Free Malware Removal Forum

by **pogz3ffata** » July 23rd, 2008, 7:16 pm

I bought this PC 2 months ago and running wonderful but now its just running probably 10x slower. When I open IE browser it always shows a page that says "Insecure internet activity. Threat of virus attack". Also the PC hangs up most of the time and just leaves the screen blank.

Thank you in advance for your time and appreciate any help and suggestion.

Regards,
Ted

---------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:02 PM, on 23/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/sounddes.com/S ... mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: QXK Olive - {01AC48C9-9646-4608-B16C-57AFF893BCB3} - C:\Windows\wbxdpgfelge.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {674C6F50-30E6-4528-958B-861E49D2B447} - C:\Windows\system32\yayvUljK.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B1DD82CE-F953-4379-ACCD-2A891C50B443} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnkJDtR.dll,#1
O4 - HKLM\..\Run: [3255f941] rundll32.exe "C:\Windows\system32\uelnytkg.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Users\computer\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\computer\AppData\Local\Temp\ljJCsrRI.dll,#1
O4 - HKCU\..\Run: [3255f941] rundll32.exe "C:\Users\computer\AppData\Local\Temp\ggpuoyfk.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mechanicbrain69.spaces.live.com/ ... den-ca.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: fdxbameg - {45D8FF5B-AF6F-4B26-B438-84407B97AAFB} - C:\Windows\fdxbameg.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13177 bytes

by **pogz3ffata** » July 23rd, 2008, 7:27 pm

Also, I was reading around and noticed that the next step that was asked is to post the Uninstall list. I took the initiative of doing that now.

-------------

AppCore
ccCommon
Component Framework
HijackThis 2.0.2
Java(TM) 6 Update 7
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
MagicTune Premium
Natural Color Pro
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
SPBBC 32bit

Regards,
Ted

by **Carolyn** » July 26th, 2008, 8:17 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I am currently looking at your log now and will be back as soon as possible with your instructions.

by **Carolyn** » July 27th, 2008, 10:15 am

Hello Ted,

Use of P2P (Person to Person) file sharing programs

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.

If your helper detects the presence of such programs on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.

If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.

We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.

You have the following P-2-P program installed
BearShare

This is how you uninstall it:

Click Start
Go to start > control panel > programs and features.
Right click on

BearShare
Click Uninstall & then follow the prompts to remove it.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Please run a new HJT scan when finished and post the log back here.

by **pogz3ffata** » July 30th, 2008, 7:44 pm

Hi Carolyn,

First off all thank you so much for quick response but I apologise that I didn't reply back it's because I can't find it on my program and features even go back and look again. I use search engine and it's there on C files but empty folder so I just delete it. And that folder i created on January this year which I purchase this on May this year as a second hand.

Could you help me find this one? And it's maybe hidden somewhere else
I try my best to look at it but no luck.

So far that's all I experienced about my computer problem.

Any words from you that would be appreciated....

Thanks and Godbless!!!

Regards,
Ted

by **Carolyn** » July 31st, 2008, 7:09 am

Hi Ted,

We can deal with the BearShare entries later. Since you seem to understand our position regarding P2P file sharing programs and are willing to comply with our requirements, let's clean your computer.

Please post a fresh HijackThis log.

by **pogz3ffata** » July 31st, 2008, 8:16 pm

Hello Carolyn,

Thanks agian for quick reaponse and can't wait ti'l my computer got fixed. Always take care....

Regards,
Ted

This is the latest Logfile that I have:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:28 PM, on 31/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/sounddes.com/S ... mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: QXK Olive - {01AC48C9-9646-4608-B16C-57AFF893BCB3} - C:\Windows\wbxdpgfelge.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {DCF374FA-3B88-4DA5-B11E-E3986E60E050} - C:\Windows\system32\yayvUljK.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {B1DD82CE-F953-4379-ACCD-2A891C50B443} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnnkJDtR.dll,#1
O4 - HKLM\..\Run: [3255f941] rundll32.exe "C:\Windows\system32\uelnytkg.dll",b
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Users\computer\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll,#1
O4 - HKCU\..\Run: [3255f941] rundll32.exe "C:\Windows\system32\uelnytkg.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mechanicbrain69.spaces.live.com/ ... den-ca.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O21 - SSODL: fdxbameg - {45D8FF5B-AF6F-4B26-B438-84407B97AAFB} - C:\Windows\fdxbameg.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13351 bytes

by **Carolyn** » July 31st, 2008, 9:15 pm

Hello Ted,

Please download Malwarebytes' Anti-Malware and save it to a convenient location.

Right click on mbam-setup.exe and select Run as administrator
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :
For information regarding this download, please visit this webpage:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link1
Link2
Link3

**Note: It is important that it is saved directly to your desktop**
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Then right click combofix.exe, select Run as administrator & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1.Right click on HijackThis and select Run as administrator
2. Click on the Open the Misc tool section button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save list button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Note: please uncheck word wrap under format in notepad

Please post the following:

The Malwarebytes' Anti-Malware log
The Combofix log
The Uninstall List
and a fresh HijackThis log.

by **pogz3ffata** » August 1st, 2008, 12:22 am

Hi Carolyn,

This is my new post:

THE MALWAREBYTES' ANTI-MALWARE LOG

Malwarebytes' Anti-Malware 1.24
Database version: 1014
Windows 6.0.6000

11:12:42 PM 31/07/2008
mbam-log-7-31-2008 (23-12-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152760
Time elapsed: 57 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{786a6394-50f1-48cd-93ee-4ed4f5fe8662} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ee7a2769-965a-4f81-ba54-07391b28f6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a79f34c7-7417-43ab-99eb-06c8057b88c8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07edfdfd-6c70-4a41-bf5b-42cff83c55d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{314e0b3c-4f96-465c-b3e2-dc2333adca0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43c32b77-6a04-493b-85d1-87e9e068f675} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45d8ff5b-af6f-4b26-b438-84407b97aafb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91a2ea3f-44a0-4e88-beef-11137707e7c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.btqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Delete on reboot.

Folders Infected:
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\KjlUvyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\KjlUvyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awttRJAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnkliHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uelnytkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gktynleu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wVPIXRIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\nnnkJDtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGYFW0KB\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWJY2YEI\kb767887[2] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\byXPghii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\chxpgtwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\ckommpsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\dlaotuvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\efcBttsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\gbglwanq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\goxxyohu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\mlJBTjiG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\vtUooLFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wnjbgfgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wvUlKaXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\xxyXqopn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnryjwfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\rqrRhfda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp000115b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00011802 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00012174 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001251c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001498d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00016f07 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001753e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnnmNdBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\elvqco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\enkpdbcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\llewjuoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awtqQKeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gffjsbbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hotcmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iadrdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mmnetfry.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ofywmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\phizpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tvmefh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\txujux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\udnrdxoq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vqamgolt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wmfpncrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wuupffnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zcowkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fdxbameg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

___________________________________________________________

THE COMBOFIX LOG

ComboFix 08-07-31.01 - computer 2008-07-31 23:35:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1291 [GMT -4:00]
Running from: C:\Users\computer\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com\ud.sol
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\byxkoesb.ini
C:\Windows\system32\ctbiysom.ini
C:\Windows\system32\dcqoehly.ini
C:\Windows\system32\embpwxgp.ini
C:\Windows\system32\idsqtuua.ini
C:\Windows\system32\lysjrsms.ini
C:\Windows\system32\psogxvdy.ini
C:\Windows\system32\rfoipenx.ini
C:\Windows\system32\ufeqnqge.ini
C:\Windows\system32\utqdhvbu.ini
C:\Windows\system32\x64
C:\Windows\system32\yayvUljK.dll
C:\Windows\wbxdpgfelge.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 03:11 --------- d-----w C:\Program Files\Lx_cats
2008-08-01 02:09 --------- d-----w C:\Users\computer\AppData\Roaming\Malwarebytes
2008-08-01 02:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 02:08 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-07-31 22:39 --------- d-----w C:\PROGRA~2\Google Updater
2008-07-31 00:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-31 00:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-23 22:48 --------- d-----w C:\Program Files\Trend Micro
2008-07-16 21:34 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-16 21:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-16 21:30 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-16 21:30 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-16 21:30 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-16 21:30 --------- d-----w C:\Program Files\Symantec
2008-07-16 03:51 --------- d-----w C:\PROGRA~2\Symantec
2008-07-14 22:14 --------- d-----w C:\Program Files\Sun
2008-07-14 22:14 --------- d-----w C:\Program Files\Java
2008-07-08 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 02:14 --------- d-----w C:\Program Files\MagicTune Premium
2008-07-08 02:05 --------- d-----w C:\Program Files\SEC
2008-07-06 22:06 --------- d-----w C:\Program Files\KWorld Multimedia
2008-07-06 20:48 --------- d-----w C:\Program Files\CyberLink
2008-07-06 19:47 --------- d-----w C:\Users\computer\AppData\Roaming\ArcSoft
2008-07-05 01:10 --------- dc-h--w C:\PROGRA~2\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}
2008-07-05 01:10 --------- d-----w C:\Program Files\XPC Tools
2008-07-03 00:10 --------- d-----w C:\Users\computer\AppData\Roaming\uTorrent
2008-07-02 22:37 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-02 05:45 --------- d-----w C:\PROGRA~2\Avg7
2008-07-02 04:39 --------- d-----w C:\PROGRA~2\WinZip
2008-07-02 04:36 --------- d-----w C:\Program Files\Google
2008-06-25 22:14 --------- d-----w C:\Users\computer\AppData\Roaming\Roxio
2008-06-24 22:44 2,036 ----a-w C:\Users\computer\AppData\Roaming\wklnhst.dat
2008-06-24 22:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-24 22:09 --------- d-----w C:\Program Files\Windows Mail
2008-06-24 03:33 --------- d-----w C:\PROGRA~2\Yahoo!
2008-06-24 03:31 --------- d-----w C:\Users\computer\AppData\Roaming\Yahoo!
2008-06-21 16:42 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-06-21 05:26 --------- d-----w C:\Users\computer\AppData\Roaming\HP
2008-06-21 05:23 --------- d-----w C:\PROGRA~2\WEBREG
2008-06-21 05:22 --------- d-----w C:\PROGRA~2\HP
2008-06-21 05:19 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-06-21 05:12 --------- d-----w C:\Users\computer\AppData\Roaming\HPAppData
2008-06-21 05:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-21 05:11 --------- d-----w C:\Program Files\HP
2008-06-21 05:09 --------- d-----w C:\PROGRA~2\HP Product Assistant
2008-06-21 05:05 --------- d-----w C:\Program Files\Common Files\HP
2008-06-15 21:52 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-06-15 03:37 --------- d-----w C:\Program Files\MSI
2008-06-14 00:56 --------- d-----w C:\PROGRA~2\Roxio
2008-06-14 00:35 --------- d-----w C:\Program Files\LimeWire
2008-06-13 18:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 18:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 18:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 18:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 18:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 18:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 18:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 18:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 18:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-06-13 00:45 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-11 03:30 --------- d-----w C:\Program Files\D-Link
2008-06-11 02:14 --------- d-----w C:\Program Files\Zone Labs
2008-06-10 02:20 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys
2008-06-10 02:20 --------- d-----w C:\Program Files\Rhapsody
2008-06-09 02:58 --------- d-----w C:\Users\computer\AppData\Roaming\LimeWire
2008-06-09 00:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 00:34 --------- d-----w C:\PROGRA~2\WildTangent
2008-06-08 23:30 --------- d-----w C:\Users\computer\AppData\Roaming\Logitech
2008-06-08 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-08 23:25 --------- d-----w C:\Program Files\Logitech
2008-06-08 23:24 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-08 23:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-06-08 23:19 --------- d-----w C:\PROGRA~2\Logitech
2008-06-03 21:23 --------- d-----w C:\Program Files\QuickMediaConverter
2008-05-30 16:10 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-30 16:10 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-05-30 16:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-05-30 16:10 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-30 16:10 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-30 16:10 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-05-30 16:10 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-05-30 16:10 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-30 16:10 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-30 16:09 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-30 16:09 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-30 16:08 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-30 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-30 16:08 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-30 16:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-30 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2007-08-30 12:45 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 03:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]
2008-03-26 14:38 641464 --a------ C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Users\computer\Desktop\CCleaner.exe" [2008-02-20 10:15 816368]
"BearSharePersonalization"="C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe" [2008-03-26 14:38 1237944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 15:19 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 18:52 1232896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 20:15 221184]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-06-26 05:11 2294272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 07:34 155648]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2006-12-06 14:38 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 20:00 312240]
"LXDDCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 18:05 102400]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 16:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 16:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 16:13 81920]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 19:32 20480]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 18:34 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-02 00:37 1862144]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 20:15 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 15:19:30 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-08 19:25:51 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-08 19:20:01 688128]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-07-07 22:05:51 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\Windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
--a------ 2006-09-01 13:09 1880064 C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
--a------ 2008-06-26 05:11 2294272 C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-02-12 19:58 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E6531C2-B399-44CA-BC1D-4CD79823CB52}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CAD34EF-E124-4DD9-9883-0E29B2ED7927}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9F7E84A9-071F-45FF-9022-D14A35FFA3D3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F8A0DDD3-D478-40BC-8484-88E7BC24D1A8}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{774B8BB8-7F4A-4A85-A913-65349596E1E8}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{A98B5BDF-E018-4912-A954-14ACB46B03BE}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{A7C1907E-1AC8-4DCA-B374-BF0751B844A2}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F649F75D-C971-4068-ADFA-5A0C9326E116}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{0B25BECC-81FB-4E10-B368-AD669340244C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{82D6A7D6-EE19-4E46-AA39-D5464126C25B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7B306AEE-94C2-448A-BEBA-24DD03B0E3F2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{687EB77F-F220-4FF7-B6A6-2886D613F231}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{602313D3-1AEB-4D74-B01B-EAFA412B08A7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{344181C1-4BF3-47DF-9FC2-E520B0E2629E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{42FDFFA6-7E31-4507-83D6-4E10B15A1CDC}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E0B2AE1D-EF93-4489-A114-D30A198B94A4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{1F913502-B2D9-4436-89FD-BC3D2B4DAA95}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AA1A4082-A9DE-4F9F-8587-FA490F82B4E8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{98A9E126-CCB0-4221-8F60-1A7CCBF692DB}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= UDP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"UDP Query User{B3A438C2-2C28-41E7-A7D0-C8227A359779}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= TCP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"{55030AC9-9490-4FD6-B35A-89A5415B02E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50250265-DDD1-4685-983B-D9B1D4E4B02B}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{894CD28C-5F87-4E9C-ADD6-C481AF91D579}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{32C6BF36-2F0B-477F-A90F-C4A0AE2ADFFA}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{336665F3-CF9D-428D-AFFB-8C4313B6033F}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{30D94CA5-A458-49A0-BBC9-B52D3FBF5113}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{630F3290-43C4-49B3-A412-DF462AB4CF46}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{8F76CF84-6515-4B87-ADBE-768CE66DC1D5}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{8474174B-7663-4745-818B-6919ACB14E86}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{2DE4CE91-1CFB-4650-96CF-45D9BE1C89FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21C366A4-DCFC-46D9-AAAF-A1BD57B218ED}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80D22383-C0AC-4339-96E7-3E3409AC4891}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFC50077-96A9-4C4A-B609-2CE69B32DE2A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BAB79A46-9735-4565-A267-C5DEA2C3E279}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{006F58E7-BFEB-401F-A4E2-FA15BB47180A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{96E362D6-3105-4BC4-88C2-C8FBFE7681AC}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{09BEF76A-4EB1-4F19-BCC7-64EA391A99ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{028A5674-424F-43C9-8D1C-31EDC93D36D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4D35C67F-F578-44A1-AE62-591F507BD390}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B57ABD4-2D1B-44D9-8514-58116D45663D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1DAE39D8-F286-4B96-9217-3DE2A554E66D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C26A2D6D-65F6-4B65-BBE5-26D551F17AD9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D8144528-5812-4F0D-885C-14596EC3C42E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7295B5E5-6BFF-4EEF-9099-66F65B4D10F9}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{93D29F94-8312-405F-9A83-E859728710A7}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction
"UDP Query User{1E7456BF-E56A-433A-BE96-347FCA3742A6}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080729.001\IDSvix86.sys [2008-06-03 15:53]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-12 19:59]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\A5AGU.sys [2006-05-08 20:10]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-29 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - computer.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 13:19]

2008-06-07 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - computer.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2008-08-01 C:\Windows\Tasks\User_Feed_Synchronization-{534B33F1-A093-4594-A57F-3CA935647300}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 05:45]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CamWizard - C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
MSConfigStartUp-D-Link Wireless G WUA-1340 - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
MSConfigStartUp-LVCOMSX - C:\Windows\system32\LVCOMSX.EXE
MSConfigStartUp-Picasa Media Detector - C:\Users\computer\Desktop\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PVR Agent - C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = https://www.google.com/a/sounddes.com/S ... mplcache=2
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 23:39:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-31 23:41:34
ComboFix-quarantined-files.txt 2008-08-01 03:41:20

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 121,569,779,712 bytes free

330 --- E O F --- 2008-07-04 07:02:20
________________________________________________________

THE UNINSTALL LIST

AppCore
ccCommon
Component Framework
HijackThis 2.0.2
Java(TM) 6 Update 7
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
MagicTune Premium
Malwarebytes' Anti-Malware
Natural Color Pro
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
SPBBC 32bit

__________________________________________________________

FRESH HIJACK THIS LOG

Malwarebytes' Anti-Malware 1.24
Database version: 1014
Windows 6.0.6000

11:12:42 PM 31/07/2008
mbam-log-7-31-2008 (23-12-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152760
Time elapsed: 57 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 24
Registry Values Infected: 6
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dcf374fa-3b88-4da5-b11e-e3986e60e050} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{786a6394-50f1-48cd-93ee-4ed4f5fe8662} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ee7a2769-965a-4f81-ba54-07391b28f6f6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a79f34c7-7417-43ab-99eb-06c8057b88c8} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01ac48c9-9646-4608-b16c-57aff893bcb3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SEC (Rogue.SecureExpertCleaner) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07edfdfd-6c70-4a41-bf5b-42cff83c55d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{314e0b3c-4f96-465c-b3e2-dc2333adca0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43c32b77-6a04-493b-85d1-87e9e068f675} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{45d8ff5b-af6f-4b26-b438-84407b97aafb} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91a2ea3f-44a0-4e88-beef-11137707e7c3} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.btqd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3255f941 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{f8ac36d7-f602-4b69-99b5-2a812e05779f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayvuljk -> Delete on reboot.

Folders Infected:
C:\Program Files\VirusRemover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\yayvUljK.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\KjlUvyay.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\KjlUvyay.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awttRJAR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\RAJRttwa.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\opnkliHw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wHilknpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\uelnytkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gktynleu.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wVPIXRIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\aIRXIPVw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\urqnNfFy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\stxifxpy.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\nnnkJDtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\wbxdpgfelge.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGYFW0KB\kb456456[1] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UWJY2YEI\kb767887[2] (Trojan.Vundo) -> Delete on reboot.
C:\Users\computer\AppData\Local\Temp\byXPghii.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\chxpgtwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\ckommpsk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\dlaotuvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\efcBttsT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\gbglwanq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\goxxyohu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\mlJBTjiG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\vtUooLFu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wnjbgfgk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\wvUlKaXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\xxyXqopn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnryjwfa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\rqrRhfda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp000115b1 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00011802 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00012174 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001251c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001498d (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp00016f07 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\tmp0001753e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\computer\AppData\Local\Temp\nnnmNdBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\elvqco.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\enkpdbcq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\llewjuoe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\awtqQKeB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\gffjsbbo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\hotcmw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\iadrdb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\mmnetfry.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\ofywmo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\phizpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\tvmefh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\txujux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\udnrdxoq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\vqamgolt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wmfpncrd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wuupffnw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zcowkv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fdxbameg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
___________________________________________________________

ComboFix 08-07-31.01 - computer 2008-07-31 23:35:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.1291 [GMT -4:00]
Running from: C:\Users\computer\Downloads\ComboFix.exe
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\#SharedObjects\F6PG9YWA\interclick.com\ud.sol
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\computer\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\AutoRun.inf
C:\Windows\system32\byxkoesb.ini
C:\Windows\system32\ctbiysom.ini
C:\Windows\system32\dcqoehly.ini
C:\Windows\system32\embpwxgp.ini
C:\Windows\system32\idsqtuua.ini
C:\Windows\system32\lysjrsms.ini
C:\Windows\system32\psogxvdy.ini
C:\Windows\system32\rfoipenx.ini
C:\Windows\system32\ufeqnqge.ini
C:\Windows\system32\utqdhvbu.ini
C:\Windows\system32\x64
C:\Windows\system32\yayvUljK.dll
C:\Windows\wbxdpgfelge.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 03:11 --------- d-----w C:\Program Files\Lx_cats
2008-08-01 02:09 --------- d-----w C:\Users\computer\AppData\Roaming\Malwarebytes
2008-08-01 02:08 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 02:08 --------- d-----w C:\PROGRA~2\Malwarebytes
2008-07-31 22:39 --------- d-----w C:\PROGRA~2\Google Updater
2008-07-31 00:07 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-07-31 00:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-23 22:48 --------- d-----w C:\Program Files\Trend Micro
2008-07-16 21:34 --------- d-----w C:\Program Files\Norton AntiVirus
2008-07-16 21:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-16 21:30 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-07-16 21:30 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-07-16 21:30 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-07-16 21:30 --------- d-----w C:\Program Files\Symantec
2008-07-16 03:51 --------- d-----w C:\PROGRA~2\Symantec
2008-07-14 22:14 --------- d-----w C:\Program Files\Sun
2008-07-14 22:14 --------- d-----w C:\Program Files\Java
2008-07-08 02:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-08 02:14 --------- d-----w C:\Program Files\MagicTune Premium
2008-07-08 02:05 --------- d-----w C:\Program Files\SEC
2008-07-06 22:06 --------- d-----w C:\Program Files\KWorld Multimedia
2008-07-06 20:48 --------- d-----w C:\Program Files\CyberLink
2008-07-06 19:47 --------- d-----w C:\Users\computer\AppData\Roaming\ArcSoft
2008-07-05 01:10 --------- dc-h--w C:\PROGRA~2\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}
2008-07-05 01:10 --------- d-----w C:\Program Files\XPC Tools
2008-07-03 00:10 --------- d-----w C:\Users\computer\AppData\Roaming\uTorrent
2008-07-02 22:37 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-07-02 05:45 --------- d-----w C:\PROGRA~2\Avg7
2008-07-02 04:39 --------- d-----w C:\PROGRA~2\WinZip
2008-07-02 04:36 --------- d-----w C:\Program Files\Google
2008-06-25 22:14 --------- d-----w C:\Users\computer\AppData\Roaming\Roxio
2008-06-24 22:44 2,036 ----a-w C:\Users\computer\AppData\Roaming\wklnhst.dat
2008-06-24 22:18 --------- d-----w C:\Program Files\Yahoo!
2008-06-24 22:09 --------- d-----w C:\Program Files\Windows Mail
2008-06-24 03:33 --------- d-----w C:\PROGRA~2\Yahoo!
2008-06-24 03:31 --------- d-----w C:\Users\computer\AppData\Roaming\Yahoo!
2008-06-21 16:42 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-06-21 05:26 --------- d-----w C:\Users\computer\AppData\Roaming\HP
2008-06-21 05:23 --------- d-----w C:\PROGRA~2\WEBREG
2008-06-21 05:22 --------- d-----w C:\PROGRA~2\HP
2008-06-21 05:19 --------- d-----w C:\PROGRA~2\Hewlett-Packard
2008-06-21 05:12 --------- d-----w C:\Users\computer\AppData\Roaming\HPAppData
2008-06-21 05:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-21 05:11 --------- d-----w C:\Program Files\HP
2008-06-21 05:09 --------- d-----w C:\PROGRA~2\HP Product Assistant
2008-06-21 05:05 --------- d-----w C:\Program Files\Common Files\HP
2008-06-15 21:52 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-06-15 03:37 --------- d-----w C:\Program Files\MSI
2008-06-14 00:56 --------- d-----w C:\PROGRA~2\Roxio
2008-06-14 00:35 --------- d-----w C:\Program Files\LimeWire
2008-06-13 18:14 24,112 ----a-w C:\Windows\system32\drivers\SymIMV.sys
2008-06-13 18:14 13,093 ----a-w C:\Windows\system32\drivers\SymRedir.cat
2008-06-13 18:14 1,611 ----a-w C:\Windows\system32\drivers\SymRedir.inf
2008-06-13 18:13 96,432 ----a-w C:\Windows\system32\drivers\symfw.sys
2008-06-13 18:13 41,008 ----a-w C:\Windows\system32\drivers\symndisv.sys
2008-06-13 18:13 38,576 ----a-w C:\Windows\system32\drivers\symids.sys
2008-06-13 18:13 22,320 ----a-w C:\Windows\system32\drivers\symredrv.sys
2008-06-13 18:13 184,240 ----a-w C:\Windows\system32\drivers\symtdi.sys
2008-06-13 18:13 13,616 ----a-w C:\Windows\system32\drivers\symdns.sys
2008-06-13 00:45 --------- d-----w C:\PROGRA~2\NVIDIA
2008-06-11 03:30 --------- d-----w C:\Program Files\D-Link
2008-06-11 02:14 --------- d-----w C:\Program Files\Zone Labs
2008-06-10 02:20 8,413 ----a-w C:\Windows\system32\drivers\mcstrm.sys
2008-06-10 02:20 --------- d-----w C:\Program Files\Rhapsody
2008-06-09 02:58 --------- d-----w C:\Users\computer\AppData\Roaming\LimeWire
2008-06-09 00:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-09 00:34 --------- d-----w C:\PROGRA~2\WildTangent
2008-06-08 23:30 --------- d-----w C:\Users\computer\AppData\Roaming\Logitech
2008-06-08 23:25 127,034 ------r C:\Windows\bwUnin-8.1.1.50-8876480SL.exe
2008-06-08 23:25 --------- d-----w C:\Program Files\Logitech
2008-06-08 23:24 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-06-08 23:20 --------- d-----w C:\Program Files\Common Files\Logitech
2008-06-08 23:19 --------- d-----w C:\PROGRA~2\Logitech
2008-06-03 21:23 --------- d-----w C:\Program Files\QuickMediaConverter
2008-05-30 16:10 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-30 16:10 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-05-30 16:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-05-30 16:10 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-30 16:10 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-30 16:10 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-05-30 16:10 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-05-30 16:10 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-30 16:10 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-30 16:09 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-30 16:09 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-30 16:08 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-30 16:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-30 16:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-30 16:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-30 16:08 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-30 16:08 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-30 16:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-30 16:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-30 16:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2007-08-30 12:45 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 03:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD1849EA-8403-4441-8DFF-7575AAE1DC16}]
2008-03-26 14:38 641464 --a------ C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Users\computer\Desktop\CCleaner.exe" [2008-02-20 10:15 816368]
"BearSharePersonalization"="C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe" [2008-03-26 14:38 1237944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:34 201728]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 15:19 68856]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-26 18:52 1232896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 20:15 221184]
"DriverUpdaterPro"="C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-06-26 05:11 2294272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 11:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 07:34 155648]
"DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [2006-12-06 14:38 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 20:00 312240]
"LXDDCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 18:05 102400]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-28 16:14 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-28 16:17 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-28 16:13 81920]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 19:32 20480]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 18:34 49152]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-02 00:37 1862144]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 20:15 81920]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-07-30 20:07 1187448]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\Windows\KHALMNPR.Exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-01 15:19:30 124400]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-06-08 19:25:51 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-08 19:20:01 688128]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-07-07 22:05:51 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\Windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
--a------ 2006-09-01 13:09 1880064 C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
--a------ 2008-06-26 05:11 2294272 C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-07-25 16:06 2027792 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
--a------ 2007-02-12 19:58 291760 C:\Program Files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\Windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4E6531C2-B399-44CA-BC1D-4CD79823CB52}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9CAD34EF-E124-4DD9-9883-0E29B2ED7927}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9F7E84A9-071F-45FF-9022-D14A35FFA3D3}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F8A0DDD3-D478-40BC-8484-88E7BC24D1A8}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{774B8BB8-7F4A-4A85-A913-65349596E1E8}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{A98B5BDF-E018-4912-A954-14ACB46B03BE}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{A7C1907E-1AC8-4DCA-B374-BF0751B844A2}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F649F75D-C971-4068-ADFA-5A0C9326E116}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{0B25BECC-81FB-4E10-B368-AD669340244C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{82D6A7D6-EE19-4E46-AA39-D5464126C25B}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7B306AEE-94C2-448A-BEBA-24DD03B0E3F2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{687EB77F-F220-4FF7-B6A6-2886D613F231}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{602313D3-1AEB-4D74-B01B-EAFA412B08A7}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{344181C1-4BF3-47DF-9FC2-E520B0E2629E}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{42FDFFA6-7E31-4507-83D6-4E10B15A1CDC}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{E0B2AE1D-EF93-4489-A114-D30A198B94A4}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{1F913502-B2D9-4436-89FD-BC3D2B4DAA95}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{AA1A4082-A9DE-4F9F-8587-FA490F82B4E8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{98A9E126-CCB0-4221-8F60-1A7CCBF692DB}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= UDP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"UDP Query User{B3A438C2-2C28-41E7-A7D0-C8227A359779}C:\\users\\computer\\desktop\\age of empires ii\\empires2.exe"= TCP:C:\users\computer\desktop\age of empires ii\empires2.exe:empires2.exe
"{55030AC9-9490-4FD6-B35A-89A5415B02E4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50250265-DDD1-4685-983B-D9B1D4E4B02B}"= UDP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{894CD28C-5F87-4E9C-ADD6-C481AF91D579}"= TCP:C:\Windows\System32\lxddcoms.exe:Lexmark Communications System
"{32C6BF36-2F0B-477F-A90F-C4A0AE2ADFFA}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{336665F3-CF9D-428D-AFFB-8C4313B6033F}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddmon.exe:Device Monitor
"{30D94CA5-A458-49A0-BBC9-B52D3FBF5113}"= UDP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{630F3290-43C4-49B3-A412-DF462AB4CF46}"= TCP:C:\Program Files\Lexmark 2500 Series\lxddamon.exe:Lexmark Device Monitor
"{8F76CF84-6515-4B87-ADBE-768CE66DC1D5}"= UDP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{8474174B-7663-4745-818B-6919ACB14E86}"= TCP:C:\Program Files\Lexmark 2500 Series\App4R.exe:Lexmark Imaging Studio
"{2DE4CE91-1CFB-4650-96CF-45D9BE1C89FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{21C366A4-DCFC-46D9-AAAF-A1BD57B218ED}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{80D22383-C0AC-4339-96E7-3E3409AC4891}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{DFC50077-96A9-4C4A-B609-2CE69B32DE2A}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BAB79A46-9735-4565-A267-C5DEA2C3E279}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{006F58E7-BFEB-401F-A4E2-FA15BB47180A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{96E362D6-3105-4BC4-88C2-C8FBFE7681AC}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{09BEF76A-4EB1-4F19-BCC7-64EA391A99ED}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{028A5674-424F-43C9-8D1C-31EDC93D36D2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4D35C67F-F578-44A1-AE62-591F507BD390}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2B57ABD4-2D1B-44D9-8514-58116D45663D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1DAE39D8-F286-4B96-9217-3DE2A554E66D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C26A2D6D-65F6-4B65-BBE5-26D551F17AD9}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{D8144528-5812-4F0D-885C-14596EC3C42E}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7295B5E5-6BFF-4EEF-9099-66F65B4D10F9}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{93D29F94-8312-405F-9A83-E859728710A7}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= UDP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction
"UDP Query User{1E7456BF-E56A-433A-BE96-347FCA3742A6}C:\\program files\\lexmark 2500 series\\lxddamon.exe"= TCP:C:\program files\lexmark 2500 series\lxddamon.exe:Device Monitor Appliaction

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080729.001\IDSvix86.sys [2008-06-03 15:53]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02]
R2 lxdd_device;lxdd_device;C:\Windows\system32\lxddcoms.exe [2007-02-12 19:59]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 14:13]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\A5AGU.sys [2006-05-08 20:10]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 16:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-29 C:\Windows\Tasks\Norton AntiVirus - Run Full System Scan - computer.job
- C:\Program Files\Norton AntiVirus\Navw32.exe [2007-08-26 13:19]

2008-06-07 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - computer.job
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe []

2008-08-01 C:\Windows\Tasks\User_Feed_Synchronization-{534B33F1-A093-4594-A57F-3CA935647300}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 05:45]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CamWizard - C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe
MSConfigStartUp-D-Link Wireless G WUA-1340 - C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
MSConfigStartUp-LVCOMSX - C:\Windows\system32\LVCOMSX.EXE
MSConfigStartUp-Picasa Media Detector - C:\Users\computer\Desktop\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-PVR Agent - C:\Program Files\MSI\TV@Anywhere Plus\TVR\Scheduled.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = https://www.google.com/a/sounddes.com/S ... mplcache=2
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
C:\Windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 23:39:47
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-31 23:41:34
ComboFix-quarantined-files.txt 2008-08-01 03:41:20

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 121,569,779,712 bytes free

330 --- E O F --- 2008-07-04 07:02:20
___________________________________________________________

AppCore
ccCommon
Component Framework
HijackThis 2.0.2
Java(TM) 6 Update 7
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
MagicTune Premium
Malwarebytes' Anti-Malware
Natural Color Pro
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton Internet Security
Norton Protection Center
OpenOffice.org Installer 1.0
SPBBC 32bit

___________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:25 PM, on 31/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/sounddes.com/S ... mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ccleaner] "C:\Users\computer\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mechanicbrain69.spaces.live.com/ ... den-ca.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12229 bytes

Thanks again and Godbless!!!!

Much appreciated,
Ted

by **Carolyn** » August 1st, 2008, 1:56 pm

Hi Ted,

Download CCleaner from here and save it to your desktop.

Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

Right-click on CCleaner and select Run as administrator.
Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
Then select the items you wish to clean up.
- In the Windows Tab:
  - Clean all entries in the Internet Explorer section except Cookies
  - Clean all the entries in the Windows Explorer section
  - Clean all entries in the System section
  - Clean all entries in the Advanced section
  - Clean any others that you choose
- In the Applications Tab:
  - Clean all except cookies in the Firefox/Mozilla section if you use it
  - Clean all in the Opera section if you use it
  - Clean Sun Java in the Internet Section
  - Clean any others that you choose
Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO

CCleaner should be run with the above settings for each User Account!

Retrieve the Installed Programs List from CCleaner
If it's not already running, right-click on CCleaner and select Run as administrator.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.

Please post the content of install.txt in your next reply.

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post the CCleaner Installed Programs List, the Kaspersky log, a fresh HijackThis log and a description of how your computer is behaving.

by **pogz3ffata** » August 1st, 2008, 9:02 pm

Hi Carolyn,

When I use my internet after work, there's a lot of change eg:
no more suspicious flash pictures on AD area
no more "Insecure internet activity. Threat of virus attack" showing
no more hang-up
and I feel faster now....

Ok here's my latest post:

CCleaner Installed Programs List

µTorrent
32 Bit HP CIO Components Installer
A520
A520_doccd
A520_Help
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Adobe Reader 8.1.2
BufferChm
CCleaner (remove only)
CDDRV_Installer
Converter
CustomerResearchQFolder
DeviceDiscovery
DeviceManagementQFolder
Driver Updater Pro
eSupportQFolder
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
HP Customer Feedback
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Total Care Advisor
HPProductAssistant
HPSSupply
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalSetup
LightScribe 1.4.136.1
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Communications Manager
Logitech QuickCam
MagicTune Premium
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
Natural Color Pro
Norton AntiVirus (Symantec Corporation)
Norton Internet Security
OpenOffice.org Installer 1.0
PanoStandAlone
ps_app_npi_ProductContext
ps_app_npi_software
ps_app_npi_software_req
PSSWCORE
RangeBooster G WUA-2340
Rhapsody Player Engine
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SolutionCenter
Sonic Activation Module
Status
Toolbox
TrayApp
UnloadSupport
VideoToolkit01
WebReg
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
WinZip 11.2
Yahoo! Toolbar
___________________________________________________________

The Kaspersky Log is Zero infection...

___________________________________________________________

Fresh HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:45 PM, on 01/08/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/a/sounddes.com/S ... mplcache=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: BearSharePersonalization - {DD1849EA-8403-4441-8DFF-7575AAE1DC16} - C:\Program Files\BearShare Applications\Personalization\BearSharePersonalizationIE_v1044.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ccleaner] "C:\Users\computer\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BearSharePersonalization] "C:\Program Files\BearShare Applications\Personalization\BearSharePersonalization.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... den-ca.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mechanicbrain69.spaces.live.com/ ... den-ca.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12588 bytes
:bounce:

Thank you very much.....

Regards,
Ted

by **Carolyn** » August 2nd, 2008, 5:01 pm

Hello,

Delete old Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Go to start > control panel > programs and features.
Right click on each instance of:

Java(TM) 6 Update 2
Java(TM) 6 Update 5
Click Uninstall & then follow the prompts to remove it.
Close any programs you may have running - especially your web browser.
Right click on jre-6u7-windows-i586-p.exe and select Run As Administrator to install Java.
Reboot your computer.

Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available.

Please go to this link Adobe Acrobat Reader Download Link
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Programs and Features and uninstall all previous versions.

With reference to Malware Removal P2P Programs Policy, please uninstall the following program:

Click on Start > Control Panel and double click on Programs and Features.
Locate µTorrent and click on the Uninstall button to uninstall it.
Close Control Panel when done.

This is my general post for when your logs show no more signs of malware

- Please let me know if you still are having problems with your computer and what these problems are

Your log now appears to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints. You need to be registered to post as, unfortunately, we were hit with too many spam posts to allow guest posting to continue. Just find your country room and register your complaint.

Delete ComboFix and Clean Up

Start

Run

combofix /u

OK

Please advise if this step is missed for any reason as it performs some important actions.

Protection Programs

General Security and Computer Health

Set correct settings for files
- Click Start > Computer > Organize menu (at top of page) > Folder and Search Options > View tab.
- Under Hidden files and folders if necessary select Do not show hidden files and folders.
- If unchecked please check Hide protected operating system files (Recommended)
- If necessary check Display content of system folders
- If necessary Uncheck Hide file extensions for known file types.
- Click OK
Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab.
Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
Make Internet Explorer More Secure
You are using Internet Explorer v. 7. Therefore please read and follow the recommendations at this SITE

Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. It includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.You can download Malwarebytes' Anti-Malware from HERE. You can find a tutorial HERE.
Hosts File
For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.

Be sure to disable the service "DNS Client" FIRST to allow the use of large HOSTS files without slowdowns.
If this isn't done first, the next reboot may take a VERY LONG TIME.
This is how to do it. First be sure you are signed in as a user with administrative privileges:

Stop and Disable the DNS Client Service
Go to Start, in the Start Search box type Run, when the run window opens type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Right-Click on the DNS Client Service. Choose Properties
Select the General tab. Click on the Stop button.
Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK
Use an alternative Internet Browser
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox
Opera

Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

by **pogz3ffata** » August 4th, 2008, 7:18 pm

Hello Carolyn,

I can't uninstall Java(TM) 6 Update 2 and 5. No info showing if I press
right click of my mouse. I don't know what to do and I can't change to run as Administrator on my PC...

Should I continue to next step?

Thanks a lot!
Ted

by **Carolyn** » August 4th, 2008, 9:30 pm

Hi Ted,

No, do not continue with those steps.

I don't know what to do and I can't change to run as Administrator on my PC...

Can you elaborate please? Are you unable to log into an account with Administrator priviledges? Are you not set up as an Administrator on the computer?

by **pogz3ffata** » August 6th, 2008, 7:37 pm

Hello,

Sorry for delayed reply...

Sorry but I don't know how to run my Comp as administrator.
The icon for Java update 2 and 5 are like window folder but the
Java udate 7 is their LOGO. I don't think those two are installed.
Some of my program can be uninstall like HijackThis, Norton,and
Winzip but the rest when I click no uninstall pop-up on tool bar and no pop-up when right click the program.

I give you hard time and I don't know how to unstall and we stuck on this situation....

I owe you big time Carolyn...

Take care....

Thanks,
Ted

Free Malware Removal Forum

Very Slow PC and always Hangs up, HJT included

Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Re: Very Slow PC and always Hangs up, HJT included

Who is online