Infected with viruses/malware

[HelpPlease2009]

(I am running a Windows XP operating system)

Hello, I recently downloaded a file off a network that has given me a virus. It was detected in the temp folder and began to multiply. It keeps opening browsers trying to run a "malware scan" (the fake ad kind). I've been told by windows that "windows has detected that some of your MS and windows files are corrupted".

I also got a message saying that "harmful programs" may have been installed on my system.

As I type this, things are trying to open and I don't know how much longer this comp is going to live.

Some scripts were activating and I caught an exe filof one of them, it reads "o7amvmqwxxo.exe".

My background has changed to a black screen tha reads "Dangerous Spyware Many viruses were found on your computer such as : Trojan Horse, PassCapture, etc. Your personal information can fall into "third hands". Please check up the computer with a special software. Thank"....that is what it reads verbatim, grammar/spelling errors intact.

Here is my hijackthis log (I had to ommit out the lines with links in them as the forum said I needed a post count of "5" to post them, the links were to the macafee website and my sound cards website, I don't think related to the virus):

 

[HelpPlease2009]

Whole log won't fit in one post

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:34 PM, on 3/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\DOCUME~1\Fred\LOCALS~1\Temp\winlogqn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy6.2\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.EXE
C:\DOCUME~1\Fred\LOCALS~1\Temp\zfieijxjijt3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wuauclt.exe,
O2 - BHO: (no name) - {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - C:\WINDOWS\system32\nnnmlKAr.dll
O2 - BHO: C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll - {c5bf40a2-94f3-42bd-f434-1604812c8955} - C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [McAfeeFireTray] C:\PROGRA~1\NETWOR~1\MCAFEE~1\Firetray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy6.2\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [kjahrfoi37rljanfaw3il7fhjd3f] C:\DOCUME~1\Fred\LOCALS~1\Temp\winlogqn.exe
O4 - HKCU\..\Run: [txoht1bgjpmhyf5kaqkgof0pioe5clkwt5sd20keu4] C:\DOCUME~1\Fred\LOCALS~1\Temp\xywppn90isv.exe
O4 - Startup: wuauclt.exe.lnk = C:\WINDOWS\system32\wuauclt.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1.2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\fred\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\fred\locals~1\temp\ntdll64.dll

 

[HelpPlease2009]

O18 - Protocol: bw+0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

 

[HelpPlease2009]

O18 - Protocol: bwp0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E047FE26-8AD7-4961-BED7-9DAD939A88D3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fpfstb.dll
O20 - Winlogon Notify: nnnmlkar - C:\WINDOWS\SYSTEM32\nnnmlKAr.dll
O20 - Winlogon Notify: __c0060209 - C:\WINDOWS\system32\__c0060209.dat
O22 - SharedTaskScheduler: klj3r93iorkemnfaja93riemef - {C5BF40A2-94F3-42BD-F434-1604812C8955} - C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - McAfee, Inc. - C:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 25096 bytes


Any help would be greatly appreciated, thanks.

 

[HelpPlease2009]

Here is my malwarebytes log file:

Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 5.1.2600 Service Pack 3

3/15/2009 6:39:37 PM
mbam-log-2009-03-15 (18-39-34).txt

Scan type: Quick Scan
Objects scanned: 71112
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 8
Folders Infected: 1
Files Infected: 23

Memory Processes Infected:
C:\Documents and Settings\Fred\Local Settings\Temp\winlogqn.exe (Trojan.Agent) -> No action taken.

Memory Modules Infected:
C:\WINDOWS\system32\nnnmlKAr.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\cisjyomj.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\__c0060209.dat (Trojan.Agent) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmlkar (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5bf40a2-94f3-42bd-f434-1604812c8955} (Trojan.Zlob.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zqyaxurbw (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zqyaxurbw (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zqyaxurbw (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf40a2-94f3-42bd-f434-1604812c8955} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf40a2-94f3-42bd-f434-1604812c8955} (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0060209 (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf40a2-94f3-42bd-f434-1604812c8955} (Trojan.Zlob.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kjahrfoi37rljanfaw3il7fhjd3f (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Documents and Settings\Fred\Application Data\nidle (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\nnnmlKAr.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kjr3iorojdnbfi43unjfd.dll (Trojan.Zlob.H) -> No action taken.
c:\WINDOWS\cisjyomj.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Fred\Local Settings\Temp\winlogqn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Fxucohuxew.dll (Trojan.FakeAlert) -> No action taken.
C:\qqqtuvqb.exe (Trojan.Hiloti) -> No action taken.
C:\uslns.exe (Spyware.Passwords) -> No action taken.
C:\xrrcprxx.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\Fred\Local Settings\Temp\E70B.tmp (Backdoor.KeyStart) -> No action taken.
C:\Documents and Settings\Fred\Application Data\nidle\nidle.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\QoS.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\__c0060209.dat (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Fred\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Fred\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\senekadhhnwoey.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekalneppnpf.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekasacjmekq.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekavuumnadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\senekaxfialnit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\senekaojntornh.sys (Trojan.Agent) -> No action taken.

 

[mflynn]

OK no more pasting into the thread. Use the Paperclip Icon and attach the logs.

I will address your HJT log after the below.

As evidenced by the "No action taken" in the MBAM log you only exited without cleaning. So run MBAM again and this time remove the Malware! Attach not paste the log.

Then run SAS and attach not paste the log.

Only after all the above attach a new HJT log.

Mike

 

[HelpPlease2009]

OK no more pasting into the thread. Use the Paperclip Icon and attach the logs.

I will address your HJT log after the below.

As evidenced by the "No action taken" in the MBAM log you only exited without cleaning. So run MBAM again and this time remove the Malware! Attach not paste the log.

Then run SAS and attach not paste the log.

Only after all the above attach a new HJT log.

Mike

View attachment 45324

View attachment 45325


Here are the logs

 

[mflynn]

Run HJT Scan only and select and Fix all lines listed below

Any line that has (file missing) and/or (no file) at the END of the line, ONLY at the end and these..

O4 - HKCU\..\Run: [txoht1bgjpmhyf5kaqkgof0pioe5clkwt5sd20keu4] C:\DOCUME~1\Fred\LOCALS~1\Temp\xywppn90isv.exe
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\fpfstb.dll
O20 - Winlogon Notify: nnnmlkar - C:\WINDOWS\

Before we deal with the many LSP entries do the below,

Download Netrepair and run: http://www.xp-smoker.com/downloads/xptcprep.exe

Click Reset TCP/IP first let it finish, Then Click Repair Winsock let it finish the it will offer to restart. So restart!

Now the 8 Steps advised SuperAntiSpyware (SAS) also do do that and attach the log. Then UPDATE and run MBAM again to confirm it found no more. We need a clean log.

Mike

 

[kritius]

O4 - HKCU\..\Run: [txoht1bgjpmhyf5kaqkgof0pioe5clkwt5sd20keu4] C:\DOCUME~1\Fred\LOCALS~1\Temp\xywppn90isv.exe

Mike,

In regards to this line, just managed to get an infection like it removed on another log, HJT won't do it, Use ComboFix and change the name when downloading it.

 

[mflynn]

OK HelpPlease2009

Do as Krititus says above.

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Before running rename Combofix.exe to 12cbf34.exe and run that!

Double click 12cbf34.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Thanks Kritius!

Mike

 

[HelpPlease2009]

OK HelpPlease2009

Do as Krititus says above.

Download ComboFix

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Before running rename Combofix.exe to 12cbf34.exe and run that!

Double click 12cbf34.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Thanks Kritius!

Mike

1 more object was detected

Av-test.txt.Vir C:\quarantine "EICAR test file'

 

[mflynn]

OK so let me see "What" was found by ComboFix run as 12cbfFix.

And did you do the NetRepair from post # 8 ???

You still have issues in HJT and I would like to know if you did run NetRepair!

So post combofix log and answer my question on Netrepair then proceed below.
--------------------------------------------------------------------------------------------------------

Go to Control panel Add/Remove Programs and uninstall Logitech\Desktop Messenger!

Now go here: TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

And do the CClean first followed by SuperAntiSpyWare (SAS).

Get me the SAS log!

Mike