2009-05-20 20:07 98,816 a------- c:\windows\sed.exe
2009-05-20 01:04 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 01:04 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 00:28 <DIR> --d----- c:\program files\Trend Micro
2009-05-19 22:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-18 21:52 <DIR> --d----- c:\program files\Crawler
2009-05-18 21:52 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-18 21:52 <DIR> --d----- c:\docume~1\owner\applic~1\Spyware Terminator
2009-05-18 21:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2009-05-18 21:52 <DIR> --d----- c:\program files\Spyware Terminator
2009-05-18 01:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-18 01:33 <DIR> --d----- c:\program files\CCleaner
2009-05-17 23:54 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-05-17 23:47 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-05-17 23:43 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-05-17 23:39 <DIR> --d----- c:\windows\ie8updates
2009-05-17 23:36 <DIR> -cd-h--- c:\windows\ie8
2009-05-17 23:34 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-02 00:15 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-04-26 15:52 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-04-26 15:52 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-04-26 15:52 28,160 a------- c:\windows\system32\irmon.dll
2009-04-26 15:52 8,192 a------- c:\windows\system32\wshirda.dll
2009-04-26 15:52 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-04-26 15:52 151,552 a------- c:\windows\system32\irftp.exe
2009-04-26 15:45 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-26 15:45 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-26 15:43 53,248 a------- c:\windows\system32\LBTCoIns.DLL
2009-04-26 15:43 170,512 a------- c:\windows\system32\kemutb.dll
2009-04-26 15:43 145,936 a------- c:\windows\system32\KemUtil.dll
2009-04-26 15:43 117,264 a------- c:\windows\system32\KemWnd.dll
2009-04-26 15:43 84,496 a------- c:\windows\system32\KemXML.dll

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2008-10-31 18:04 17,695 ac------ c:\program files\common files\ydobiwevys.sys
2008-10-31 18:04 14,952 ac------ c:\program files\common files\veficefe._sy
2008-10-31 18:04 14,923 ac------ c:\program files\common files\inudif.sys
2008-10-30 23:14 17,984 ac------ c:\program files\common files\lyraxugyw.com
2008-10-30 23:14 16,439 ac------ c:\program files\common files\qune._sy
2008-10-30 23:14 16,141 ac------ c:\docume~1\alluse~1\applic~1\ojuxigel.pif
2008-10-30 23:14 10,123 ac------ c:\docume~1\alluse~1\applic~1\vuqahica.vbs
2008-10-30 22:54 14,969 ac------ c:\program files\common files\taki._dl
2008-10-30 22:54 10,002 ac------ c:\docume~1\alluse~1\applic~1\ocisuwete.dll
2008-10-30 22:54 16,325 a------- c:\docume~1\owner\applic~1\buliv.bat
2008-10-30 22:54 15,858 a------- c:\docume~1\owner\applic~1\elaluh.vbs
2008-10-30 22:54 10,061 a------- c:\docume~1\owner\applic~1\ozaqutugoz.bin
2008-06-05 22:51 0 -c--h--- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2006-08-14 16:28 2,233 ac------ c:\documents and settings\all users\Mahjong.dat
2008-10-06 00:01 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920081006\index.dat
2008-10-06 23:33 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100620081007\index.dat
2008-10-07 00:59 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100720081008\index.dat
2008-10-09 17:00 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100920081010\index.dat
2008-10-11 23:51 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101120081012\index.dat
2008-10-12 22:44 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101220081013\index.dat
2008-10-13 02:30 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101320081014\index.dat
2008-10-15 16:02 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101520081016\index.dat
2009-02-16 22:36 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021620090217\index.dat

============= FINISH: 20:53:11.67 ===============

**Juliet** · 21st May 2009

Welcome back

Go to your Add/Remove programs list found in the control panel.

A few things need to be uninstalled/removed.

CiD Help
Crawler Toolbar with Web Security Guard
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 7
Viewpoint Manager (Remove Only)

You'll need to reboot the computer to complete the removals.

NEXT**
Download Combofix from any of the links below.

Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Quote:

AVG 8
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

Click on Tools.
Select Advanced.
In the left hand pane, scroll down to "Resident Shield".
In the main pane, deselect the option to "Enable Resident Shield."
To re-enable AVG 8, please select "Enable Resident Shield" again.

AVIRA ANTIVIR
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: http://i94.photobucket.com/albums/l8...er/antivir.png )

right click it-> untick the option AntiVir Guard enable.
You should now see a closed, white umbrella on a red background (looks to this: http://i94.photobucket.com/albums/l8...r_disabled.png )

(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html

Please leave the flash drive plugged in while completing the following.

Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

** Please Note:
At times ComboFix may appear to stall, please be patient.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

primox1 · 22nd May 2009

new data.
thank you!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:31 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212994192812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83998832-8C64-4EFB-9D19-570F38C35BFB}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D477902B-9B27-4710-A845-919857A71B51}: NameServer = 69.50.166.94,69.31.80.244
O18 - Protocol: bw+0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: offline-8876480 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 21027 bytes

ComboFix 09-05-21.01 - Owner 05/21/2009 20:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.98 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
.

((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-20 08:04 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 08:04 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 07:28 . 2009-05-20 07:28 -------- d-----w c:\program files\Trend Micro
2009-05-20 05:58 . 2009-05-20 05:58 152576 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-20 03:05 . 2009-05-20 03:05 -------- d-sh--w c:\documents and settings\Administrator.CHINGON\IETldCache
2009-05-20 03:05 . 2009-05-20 03:05 -------- d-----w c:\documents and settings\Administrator.CHINGON\Application Data\Spyware Terminator
2009-05-19 04:52 . 2009-05-19 04:52 6144 ----a-w c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-05-19 04:52 . 2009-05-19 04:52 5632 ----a-w c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-05-19 04:52 . 2009-05-19 04:52 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-19 04:52 . 2009-05-21 06:37 -------- d-----w c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-05-19 04:52 . 2009-05-21 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-05-19 04:52 . 2009-05-21 06:40 -------- d-----w c:\program files\Spyware Terminator
2009-05-18 08:49 . 2009-05-19 04:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-18 08:33 . 2009-05-18 08:34 -------- d-----w c:\program files\CCleaner
2009-05-18 06:54 . 2009-05-18 06:54 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-05-18 06:47 . 2009-05-18 06:47 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-05-18 06:45 . 2009-05-18 06:45 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-18 06:43 . 2009-05-18 06:43 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-05-18 06:39 . 2009-05-18 06:39 -------- d-----w c:\windows\ie8updates
2009-05-18 06:38 . 2009-05-18 06:47 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-18 06:36 . 2009-05-18 06:37 -------- dc-h--w c:\windows\ie8
2009-05-18 06:34 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-26 22:52 . 2008-04-13 23:12 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-26 22:52 . 2008-04-13 23:12 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-26 22:52 . 2008-04-13 23:11 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-04-26 22:52 . 2008-04-13 23:11 28160 ----a-w c:\windows\system32\irmon.dll
2009-04-26 22:52 . 2008-04-13 23:12 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-04-26 22:52 . 2008-04-13 23:12 151552 ----a-w c:\windows\system32\irftp.exe
2009-04-26 22:51 . 2009-04-26 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-26 22:43 . 2007-12-14 22:13 53248 ----a-w c:\windows\system32\LBTCoIns.DLL
2009-04-26 22:43 . 2009-02-19 07:27 84496 ----a-w c:\windows\system32\KemXML.dll
2009-04-26 22:43 . 2009-02-19 07:27 117264 ----a-w c:\windows\system32\KemWnd.dll
2009-04-26 22:43 . 2009-02-19 07:27 145936 ----a-w c:\windows\system32\KemUtil.dll
2009-04-26 22:43 . 2009-02-19 07:27 170512 ----a-w c:\windows\system32\kemutb.dll
2009-04-26 22:43 . 2009-04-26 22:43 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-26 22:43 . 2009-04-26 22:44 -------- d-----w c:\program files\Common Files\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 03:00 . 2004-10-05 05:12 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-22 03:00 . 2004-10-05 05:12 -------- d-----w c:\program files\Viewpoint
2009-05-22 03:00 . 2004-04-01 07:28 -------- d-----w c:\program files\Java
2009-05-20 08:04 . 2008-10-15 20:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 06:23 . 2009-05-20 05:58 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-20 05:59 . 2009-05-20 05:59 57344 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-6dbdb846-n\Decora-SSE.dll
2009-05-20 05:59 . 2009-05-20 05:59 315392 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-60dc6dac-n\jogl.dll
2009-05-20 05:59 . 2009-05-20 05:59 24064 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-615ecbb4-n\Decora-D3D.dll
2009-05-20 05:59 . 2009-05-20 05:59 20480 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-60dc6dac-n\jogl_awt.dll
2009-05-20 05:59 . 2009-05-20 05:59 114688 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-60dc6dac-n\jogl_cg.dll
2009-05-20 05:59 . 2009-05-20 05:59 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-63f31765-n\msvcp71.dll
2009-05-20 05:59 . 2009-05-20 05:59 499712 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-63f31765-n\jmc.dll
2009-05-20 05:59 . 2009-05-20 05:59 348160 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-63f31765-n\msvcr71.dll
2009-05-20 05:59 . 2009-05-20 05:59 20480 ----a-w c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-5ccde719-n\gluegen-rt.dll
2009-05-18 08:47 . 2004-09-07 04:30 -------- d-----w c:\program files\Logitech
2009-05-18 08:46 . 2009-03-04 05:38 -------- d-----w c:\program files\rr
2009-05-18 08:32 . 2009-03-25 06:46 -------- dc-h--w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-18 06:38 . 2004-07-26 07:02 -------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
2009-05-18 06:38 . 2004-07-21 06:58 -------- d-----w c:\program files\Yahoo!
2009-05-18 06:14 . 2004-07-21 06:56 -------- d-----w c:\program files\Common Files\Adobe
2009-05-02 07:15 . 2009-05-02 07:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-04-26 22:45 . 2009-04-26 22:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-26 22:45 . 2009-04-26 22:45 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-26 22:43 . 2004-04-01 08:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 21:33 . 2009-04-12 19:28 -------- d-----w c:\program files\RitzPix E-Z Print & Share
2009-03-25 06:46 . 2009-03-04 08:00 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-25 06:46 . 2004-08-02 06:01 -------- d-----w c:\program files\Lavasoft
2009-03-23 06:58 . 2009-03-23 06:54 -------- d-----w c:\documents and settings\All Users\Application Data\DriverCure
2009-03-23 06:54 . 2009-03-23 06:54 -------- d-----w c:\documents and settings\Owner\Application Data\DriverCure
2009-03-23 06:54 . 2009-03-23 06:54 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-03-08 11:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-26 20:46 . 2009-02-26 20:46 74760 -c--a-w c:\windows\system32\drivers\UniversalDD.sys
2009-02-26 20:46 . 2009-02-26 20:46 25608 -c--a-w c:\windows\system32\drivers\AVGIDSErHr.sys
2008-11-01 01:04 . 2008-11-01 01:04 17695 -c--a-w c:\program files\Common Files\ydobiwevys.sys
2008-11-01 01:04 . 2008-11-01 01:04 14952 -c--a-w c:\program files\Common Files\veficefe._sy
2008-11-01 01:04 . 2008-11-01 01:04 14923 -c--a-w c:\program files\Common Files\inudif.sys
2008-10-31 06:14 . 2008-10-31 06:14 17984 -c--a-w c:\program files\Common Files\lyraxugyw.com
2008-10-31 06:14 . 2008-10-31 06:14 16439 -c--a-w c:\program files\Common Files\qune._sy
2008-10-31 05:54 . 2008-10-31 05:54 14969 -c--a-w c:\program files\Common Files\taki._dl
.

((((((((((((((((((((((((((((( SnapShot@2009-05-21_03.20.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-22 03:08 . 2009-05-22 03:08 16384 c:\windows\Temp\Perflib_Perfdata_104.dat
+ 2009-05-21 06:34 . 2009-05-21 06:32 64160 c:\windows\system32\DRVSTORE\lbd_4C6E0193F967021F4DECA024CA3950BECD8BF864\L bd.sys
- 2009-03-25 06:47 . 2009-01-18 21:30 64160 c:\windows\system32\drivers\Lbd.sys
+ 2009-03-25 06:47 . 2009-05-21 06:32 64160 c:\windows\system32\drivers\Lbd.sys
+ 2004-04-01 06:01 . 2009-05-21 06:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-04-01 06:01 . 2009-05-21 02:54 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-04-01 06:01 . 2009-05-21 02:54 376832 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-04-01 06:01 . 2009-05-21 06:31 376832 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-04-01 06:01 . 2009-05-21 06:31 114688 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-04-01 06:01 . 2009-05-21 02:54 114688 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-21 516440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-26 809488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
2009-02-19 07:30 145936 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTServ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
"Debugger"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
"Debugger"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.s ys]
@="beep"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 1:46 PM 25608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/24/2009 11:47 PM 64160]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 1:46 PM 563720]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 1:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 1:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 1:46 PM 27232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 1:46 PM 5576712]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 953168]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [9/21/2004 11:19 PM 245760]
S3 StreamSurge;StreamSurge Driver;c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 06:32]

2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {83998832-8C64-4EFB-9D19-570F38C35BFB} = 69.50.166.94,69.31.80.244
TCP: {D477902B-9B27-4710-A845-919857A71B51} = 69.50.166.94,69.31.80.244
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nxwxekv4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-21 20:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-256445784-443732379-233217427-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Common Files\Logitech\Bluetooth\lbtserv.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

- - - - - - - > 'lsass.exe'(736)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3296)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-22 20:19
ComboFix-quarantined-files.txt 2009-05-22 03:19
ComboFix2.txt 2009-05-21 03:38
ComboFix3.txt 2009-05-21 03:23

Pre-Run: 48,665,722,880 bytes free
Post-Run: 48,672,464,896 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=,1,2,3,4
250 --- E O F --- 2009-05-15 03:08

**Juliet** · 22nd May 2009

Welcome back

Since you have already run ComboFix I will need to see the first files it created.

C:\qoobox\ComboFix3
ComboFix-quarantined-files.txt

Please post these in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I see you have the crawler toolbar installed. I recommend you uninstall it since it's not recommended.

See here: http://vil.mcafeesecurity.com/vil/content/v_137764.htm
So, you cannot call Spyware Terminator trustworthy. Spyware Terminator has unfortunately the reputation of flagging a lot of false positives.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

I've located a few suspicious files on your computer.
We need verification if they are malicious.

Go to My Computer->Tools->Folder Options->View tab:

Under the Hidden files and folders heading:
Select - Show hidden files and folders.
Uncheck- Hide protected operating system files (recommended) option.
Also, make sure there is no checkmark beside Hide file extensions for known file types.
Click OK. (Remember to Hide files and folders once done)

Please go to: VirusTotal

http://i204.photobucket.com/albums/b...total2-SWI.png
Click the Browse button and search for the following file: c:\program files\Common Files\ydobiwevys.sys
Click Open
Then click Send File
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Next please have the below additional files scanned

c:\program files\Common Files\veficefe._sy
c:\program files\Common Files\inudif.sys
c:\program files\Common Files\lyraxugyw.com
c:\program files\Common Files\qune._sy
c:\program files\Common Files\taki._dl

Please take your time and do them all.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================

NEXT**
I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition
files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run. (At times it may appear to stall)
* Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
* Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
* Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/j...g/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419

In your next reply post:
C:\qoobox\ComboFix3
Information on files requested scanned
Kaspersky log
New HJT log taken after the above scans have run

You may need several replies to post the requested logs, otherwise they might get cut off.

primox1 · 23rd May 2009

new report. i also removed spyware term.
thanks.
have a safe weekend!!

ComboFix 09-05-20.A0 - Owner 05/20/2009 20:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.176 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\rr.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\program files\outlook
c:\program files\winupdates
c:\windows\patch.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\bb1.dat
c:\windows\system32\cmds.txt
c:\windows\system32\cs.dat
c:\windows\system32\dl.txt
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\tb.dr
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSfxwp.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnrsr.dll
c:\windows\system32\TDSSofxh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSrhym.log
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSsbhc.dll
c:\windows\system32\TDSStkdv.log
c:\windows\WinIni.exe
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-20 08:04 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-20 08:04 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 07:28 . 2009-05-20 07:28 -------- d-----w c:\program files\Trend Micro
2009-05-20 05:58 . 2009-05-20 06:23 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-20 03:05 . 2009-05-20 03:05 -------- d-sh--w c:\documents and settings\Administrator.CHINGON\IETldCache
2009-05-20 03:05 . 2009-05-20 03:05 -------- d-----w c:\documents and settings\Administrator.CHINGON\Application Data\Spyware Terminator
2009-05-19 04:52 . 2009-05-19 04:52 -------- d-----w c:\program files\Crawler
2009-05-19 04:52 . 2009-05-19 04:52 142592 ----a-w c:\windows\system32\drivers\sp_rsdrv2.sys
2009-05-19 04:52 . 2009-05-20 07:32 -------- d-----w c:\documents and settings\Owner\Application Data\Spyware Terminator
2009-05-19 04:52 . 2009-05-20 07:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-05-19 04:52 . 2009-05-20 07:34 -------- d-----w c:\program files\Spyware Terminator
2009-05-18 08:49 . 2009-05-19 04:26 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-18 08:33 . 2009-05-18 08:34 -------- d-----w c:\program files\CCleaner
2009-05-18 06:54 . 2009-05-18 06:54 -------- d-sh--w c:\documents and settings\Owner\IECompatCache
2009-05-18 06:47 . 2009-05-18 06:47 -------- d-sh--w c:\documents and settings\Owner\PrivacIE
2009-05-18 06:45 . 2009-05-18 06:45 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-05-18 06:43 . 2009-05-18 06:43 -------- d-sh--w c:\documents and settings\Owner\IETldCache
2009-05-18 06:39 . 2009-05-18 06:39 -------- d-----w c:\windows\ie8updates
2009-05-18 06:38 . 2009-05-18 06:47 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-05-18 06:36 . 2009-05-18 06:37 -------- dc-h--w c:\windows\ie8
2009-05-18 06:34 . 2009-04-25 05:30 102400 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-04-26 22:52 . 2008-04-13 23:11 28160 ----a-w c:\windows\system32\irmon.dll
2009-04-26 22:52 . 2008-04-13 23:12 8192 ----a-w c:\windows\system32\wshirda.dll
2009-04-26 22:52 . 2008-04-13 23:11 28160 -c--a-w c:\windows\system32\dllcache\irmon.dll
2009-04-26 22:52 . 2008-04-13 23:12 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll
2009-04-26 22:52 . 2008-04-13 23:12 151552 ----a-w c:\windows\system32\irftp.exe
2009-04-26 22:52 . 2008-04-13 23:12 151552 -c--a-w c:\windows\system32\dllcache\irftp.exe
2009-04-26 22:51 . 2009-04-26 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-26 22:43 . 2007-12-14 22:13 53248 ----a-w c:\windows\system32\LBTCoIns.DLL
2009-04-26 22:43 . 2009-02-19 07:27 170512 ----a-w c:\windows\system32\kemutb.dll
2009-04-26 22:43 . 2009-02-19 07:27 84496 ----a-w c:\windows\system32\KemXML.dll
2009-04-26 22:43 . 2009-02-19 07:27 145936 ----a-w c:\windows\system32\KemUtil.dll
2009-04-26 22:43 . 2009-02-19 07:27 117264 ----a-w c:\windows\system32\KemWnd.dll
2009-04-26 22:43 . 2009-04-26 22:43 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-26 22:43 . 2009-04-26 22:44 -------- d-----w c:\program files\Common Files\Logishrd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 08:04 . 2008-10-15 20:53 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-20 06:23 . 2004-04-01 07:28 -------- d-----w c:\program files\Java
2009-05-18 08:47 . 2004-09-07 04:30 -------- d-----w c:\program files\Logitech
2009-05-18 08:46 . 2009-03-04 05:38 -------- d-----w c:\program files\rr
2009-05-18 06:38 . 2004-07-21 06:58 -------- d-----w c:\program files\Yahoo!
2009-05-18 06:14 . 2004-07-21 06:56 -------- d-----w c:\program files\Common Files\Adobe
2009-05-02 07:15 . 2009-05-02 07:15 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-04-26 22:45 . 2009-04-26 22:45 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-04-26 22:45 . 2009-04-26 22:45 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-26 22:43 . 2004-04-01 08:47 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-26 21:33 . 2009-04-12 19:28 -------- d-----w c:\program files\RitzPix E-Z Print & Share
2009-03-25 06:46 . 2004-08-02 06:01 -------- d-----w c:\program files\Lavasoft
2009-03-22 04:44 . 2004-04-02 23:04 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-22 04:44 . 2007-01-16 22:08 -------- d-----w c:\program files\Symantec
2009-03-08 11:34 . 2006-02-28 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2006-02-28 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2006-02-28 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2006-02-28 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2006-02-28 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2006-02-28 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2006-02-28 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2006-02-28 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2006-02-28 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2006-02-28 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-26 20:46 . 2009-02-26 20:46 74760 -c--a-w c:\windows\system32\drivers\UniversalDD.sys
2009-02-26 20:46 . 2009-02-26 20:46 25608 -c--a-w c:\windows\system32\drivers\AVGIDSErHr.sys
2008-11-01 01:04 . 2008-11-01 01:04 17695 -c--a-w c:\program files\Common Files\ydobiwevys.sys
2008-11-01 01:04 . 2008-11-01 01:04 14952 -c--a-w c:\program files\Common Files\veficefe._sy
2008-11-01 01:04 . 2008-11-01 01:04 14923 -c--a-w c:\program files\Common Files\inudif.sys
2008-10-31 06:14 . 2008-10-31 06:14 17984 -c--a-w c:\program files\Common Files\lyraxugyw.com
2008-10-31 06:14 . 2008-10-31 06:14 16439 -c--a-w c:\program files\Common Files\qune._sy
2008-10-31 05:54 . 2008-10-31 05:54 14969 -c--a-w c:\program files\Common Files\taki._dl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"YBrowser"="c:\program files\Yahoo!\browser\ybrwicon.exe" [2003-07-11 57344]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 53248]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2005-03-04 88209]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-13 110592]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-26 809488]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTServ]
2009-02-19 07:30 145936 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTServ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 07:30 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\install.exe]
"Debugger"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\setup.exe]
"Debugger"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.s ys]
@="beep"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 1:46 PM 25608]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/24/2009 11:47 PM 64160]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 1:46 PM 563720]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 921936]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 1:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 1:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 1:46 PM 27232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 1:46 PM 5576712]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32\drivers\CamDrL20.sys [9/21/2004 11:19 PM 245760]
S3 StreamSurge;StreamSurge Driver;c:\windows\system32\DRIVERS\ss.sys --> c:\windows\system32\DRIVERS\ss.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/16/2007 8:52 PM 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-05-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Crawler Search - tbr:iemenu
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {83998832-8C64-4EFB-9D19-570F38C35BFB} = 69.50.166.94,69.31.80.244
TCP: {D477902B-9B27-4710-A845-919857A71B51} = 69.50.166.94,69.31.80.244
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nxwxekv4.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60341&qkw=
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 20:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-256445784-443732379-233217427-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\program files\Common Files\Logitech\Bluetooth\lbtserv.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll

- - - - - - - > 'lsass.exe'(740)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2009-05-21 20:23
ComboFix-quarantined-files.txt 2009-05-21 03:22

Pre-Run: 48,367,194,112 bytes free
Post-Run: 48,721,797,120 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=2 Sets=,1,2,3,4
249 --- E O F --- 2009-05-15 03:08

File ydobiwevys.sys received on 2009.05.23 03:34:30 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.22 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.22 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.22 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -
Additional information
File size: 17695 bytes
MD5...: ed72217bcc1eebbb8f6c1d59594ad2bf
SHA1..: 7a9f94eceb8d987113907fdad8e6ed741c7d2f70
SHA256: 0c040cbc9f07e91de94993a316fb471ce37ee4f6f65a665fbdf94f1684001425
SHA512: 19dd80dfc9bcb99236b5f977794db25c36d8b229359e29a0edbadd48efe0567f
19e8128d64b4f5e6578efbf10ac965291e27e0e0577fe7a957b0b17c6991d7ca
ssdeep: 384:KVYGWPeyETSAwl7l/UrNNBWnCWFnVe0Lz+KQZuNQnVV+bYubyZc/or:x/PuX
47lshfw/xVFzTQZusVjwor
PEiD..: -
TrID..: File type identification
MPEG Video (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

File veficefe._sy received on 2009.05.23 03:38:44 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.22 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.22 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -
Additional information
File size: 14952 bytes
MD5...: b2c419732134129d3ccb385420a8b8d4
SHA1..: 55b97cf3e6ef364daa7fe6d692a94da66794dd02
SHA256: 897d5d5ca157196a95e1cf28efd2f329c70b7786a2dadc88bcfa9a5e431a8651
SHA512: 73ed8a5dc3ddf7beb09531327a8bde39c6545a3bf335f40fa0b739b21f7ce30f
8ea35e7552508fca4923ec2e656e8713a18d1f1683634fab9a3bf814b51f4398
ssdeep: 384:J4fayiMo8eXBWFiUOxd2LOWK31y4FB3EtPlpypqN/:uSyiMo8eXBvVxd2LVK
315BC+a/
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set

File lyraxugyw.com received on 2009.05.23 03:44:26 (UTC)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.22 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -
Additional information
File size: 17984 bytes
MD5...: 85d229c7bcdff4ad3c5fdf0e8dcfdd72
SHA1..: 1b05732740b9c9dead253eb3aaac2b5616cc0d5a
SHA256: ff2664eb8798b86d40633559e6e338550ae53f0a3490d7e022ff1f76adde0595
SHA512: 217b7d344e3a61501521a8222ae82cf9cff5de84f92cec4dea8c7650910084ec 37cf0d9 ff5d86ab5731c4e1d34069c365b4b13982ff59427f9a60aaebee20948
ssdeep: 384:KzS3jylObXvYMD3XXTfoW6I5vBUJRw2PglPxFrH+EIygkQ:K/lU/tzfJ5Mwx lPxdH+EI5kQ 
PEiD..: -
TrID..: File type identification MPEG Video (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

File qune._sy received on 2009.05.23 03:48:42 (UTC)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.22 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -
Additional information
File size: 16439 bytes
MD5...: 2a3285e73b68aad7de0943a82c91084c
SHA1..: 6398945d28aba337fd2181e7fd9bbf9493e5ef58
SHA256: 0e41a591446f03620d60743df5da5dca88e76d16a21b35f8cd8947570c093e30
SHA512: ec1180685cdc7220aa815d31e7a302371d18e72bcd98aabc3b085710256a3132 9419636 3397e83f695e7c270b0eeaa9f80b64e4e43ba92204bf2e88df76df6bb
ssdeep: 384:BTFw1zrgJBJ231sZt1a4yICEqZaohpEFErZWhvm4zr+QrhhiP:BpqIJ3y2ZP a4Jqncj zzr1iP 
PEiD..: -
TrID..: File type identification MPEG Video (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

File taki._dl received on 2009.05.23 03:50:28 (UTC)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.22 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -
Additional information
File size: 14969 bytes
MD5...: e4c5ff3154f26ae3cca4c15e95ad3bce
SHA1..: 7228322383fcac2ac585ed6ac461a794ca76219b
SHA256: 818d09fcf61be949aeae0182019107697c82b4c0e5aa116f1864b558c500b20a
SHA512: 48335dc23c101058fd27d0d1c0d81722a1fe3237079d2ee5afab8b078b8b7fcd 4277fa2 bfb54fdcc155aeede09378227d61afd979932fbde7e93e3ebfe0acd0b
ssdeep: 384:PCy+828ga86ERrMeSVJmWzfyNRF8/iPf4vTbHiR8VUYr1YU:JN8rAJf+vFQZ iMxYU 
PEiD..: -
TrID..: File type identification MPEG Video (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set -

File inudif.sys received on 2009.05.23 03:52:29 (UTC)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.23 -
AhnLab-V3 5.0.0.2 2009.05.23 -
AntiVir 7.9.0.168 2009.05.23 -
Antiy-AVL 2.0.3.1 2009.05.22 -
Authentium 5.1.2.4 2009.05.22 -
Avast 4.8.1335.0 2009.05.22 -
AVG 8.5.0.339 2009.05.22 -
BitDefender 7.2 2009.05.23 -
CAT-QuickHeal 10.00 2009.05.23 -
ClamAV 0.94.1 2009.05.22 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.23 -
eSafe 7.0.17.0 2009.05.21 -
eTrust-Vet 31.6.6518 2009.05.22 -
F-Prot 4.4.4.56 2009.05.22 -
F-Secure 8.0.14470.0 2009.05.22 -
Fortinet 3.117.0.0 2009.05.23 -
GData 19 2009.05.23 -
Ikarus T3.1.1.49.0 2009.05.23 -
K7AntiVirus 7.10.741 2009.05.21 -
Kaspersky 7.0.0.125 2009.05.23 -
McAfee 5623 2009.05.22 -
McAfee+Artemis 5623 2009.05.22 -
McAfee-GW-Edition 6.7.6 2009.05.23 -
Microsoft 1.4701 2009.05.22 -
NOD32 4098 2009.05.22 -
Norman 6.01.05 2009.05.22 -
nProtect 2009.1.8.0 2009.05.23 -
Panda 10.0.0.14 2009.05.22 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.23 -
Rising 21.30.42.00 2009.05.22 -
Sophos 4.42.0 2009.05.22 -
Sunbelt 3.2.1858.2 2009.05.23 -
Symantec 1.4.4.12 2009.05.23 -
TheHacker 6.3.4.3.331 2009.05.22 -
TrendMicro 8.950.0.1092 2009.05.22 -
VBA32 3.12.10.5 2009.05.22 -
ViRobot 2009.5.22.1747 2009.05.22 -
VirusBuster 4.6.5.0 2009.05.22 -
Additional information
File size: 14923 bytes
MD5...: 2d39c1ab2c930a42f7f721a592abb325
SHA1..: 2053b8806ce5f9596a71a95a8151525365c34536
SHA256: 46f8cb06c6f0d38c62470ae6c81b19ad5d7f00457b8e12add20fe0d43bb14087
SHA512: 3aebd4dd7ed293ae23eb48a8efcad8e234dc3d23572cecc8f2116ee89fa92730 dbd3a64 74e006f562572ce14ee6b6dcf30f7e1e5800a6f821919a466be636bbe
ssdeep: 384:PBP/MdsRpxDUb4bdp/WllKlT+9pHSDerTnGvCeBw:WyDUGdVWaZ+7drqvlw 
PEiD..: -
TrID..: File type identification MPEG Video (100.0%)
PEInfo: -
PDFiD.: -

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, May 23, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, May 23, 2009 04:01:27
Records in database: 2222269
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 101975
Threat name: 5
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 04:16:20

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\__.zip Infected: Backdoor.Win32.TDSS.bkw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSScfum.dll.vir Infected: Rootkit.Win32.TDSS.dbg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSnrsr.dll.vir Infected: Backdoor.Win32.TDSS.asz 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSofxh.dll.vir Infected: Backdoor.Win32.TDSS.blh 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\TDSSriqp.dll.vir Infected: Backdoor.Win32.TDSS.atb 1

The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:31 AM, on 5/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FAMTCCA.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Owner\Local Settings\temp\jkos-Owner\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212994192812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83998832-8C64-4EFB-9D19-570F38C35BFB}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D477902B-9B27-4710-A845-919857A71B51}: NameServer = 69.50.166.94,69.31.80.244
O18 - Protocol: bw+0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: offline-8876480 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 21166 bytes

**Juliet** · 23rd May 2009

The logs have shown me you had a nasty rootkit infection on your computer.

Did you remove Spyware Terminator before or after you ran Combofix? It's still showing in your HJT log.

also it shows me you have 2 antivirus on the machine...
Avira AntiVir Personal
AVG8

Not a good idea really, can cause your computer lots of problems...Can actually reduce your protection.

What Kaspersky found was expected and will be removed in final cleanup.

Please give me an update on how the computer is now.

primox1 · 24th May 2009

"Did you remove Spyware Terminator before or after you ran Combofix? It's still showing in your HJT log."
yes. i removed it after. i thought i had taken it out before.

"also it shows me you have 2 antivirus on the machine...
Avira AntiVir Personal
AVG8"
i had them before. i checked "remove programs" and they dont show up there or in my "all programs"
what i do have is ad-adware and malwarebytes. also i just bought norton 360 3.0 that i havent installed. im waiting for this issue to be resolved first.
computer is loading and running faster.
any ideas?
thank you

**Juliet** · 24th May 2009

Welcome back

Quote:

computer is loading and running faster

Good deal

I believe what we have now from AVG8 and Avira are just left over drivers and services that should come off easy enough.

Please download OTMoveIt3 by OldTimer and save it to your desktop

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )

Code:

:Processes
explorer.exe
:Files
c:\documents and settings\All Users\Application Data\avg8
c:\windows\system32\drivers\AVGIDSErHr.sys
:services
AVGIDSErHr
AVGIDSWatcher
AVGIDSDriver
AVGIDSFilter
AVGIDSShim
AVGIDSAgent
AntiVirScheduler
AntiVirService
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]

Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

In your next rely post:
OTMoveIt log
new HJT log

primox1 · 24th May 2009

here is my new report.
thanks!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:51 PM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe --ports
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1212994192812
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} - http://chat.yahoo.com/cab/yvwrctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{83998832-8C64-4EFB-9D19-570F38C35BFB}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CCS\Services\Tcpip\..\{D477902B-9B27-4710-A845-919857A71B51}: NameServer = 69.50.166.94,69.31.80.244
O18 - Protocol: bw+0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: offline-8876480 - {F51D5D63-C82E-4B13-AF3F-E79941C69A2F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Easy Synchronization - Unknown owner - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 20453 bytes

**Juliet** · 25th May 2009

Welcome back

Things look good.

Let's get a security issue on the computer closed.

Your version of Adobe is out of date.

You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here.
For more information and links to Adobe updates and downloads click here.

~~~~~~~~~~~~~~~~~~~~~
NEXT**
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
(Description: HP software update checker and wizard launcher.)

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
(Description: HP software update checker and wizard launcher.)

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
(Not necessary)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(Not necessary)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``
Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.

Example below

http://billy-oneal.com/Canned%20Spee...n/removecf.png

~~~~~~~~~~~~~~~~~~~~~~~~~~~

NEXT**
Next open OTMoveIt, then click on "CleanUp!".
If you receive a warning from your Firewall please allow...
In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OTMoveIt will delete them.
Do not edit anything in that Window!
Don't worry if it displays some tools you didn't download/use.
Click Yes when it asks to Begin cleanup process.

Then reboot your computer.<--Important

I think we're ready for preventive tips, what say you?

primox1 · 26th May 2009

"* Click START then RUN
* Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there."

all is good except its says windows can not find combofix. i typed it in like you say.
should i continue with "otmoveit"?

**Juliet** · 26th May 2009

We'll just have to manual delete the related files/folders.

C:\Qoobox<--delete the folder
C:\qoobox\quarantined_files.txt<--file
C:\Combofix<--delete the folder
C:\Combofix\combofix.txt<--file

Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.
You can delete any other logs that were created/saved too.

Yes please continue with the instructions for OTMoveIt.

I think we're ready for preventive tips