Virus and or malware??

Hello.
Same, we've both had busy days.

Lets use Combofix again, but with a custom script for your machine.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad

Folder::
c:\documents and settings\All Users\Application Data\Viewpoint

FileLook::
c:\program files\Global.sw

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-04-14.08 - marino limauro 04/14/2009 8:12.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.685 [GMT -4:00]
Running from: c:\documents and settings\marino limauro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\marino limauro\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-10 13:55 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-10 13:55 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 13:30 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-10 13:30 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-03 16:31 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-02 23:20 . 2009-04-10 13:23 -------- dc----w c:\windows\ie8
2009-04-02 22:14 . 2009-04-02 22:14 -------- d-----w c:\documents and settings\marino limauro\IECompatCache
2009-04-02 22:12 . 2009-04-02 22:12 -------- d-----w c:\documents and settings\LocalService\IETldCache
2009-04-02 22:09 . 2009-04-02 22:09 -------- d-----w c:\documents and settings\marino limauro\PrivacIE
2009-04-02 22:06 . 2009-04-02 22:06 -------- d-----w c:\documents and settings\marino limauro\IETldCache
2009-04-02 22:00 . 2009-04-10 13:24 -------- d-----w c:\windows\ie8updates
2009-04-02 20:41 . 2009-04-02 20:57 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\marino limauro\Application Data\Malwarebytes
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 16:11 . 2003-04-18 00:26 79 ----a-w c:\windows\delay2.reg
2009-03-23 15:46 . 2009-03-23 15:46 35262 ----a-w c:\windows\marino limauro000.acl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:15 . 2009-04-10 23:41 -------- d-----w c:\documents and settings\marino limauro\Application Data\U3
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\program files\Avira
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-11 17:32 . 2008-04-05 20:58 -------- d-----w c:\documents and settings\marino limauro\Application Data\Skype
2009-04-11 17:09 . 2004-07-22 11:26 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 17:07 . 2005-08-08 17:26 -------- d-----w c:\program files\Norton AntiVirus
2009-04-11 17:07 . 2004-07-22 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 14:39 . 2009-04-11 14:38 888 ----a-w C:\avenger.txt
2009-04-11 01:08 . 2004-07-22 11:17 -------- d-----w c:\program files\Java
2009-04-10 22:35 . 2007-09-15 17:11 971301 ----a-w C:\VETlog.txt
2009-04-10 22:35 . 2007-09-15 17:11 53562 ----a-w C:\VETlog.dmp
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\Trend Micro
2009-04-10 13:55 . 2009-03-24 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 13:26 . 2008-06-16 02:52 -------- d-----w c:\program files\AOL 9.1a
2009-04-10 13:25 . 2007-12-22 18:20 -------- d-----w c:\program files\Yahoo!
2009-04-10 13:23 . 2009-04-02 23:36 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 02:58 . 2009-04-10 02:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 02:58 . 2008-09-29 21:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 00:45 . 2007-12-22 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-09 23:34 . 2008-04-05 21:04 -------- d-----w c:\documents and settings\marino limauro\Application Data\skypePM
2009-03-14 00:27 . 2009-03-14 00:28 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-02-13 15:31 . 2009-04-11 18:01 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-02-09 11:13 . 2008-10-15 05:44 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2003-07-15 21:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 01:07 . 2008-07-09 21:36 3698584 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-17 02:35 . 2006-05-19 15:08 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-05 21:04 . 2008-04-05 21:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 15:35 . 2005-08-08 15:51 29536 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 22:20 . 2005-08-08 19:17 29536 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-11-05 18:36 . 2006-11-05 18:36 560 -c--a-w c:\program files\Global.sw
2005-08-22 16:51 . 2005-08-22 16:51 137 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\fusioncache.dat
2005-08-22 16:28 . 2005-08-22 16:28 136 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\fusioncache.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Global.sw -- Not a PE file.
File Size: 560
Created Time: 2006-11-05 18:36
Modified Time: 2006-11-05 18:36
Accessed Time: 2009-04-14 12:12
MD5: 6A226594ADB7CD283439380588A0CB20
SHA: 11A311E90A3AAB096F4E18B9FA48AC3F40006761


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182108996\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 ppsio2;PPDevice; [x]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8741b3c9-2614-11de-b551-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebbd0d-5bd0-11dc-9a58-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
mStart Page = hxxp://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 08:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5412)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AOL 9.1a\waol.exe
c:\program files\AOL 9.1a\shellmon.exe
c:\program files\Common Files\AOL\1182108996\ee\aolsoftware.exe
c:\windows\SYSTEM32\wscript.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 12:23
ComboFix2.txt 2009-04-11 23:21

Pre-Run: 55,468,511,232 bytes free
Post-Run: 55,469,252,608 bytes free

165 --- E O F --- 2009-04-11 02:41

FYI... I looked for c:\windows\system32 and it's not there???? or it's not where it should be??

Hello.
I want to use Combofix one more time.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
ppsio2

File::
c:\program files\Global.sw

DDS::
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-04-14.09 - marino limauro 04/14/2009 12:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.678 [GMT -4:00]
Running from: c:\documents and settings\marino limauro\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\marino limauro\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\Global.sw
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Global.sw

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PPSIO2
-------\Service_ppsio2


((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-10 13:55 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-10 13:55 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 13:30 . 2008-10-16 18:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-04-10 13:30 . 2008-10-16 18:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-04-03 16:31 . 2008-10-16 18:06 27496 ----a-w c:\windows\system32\mucltui.dll.mui
2009-04-02 23:20 . 2009-04-10 13:23 -------- dc----w c:\windows\ie8
2009-04-02 22:14 . 2009-04-02 22:14 -------- d-----w c:\documents and settings\marino limauro\IECompatCache
2009-04-02 22:12 . 2009-04-02 22:12 -------- d-----w c:\documents and settings\LocalService\IETldCache
2009-04-02 22:09 . 2009-04-02 22:09 -------- d-----w c:\documents and settings\marino limauro\PrivacIE
2009-04-02 22:06 . 2009-04-02 22:06 -------- d-----w c:\documents and settings\marino limauro\IETldCache
2009-04-02 22:00 . 2009-04-10 13:24 -------- d-----w c:\windows\ie8updates
2009-04-02 20:41 . 2009-04-02 20:57 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\marino limauro\Application Data\Malwarebytes
2009-03-24 22:18 . 2009-03-24 22:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 16:11 . 2003-04-18 00:26 79 ----a-w c:\windows\delay2.reg
2009-03-23 15:46 . 2009-03-23 15:46 35262 ----a-w c:\windows\marino limauro000.acl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 23:15 . 2009-04-10 23:41 -------- d-----w c:\documents and settings\marino limauro\Application Data\U3
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\program files\Avira
2009-04-11 18:01 . 2009-04-11 18:01 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-11 17:32 . 2008-04-05 20:58 -------- d-----w c:\documents and settings\marino limauro\Application Data\Skype
2009-04-11 17:09 . 2004-07-22 11:26 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 17:07 . 2005-08-08 17:26 -------- d-----w c:\program files\Norton AntiVirus
2009-04-11 17:07 . 2004-07-22 11:26 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 14:39 . 2009-04-11 14:38 888 ----a-w C:\avenger.txt
2009-04-11 01:08 . 2004-07-22 11:17 -------- d-----w c:\program files\Java
2009-04-10 22:35 . 2007-09-15 17:11 971301 ----a-w C:\VETlog.txt
2009-04-10 22:35 . 2007-09-15 17:11 53562 ----a-w C:\VETlog.dmp
2009-04-10 21:14 . 2009-04-10 21:14 -------- d-----w c:\program files\Trend Micro
2009-04-10 13:55 . 2009-03-24 22:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 13:26 . 2008-06-16 02:52 -------- d-----w c:\program files\AOL 9.1a
2009-04-10 13:25 . 2007-12-22 18:20 -------- d-----w c:\program files\Yahoo!
2009-04-10 13:23 . 2009-04-02 23:36 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-10 02:58 . 2009-04-10 02:56 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-10 02:58 . 2008-09-29 21:26 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 00:45 . 2007-12-22 18:32 -------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-09 23:34 . 2008-04-05 21:04 -------- d-----w c:\documents and settings\marino limauro\Application Data\skypePM
2009-03-14 00:27 . 2009-03-14 00:28 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-02-09 11:13 . 2008-10-15 05:44 1846784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-02-09 11:13 . 2003-07-15 21:01 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 01:07 . 2008-07-09 21:36 3698584 ----a-w c:\windows\SYSTEM32\DLLCACHE\ieapfltr.dat
2009-01-17 02:35 . 2006-05-19 15:08 3594752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-05 21:04 . 2008-04-05 21:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-06-08 15:35 . 2005-08-08 15:51 29536 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-06-07 22:20 . 2005-08-08 19:17 29536 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-08-22 16:51 . 2005-08-22 16:51 137 -c--a-w c:\documents and settings\marino limauro\Local Settings\Application Data\fusioncache.dat
2005-08-22 16:28 . 2005-08-22 16:28 136 -c--a-w c:\documents and settings\marie limauro\Local Settings\Application Data\fusioncache.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_12.18.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 16:12 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-04-14 12:17 . 2008-12-17 02:59 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2009-04-14 16:10 . 2005-10-21 00:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182108996\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8741b3c9-2614-11de-b551-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebbd0d-5bd0-11dc-9a58-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 12:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5540)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\AOL 9.1a\waol.exe
c:\program files\AOL 9.1a\shellmon.exe
c:\program files\Common Files\AOL\1182108996\ee\aolsoftware.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 16:18
ComboFix2.txt 2009-04-14 12:23
ComboFix3.txt 2009-04-11 23:21

Pre-Run: 55,445,807,104 bytes free
Post-Run: 55,361,519,616 bytes free

159 --- E O F --- 2009-04-11 02:41

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

Can you try IE now please.

Sorry, It started up and shut right back down!!

Do you have your XP disc, we can try a repair install in case there is damage done by malware.

Yes I have an XP disc. Let give it a shot.
This disc is a DELL Operating System Disc. Reinstallation Disc
It contains Windows XP Home Edition including Service Pack 1A.

If that'll work I'm ready when you are.

SP1a is kinda old, but it might work.
Details on how to do a repair install [in detail] here:
http://www.michaelstevenstech.com/XPrepairinstall.htm

I found an SP2 disc. I started the repair process. The repair program deleted a bunch of files, then reinstalled a bunch of files. Then, I got the "Blue Screen of Death" with the error BAD_POOL_CALLER. I've restarted twice, only to get the same outcome. Any ideas???

It probably didn't like the SP1 disc, did you try with SP2?

That was the SP2 disc???

Maybe I should just buy a new HD and start all over!!!

I doubt you need a new HD, maybe just need to format, the backdoor bot at the start of this thread has done some deeper damage.

How do I do the reformat on the HD?

Read the information in some of my links provided in this post:
http://www.geekpolice.net/virus-spyware-malware-removal-f11/virus-and-or-malware-t8210.htm#51193

The computer seems to be stuck in setup mode for installing Windows XP.
It won't start in safe mode. When I let it start normally it tries to run the setup for fixing Windows XP, and then crashes with the BAD_POOL_CALLER error.

Hmm.
You sure it's stuck? because I know the setup puts the press F2 key to continue right at the bottom of the script instead of in the middle.