'Troj/Rustok-N'

I'm getting this error:

Your computer (IP: 69.3.221.61) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'

We cannot provide you with an access to our content for browsing purposes as it will lead to the inevitable crush of our website.

We strongly recommend you to run your antivirus edition and, if necessary, check it for the latest updates available.

You may also download recommended software, which has been approved by a number of our surfers who encountered the same problem and used this software to overcome it.

We apologize for the inconvenience, and hope we'll see you again on www.redtube.com

Find more comments on the software at: aumhaphpbb.com

===============
HijackThis Log: Part 1:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:47 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\program files\common files\installshield\updateservice\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

Last edited by jerneedog on 31st December 2008, 4:45 am; edited 1 time in total

HijackThis Log: Part 2:

O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O18 - Protocol: bw+0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

HijackThis Log: Part 3:

O18 - Protocol: bwr0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: offline-8876480 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 24492 bytes

HijackThis Uninstall Log:

7-Zip 4.42
ABC Amber LIT Converter
AbelCam
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator 10
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.1.0
Adobe Reader Japanese Fonts
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Decoder Patch
AGEIA PhysX v7.09.13
AIM 6
Alien Skin Eye Candy 5 Textures
AltoMP3 Gold 5.20
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AV4 Customer Management System For Avon Representatives 5.8.30
AVG Free 8.0
AviSynth 2.5
AVS Audio Tools version 4.3
BitTornado 0.3.18
Bonjour
Broadcom Advanced Control Suite
CamStudio
Canon S600
CCScore
CDBurnerXP
Chickenfoot
CoffeeCup Flash Button Factory
CoffeeCup Flash Firestarter
ColorPic
Compatibility Pack for the 2007 Office system
ConvertHelper 2.1
Corel Applications
Coupon Printer for Windows
CreataCard Plus 3
Creative MediaSource
dBpoweramp Music Converter
Dell CinePlayer
Dell Driver Reset Tool
Dell Game Console
Dell Resource CD
Digital Content Portal
DivX Content Uploader
DivX Web Player
Documentation & Support Launcher
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab 5.0.3.0 Gosthunter Release
DVDFab Decrypter 3.0.7.2
DVDFab HD Decrypter 4.0.5.0
DynDNS Updater 3.1
EarthLink Setup Files
eBook to Images
ESPNMotion
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Express Burn
Express Rip
Eye Candy 4000
ffdshow [rev 1028] [2007-03-13]
FontPage 3.0.1
Free iPod Video Converter 1.34
Free PDF to Word Doc Converter v1.1
FTP Voyager 10.0
Fwink
Games, Music, & Photos Launcher
GemMaster Mystic
GoldWave v5.18
Graboid Video 1.3
Grim's Team Fortress 2 Aliases
GroupMail :: Free Edition
Half-Life(R) 2
Handbrake 0.9.2
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLSW v1.2.0
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Ideal DVD Copy V3.2.0
iGadget 2.0.4.0
Internet Service Offers Launcher
InterWARN
Ipod Video Converter For Free V 1.0
iPodLibrary v1.2b
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
KSU
LADSPA_plugins-win-0.4.15
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech SetPoint
Magic DVD Ripper V4.3.1
Malwarebytes' Anti-Malware
Media Jukebox 12
MediaCoder 0.6.1
MediaMonkey 2.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MixPad
MobileMe Control Panel
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.5)
Mozilla Thunderbird (2.0.0.6)
Mp3Decode
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero Suite
netbrdg
Nostromo Array Programming Software
Notifier
NVIDIA Drivers
OfotoXMI
OtsTurntables Free 1.00.012
Otto
PassAlong Software
PDF reDirect (remove only)
PDF Ripper 2.01
PDF Settings
PDFCreator
PopCap Browser Plugin
PowerISO
PrimoPDF
PrimoPDF Redistribution Package
QuickTime
RealPlayer
Roxio MyDVD LE
Roxio MyDVD Premier 8
Roxio RecordNow Premier
Samsung USB Driver
Screensavers.com Content
SD Weather Lab 6.1
Seagate Manager Installer
Seagate Manager Installer
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SHASTA
SKIN0001
SKINXSDK
SnagIt 8
Softe Video Converter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Sound Blaster X-Fi
Source SDK Base
SprayR 1.0 RC7b
staticcr
Steam(TM)
StormLab
StormLab (C:\Program Files\StormLab\)
StormLab V4.0.1
SWiSH Max2
Symantec KB-DocID:2003093015493306
TalkShoe Live! 2.0
Tansee iPod Transfer v3.2
Team Fortress 2
TeamSpeak 2 RC2
TeamSpeak 2 Server RC2
TinCam 1.04
tooltips
Total Video Converter 3.10
Ultimate Mahjongg
Ultra Video To iPod Converter 2.0
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Ventrilo Client
VideoLAN VLC media player 0.8.6d
Videora iPod Converter 0.91
VisionGS PE
VPRINTOL
VTFEdit 1.2.5
Wal-Mart Music Downloads Store
WavePad Uninstall
Windows Defender
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinRAR archiver
WinZip
WIRELESS
WM Recorder 11.3
WordPod
Xfire (remove only)
Yahoo! Extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Zuma Deluxe
===============
Thank you in advance!

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
  O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll (file missing)
  O9 - Extra button: (no name) - AutorunsDisabled - (no file)
  O18 - Protocol: bw+0 - {CC3BCB7C-1ECA-470F-A8A7-588B479AE4A8} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
  Check all these O18 items too
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Since MBAM is already on the system, we'll use that.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Followed your instructions, had to reboot to finish.

Here's the MBAM Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1580
Windows 5.1.2600 Service Pack 3

12/31/2008 4:08:36 PM
mbam-log-2008-12-31 (16-08-36).txt

Scan type: Quick Scan
Objects scanned: 97299
Time elapsed: 20 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 25
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\yapowuwi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\neyirano.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\wizitego.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yutobayu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49ad62a7-92fd-4e83-b1d0-07eadc6832f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{49ad62a7-92fd-4e83-b1d0-07eadc6832f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{49ad62a7-92fd-4e83-b1d0-07eadc6832f0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dc21f6f4 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dipitiyaja (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmdf12c568 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wizitego.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wizitego.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\yutobayu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yutobayu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\yutobayu.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\yapowuwi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\iwuwopay.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\neyirano.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\wizitego.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pupumoro.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yutobayu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msqpdxoevaypwy.dll (Trojan.TDSS) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\Components\iamfamous.dll (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\MY NAMED REMOVED\Local Settings\Temp\tmpAD2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\MY NAMED REMOVED\Local Settings\Temporary Internet Files\Content.IE5\2N1N4H66\style[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\MY NAMED REMOVED\Local Settings\Temporary Internet Files\Content.IE5\CV5BZ22W\InstallAVg_770522170802[1].exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\msqpdxtqrpjkrg.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\MY NAMED REMOVED\Local Settings\Temp\matrix35529.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-5B7.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.


===========

Thank you very much for the help. That seems to have done the trick.

Happy New Year!

Hello.
Yes, it probably has, but we need to make sure.

• Download combofix from here, use the top links - combofix.exe
  
• Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Part 1 of ComboFix Log:

ComboFix 08-12-30.02 - REMOVED MY NAME 2008-12-31 16:51:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2499 [GMT -6:00]
Running from: c:\documents and settings\REMOVED MY NAME\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\REMOVED MY NAME\Application Data\inst.exe
c:\documents and settings\REMOVED MY NAME\Application Data\unins000.exe
c:\windows\Downloaded Program Files\setup.inf
c:\windows\IE4 Error Log.txt
I:\Autorun.inf
I:\resycled
i:\resycled\boot.com

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-30 22:13 . 2008-12-30 22:13 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 22:13 . 2008-12-30 22:13 d-------- c:\documents and settings\REMOVED MY NAME\Application Data\Malwarebytes
2008-12-30 22:13 . 2008-12-30 22:13 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 22:13 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 22:13 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-29 20:23 . 2008-12-29 20:23 d-------- c:\program files\Common Files\Macrovision Shared
2008-12-29 15:20 . 2008-12-29 20:28 7,056,054 --ah----- c:\windows\system32\toyhide.bmp
2008-12-25 19:08 . 2008-12-25 19:08 d-------- c:\documents and settings\All Users\Application Data\WhiteCap (Holiday Edition)
2008-12-25 10:41 . 2008-12-25 10:41 606,848 --a------ c:\windows\flashax.exe
2008-12-25 10:41 . 2008-12-25 10:41 12,288 --a------ c:\windows\impborl.dll
2008-12-25 10:40 . 2008-12-25 10:41 d-------- c:\program files\www_screensavers_com
2008-12-23 23:36 . 2008-12-23 23:36 d-------- c:\program files\ConvertHelper
2008-12-19 20:10 . 2008-12-27 00:03 d-------- c:\documents and settings\REMOVED MY NAME\Application Data\dvdcss
2008-12-17 17:20 . 2008-12-17 19:30 d-------- c:\program files\IdealDVDCopy
2008-12-17 17:20 . 2008-12-17 17:20 47,360 --a------ c:\windows\system32\drivers\pcouffin.sys
2008-12-17 17:20 . 2008-12-17 17:20 47,360 --a------ c:\documents and settings\Jerry Fetsch\Application Data\pcouffin.sys
2008-12-10 18:22 . 2008-12-10 18:22 d-------- c:\documents and settings\All Users\Application Data\Launcher
2008-12-09 19:17 . 2008-12-19 20:14 d-------- c:\documents and settings\REMOVED MY NAME\Application Data\vlc
2008-12-09 19:08 . 2008-12-09 19:08 d-------- c:\documents and settings\REMOVED MY NAME\Application Data\MozillaControl
2008-12-09 19:08 . 2008-12-09 19:08 d-------- c:\documents and settings\All Users\Application Data\Graboid Inc
2008-12-09 19:07 . 2008-12-09 19:07 d-------- c:\program files\VideoLAN
2008-12-09 19:07 . 2008-12-09 19:08 d-------- c:\program files\Mozilla ActiveX Control v1.7.12
2008-12-09 19:07 . 2008-12-09 19:08 d-------- c:\program files\Graboid
2008-12-09 17:09 . 2008-12-09 17:10 d-------- c:\program files\iTunes
2008-12-09 17:09 . 2008-12-09 17:09 d-------- c:\program files\iPod
2008-12-09 17:09 . 2008-12-09 17:10 d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-09 17:08 . 2008-12-09 17:08 d-------- c:\program files\QuickTime
2008-12-06 08:20 . 2008-12-06 08:20 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-12-05 19:56 . 2008-12-05 19:56 d-------- c:\program files\PDF reDirect
2008-12-05 19:56 . 2008-12-05 19:56 d-------- c:\documents and settings\REMOVED MY NAME\Application Data\PDF reDirect
2008-12-01 17:36 . 2008-12-01 17:36 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-28 22:08 . 2008-11-28 22:08 d-------- c:\program files\Seagate
2008-11-28 22:08 . 2008-11-28 22:08 d-------- c:\documents and settings\All Users\Application Data\Seagate
2008-11-28 22:07 . 2008-11-28 22:07 d--hs---- c:\windows\ftpcache
2008-11-12 14:53 . 2008-10-24 05:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 14:52 . 2008-09-04 11:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-05 19:33 . 2008-11-05 19:33 d-------- c:\program files\Nattyware
2008-11-04 10:30 . 2008-11-04 10:30 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 . 2008-11-04 10:30 57,344 --a------ c:\windows\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 04:46 --------- d-----w c:\documents and settings\Jerry Fetsch\Application Data\Vso
2008-12-31 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-31 04:04 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-31 04:01 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-30 02:47 --------- d-----w c:\program files\Common Files\Adobe
2008-12-18 01:18 --------- d-----w c:\documents and settings\All Users\Application Data\vsosdk
2008-12-16 02:46 --------- d-s---w c:\program files\HLSW
2008-12-13 18:22 --------- d-----w c:\program files\Coupons
2008-12-09 23:09 --------- d-----w c:\program files\Common Files\Apple
2008-12-06 14:20 --------- d-----w c:\program files\AIM6
2008-12-06 14:19 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-02 03:10 --------- d-----w c:\program files\Yahoo!
2008-12-01 23:36 --------- d-----w c:\program files\Java
2008-11-29 04:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-18 22:18 --------- d-----w c:\documents and settings\Jerry Fetsch\Application Data\Yahoo!
2008-11-17 00:32 --------- d-----w c:\documents and settings\Jerry Fetsch\Application Data\Move Networks
2008-11-16 18:34 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-11-08 07:48 --------- d-----w c:\program files\Handbrake
2008-01-13 08:09 251 ----a-w c:\program files\wt3d.ini
2007-08-03 01:57 9,598 ----a-w c:\documents and settings\REMOVED MY NAME\Application Data\unins000.dat
2006-12-22 01:05 0 ---ha-w c:\documents and settings\All Users\Application Data\gwseh.dat
2008-04-17 02:02 220 --sha-w c:\windows\dwin.sys
2007-03-18 22:52 202 --sha-r c:\windows\Regbak.dat
2006-12-29 00:57 2,516 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-09-25 02:59 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-12-18 32768]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-01 136600]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-01-20 163840]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\common files\installshield\updateservice\issch.exe" [2006-03-20 86960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-07-13 185896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-01-03 122940]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 c:\windows\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\Ctxfihlp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\REMOVED MY NAME\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-02 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Loadout Manager.lnk - c:\program files\Belkin\Nostromo\nost_LM.exe [2004-04-06 454656]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-12-18 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-12-18 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

Part 2 of ComboFix log:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jerneedog\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\TalkShoe\\pjsua_vc6d.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\jerneedog\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Teamspeak2_RC2_server\\server_windows.exe"=
"c:\\Program Files\\DynDNS Updater\\DynDNS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Fwink\\fwink.exe"=
"c:\\Program Files\\AbelCam\\AbelCam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-26 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-26 76040]
R2 FreeAgentGoNext Service;Seagate Service;"c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe" [2008-10-28 156968]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2003-07-24 22821]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-08-31 16512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-31 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Name-Space Handler: ftp\FVLink.IELinkMonitor - {EE4303CB-EA2E-4020-8827-3B0C948BC5C9} - c:\program files\RhinoSoft.com\FTP Voyager\FVLink.dll
FF - ProfilePath - c:\documents and settings\REMOVED MY NAME\Application Data\Mozilla\Firefox\Profiles\ku6izdje.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4E7FF8BB-0A5A-4AA3-B764-B39BA9A13E38", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDB24F189F-FB14-4EFD-8B9D-217EC6C84EA1", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID86ED3659-02F6-465D-8F19-A9334614CCC3", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID5D7F48C0-CB49-4ea6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CIDA43C6FC7-09F6-4E04-B8E3-683F3BDFEF7C", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activexFF15.js - pref("capability.policy.default.ClassID.CID4C8D6404-A9F6-4236-8488-6C5732CB3BFA", "AllAccess");.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 16:57:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Owner=S-1-5-21-4237256513-1746447643-3308159687-1005
"*"=dword:00000004

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-4237256513-1746447643-3308159687-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)
@Owner=S-1-5-21-4237256513-1746447643-3308159687-1005
@Allowed: (Full) (S-1-5-21-4237256513-1746447643-3308159687-1005)
@Allowed: (Full) (S-1-5-21-4237256513-1746447643-3308159687-1005)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (LocalSystem)
@Allowed: (Full) (Administrators)
@Allowed: (Full) (Administrators)
@Allowed: (Read) (S-1-5-12)
@Allowed: (Read) (S-1-5-12)
"*"=dword:00000004

[HKEY_USERS\S-1-5-21-4237256513-1746447643-3308159687-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Owner=S-1-5-21-4237256513-1746447643-3308159687-1005
@Denied: (A 2) (Everyone)
@Denied: (A 2) (S-1-5-7)
@="FlashProp Class"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@Owner=S-1-5-21-4237256513-1746447643-3308159687-1005
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\Programmable]
@Owner=S-1-5-21-4237256513-1746447643-3308159687-1005

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\h*NULL*a*NULL*u*NULL*s*NULL*a*NULL*u*NULL*f*NULL*g*NULL*a*NULL*b*NULL*e*NULL*n*NULL* r*NULL*e*NULL*f*NULL*e*NULL*r*NULL*a*NULL*t*NULL*e*NULL*.*NULL*d*NULL*e*NULL*]
@Security="Inherited"
"*"=dword:00000004
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\CTxfispi.exe
c:\windows\system32\rundll32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-12-31 17:05:40 - machine was rebooted [REMOVED MY NAME]
ComboFix-quarantined-files.txt 2008-12-31 23:05:37

Pre-Run: 150,072,868,864 bytes free
Post-Run: 152,068,509,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

318 --- E O F --- 2008-12-29 20:56:28

Hello.
Delete this folder in bold:
c:\documents and settings\All Users\Application Data\Viewpoint

What problems remain?

Deleted that empty folder.

I'm not experiencing any problems, business as usual.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck.

I have followed your instructions for creating a new restore point.

I will download those recommended programs now.

Thank you so much for the help.

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.