Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn Trojan.vundo


  • This topic is locked This topic is locked
17 replies to this topic

#1 OMG I am SO Fired

OMG I am SO Fired

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 29 November 2007 - 09:03 AM

I have managed stupidly to get a trojan.vundo virus on my computer at work. My OS is Windows NT and I have tried vundo fix and something with begone in the title, both while in safe mode, neither got rid of the virus. My computer finds new files and quarantines some and fails with others each day. I need to get this off my computer before I get fired. Can you please help? Below is my HijackThis log.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:59 AM, on 11/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\D.Robison\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speck-pumps.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: cap (2).lnk = ?
O4 - Startup: cap.lnk = C:\cap.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = speck.local
O18 - Protocol: bw+0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 17149 bytes

BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 29 November 2007 - 09:30 AM

Hello!

Nice to see that you atleast have your Java uptodate ;)

Now:

Please download Combofix to your desktop.
  • Double click on Combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 29 November 2007 - 10:10 AM

ComboFix Log:
ComboFix 07-11-19.4C - D.Robison 11/29/2007 9:55:42.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.28 [GMT -5:00]
Running from: C:\Documents and Settings\D.Robison\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\lmllm.ini
C:\WINNT\system32\lmllm.ini2
C:\WINNT\system32\mllml.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 10:00 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_42c.dat
2007-11-29 08:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-29 08:30 81,465 --a------ C:\WINNT\system32\sfadbwcl.dll
2007-11-29 08:27 77,888 --a------ C:\WINNT\system32\njfyftni.dll
2007-11-29 08:15 71,232 --a------ C:\WINNT\system32\vygrmpqd.exe
2007-11-28 08:23 81,465 --a------ C:\WINNT\system32\pngspwrf.dll
2007-11-28 08:20 81,984 --a------ C:\WINNT\system32\mbermnwm.dll
2007-11-28 08:17 71,232 --a------ C:\WINNT\system32\qeqfvejl.exe
2007-11-27 08:40 <DIR> d-------- C:\VundoFix Backups
2007-11-27 08:09 81,465 --a------ C:\WINNT\system32\nketpgqk.dll
2007-11-27 08:04 71,232 --a------ C:\WINNT\system32\nqssyjwd.exe
2007-11-26 08:05 81,465 --a------ C:\WINNT\system32\dwsgxmka.dll
2007-11-26 07:54 71,232 --a------ C:\WINNT\system32\mlugjayb.exe
2007-11-23 13:19 <DIR> d-------- C:\Program Files\Downloads
2007-11-23 12:39 83,520 --a------ C:\WINNT\system32\qwkrwbid.dll
2007-11-23 12:36 82,825 --a------ C:\WINNT\system32\vmoiduxf.dll
2007-11-23 12:34 71,232 --a------ C:\WINNT\system32\nfqvkheh.exe
2007-11-21 08:05 80,960 --a------ C:\WINNT\system32\qqowxkpm.dll
2007-11-21 08:02 82,825 --a------ C:\WINNT\system32\ofnqjmik.dll
2007-11-21 08:02 71,232 --a------ C:\WINNT\system32\htstader.exe
2007-11-20 10:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-20 05:05 84,544 --a------ C:\WINNT\system32\xkljeocl.dll
2007-11-07 08:54 208,896 --a------ C:\WINNT\system32\wmpns.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 21:12 --------- d-----w C:\Program Files\Google
2007-11-07 16:29 --------- d-----w C:\Program Files\DYMO Label
2007-10-03 13:04 --------- d-----w C:\Program Files\Java
2007-08-24 17:39 217,088 ---ha-w C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT
2006-10-20 14:40 46,416 ----a-w C:\Documents and Settings\Station 20\Application Data\GDIPFONTCACHEV1.DAT
2006-10-20 14:40 46,416 ----a-w C:\Documents and Settings\D.Robison\Application Data\GDIPFONTCACHEV1.DAT
2006-06-09 18:22 271 ---h--w C:\Program Files\desktop.ini
2006-06-09 18:22 21,952 ---h--w C:\Program Files\folder.htt
2003-06-20 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [05-03-21 15:13 C:\WINNT\system32\CTFMON.EXE]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07-08-31 16:46 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 07:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [05-11-11 01:07 C:\WINNT\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [05-03-07 14:33 C:\WINNT\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [05-10-31 15:15 C:\WINNT\system32\VTTrayp.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [03-05-21 00:21 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-24 02:24 ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"ITPIPSetup"="E:\setupstb.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-05-11 02:06 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-20 07:00 ]

C:\Documents and Settings\Station 20\Start Menu\Programs\Startup\
cap (2).lnk - F:\cap.bat [2007-04-14 14:16:06]
cap.lnk - C:\cap.bat [2006-07-13 07:45:50]

C:\Documents and Settings\D.Robison\Start Menu\Programs\Startup\
cap (2).lnk - F:\cap.bat [2007-04-14 14:16:06]
cap.lnk - C:\cap.bat [2006-07-13 07:45:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-24 06:47:33]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-03 14:32:55]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2006-06-15 08:33:57]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
C:\WINNT\system32\NavLogon.dll 03-05-21 00:19 45056 C:\WINNT\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\mllml.dll

R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 10:01:15
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 10:01:51 - machine was rebooted
.
--- E O F ---



HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02, on 2007-11-29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\notepad.exe
C:\Documents and Settings\D.Robison\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speck-pumps.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: cap (2).lnk = ?
O4 - Startup: cap.lnk = C:\cap.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = speck.local
O18 - Protocol: bw+0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 17548 bytes

#4 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 29 November 2007 - 10:51 AM

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#5 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 29 November 2007 - 12:43 PM

Vundo Fix said nothing was found. I cannot find a log file for it...here is my latest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40, on 2007-11-29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\D.Robison\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speck-pumps.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: cap (2).lnk = ?
O4 - Startup: cap.lnk = C:\cap.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = speck.local
O18 - Protocol: bw+0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 17507 bytes

#6 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 29 November 2007 - 03:31 PM

( 1 )

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::
C:\WINNT\system32\sfadbwcl.dll
C:\WINNT\system32\njfyftni.dll
C:\WINNT\system32\mbermnwm.dll
C:\WINNT\system32\qeqfvejl.exe
C:\WINNT\system32\nketpgqk.dll
C:\WINNT\system32\nqssyjwd.exe
C:\WINNT\system32\dwsgxmka.dll
C:\WINNT\system32\mlugjayb.exe
C:\WINNT\system32\qwkrwbid.dll
C:\WINNT\system32\vmoiduxf.dll
C:\WINNT\system32\nfqvkheh.exe
C:\WINNT\system32\qqowxkpm.dll
C:\WINNT\system32\ofnqjmik.dll
C:\WINNT\system32\htstader.exe
C:\WINNT\system32\xkljeocl.dll
C:\WINNT\system32\wmpns.dll
C:\WINNT\system32\mllml.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies]


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

( 2 )

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

C:\cap.bat


Does that file ring a bell ?

Let me know.

( 3 )

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#7 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 29 November 2007 - 04:52 PM

Yes to the cap.bat...I found it using windows explorer. I attempted the online scanner and it got to 99% updated and then said failed because you have to be connected to the internet (which obviously I am) It did not work at all (clicking accept) in firefox though which is a bummer because this virus makes my computer act up when I use IE.

#8 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 29 November 2007 - 05:13 PM

No problems. I hope you did the other stuff :thumbsup:

Try This instead:

Perform an online scan with Internet Explorer with Panda Active Scanner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

* If it finds any malware, it will offer you a report.
* Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#9 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 03 December 2007 - 09:27 AM

It's not copying right, I hope you can read it okay...

PandaScan Report:

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\ComboFix\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\D.Robison\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\D.Robison\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\htstader.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\mlugjayb.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\nfqvkheh.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\njfyftni.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\nqssyjwd.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\qeqfvejl.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\qqowxkpm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox\Quarantine\C\WINNT\system32\xkljeocl.dll.vir
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\s.burdick\Cookies\s.burdick@go[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\NirCmd.exe
Spyware:Spyware/Virtumonde Not disinfected C:\WINNT\system32\vygrmpqd.exe

#10 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 03 December 2007 - 04:19 PM

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::

C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.exe
C:\WINNT\NirCmd.exe
C:\WINNT\system32\vygrmpqd.exe

Folder::

C:\Documents and Settings\D.Robison\Desktop\Projects\qoobox


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

How are things running now?
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#11 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 03 December 2007 - 04:46 PM

Idk...this is the log file:


ComboFix 07-12-02.6 - D.Robison 2007-12-03 16:41:30.3 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.109 [GMT -5:00]
Running from: C:\Documents and Settings\D.Robison\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\D.Robison\Desktop\CFScript.txt

FILE
C:\ComboFix\nircmd.cfexe
C:\ComboFix\nircmd.exe
C:\WINNT\NirCmd.exe
C:\WINNT\system32\vygrmpqd.exe
.
ComboFix encountered a terminal error!! Please upload this file - C:\ComboFix_error.dat
to: http://www.bleepingcomputer.com/submit-malware.php?channel=4

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 16:42 . 07-12-03 16:42 7,240 --a------ C:\ComboFix_error.dat
2007-12-03 16:41 . 07-12-03 16:41 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_2f4.dat
2007-12-03 08:23 . 07-12-03 08:23 2,550 --a------ C:\WINNT\system32\Uninstall.ico
2007-12-03 08:23 . 07-12-03 08:23 1,406 --a------ C:\WINNT\system32\Help.ico
2007-11-29 08:31 . 07-12-03 14:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-29 08:15 . 07-11-29 08:15 71,232 --a------ C:\WINNT\system32\vygrmpqd.exe
2007-11-28 08:23 . 07-11-28 08:23 81,465 --a------ C:\WINNT\system32\pngspwrf.dll
2007-11-27 09:02 . 07-11-29 17:02 1,195,544 ---h----- C:\WINNT\ShellIconCache
2007-11-23 13:19 . 07-11-23 13:19 <DIR> d-------- C:\Program Files\Downloads
2007-11-20 10:49 . 07-12-03 14:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 13:57 --------- d-----w C:\Program Files\PrintKey2000
2007-12-03 13:51 --------- d-----w C:\Program Files\Common Files\SYSPRO
2007-11-29 20:38 --------- d-----w C:\Program Files\DYMO Label
2007-11-20 21:12 --------- d-----w C:\Program Files\Google
2007-10-03 13:04 --------- d-----w C:\Program Files\Java
2007-08-24 17:39 217,088 ---ha-w C:\Documents and Settings\__sbs_netsetup__\NTUSER.DAT
2006-10-20 14:40 46,416 ----a-w C:\Documents and Settings\Station 20\Application Data\GDIPFONTCACHEV1.DAT
2006-10-20 14:40 46,416 ----a-w C:\Documents and Settings\D.Robison\Application Data\GDIPFONTCACHEV1.DAT
2006-06-09 18:22 271 ---h--w C:\Program Files\desktop.ini
2006-06-09 18:22 21,952 ---h--w C:\Program Files\folder.htt
2003-06-20 12:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [05-03-21 15:13 C:\WINNT\system32\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 07:00 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [05-11-11 01:07 C:\WINNT\SOUNDMAN.EXE]
"VTTimer"="VTTimer.exe" [05-03-07 14:33 C:\WINNT\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [05-10-31 15:15 C:\WINNT\system32\VTTrayp.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 10:50 ]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [03-05-21 00:21 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-24 02:24 ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"ITPIPSetup"="E:\setupstb.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [07-05-11 02:06 ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-20 07:00 ]

C:\Documents and Settings\Station 20\Start Menu\Programs\Startup\
cap (2).lnk - F:\cap.bat [2007-04-14 14:16:06]

C:\Documents and Settings\D.Robison\Start Menu\Programs\Startup\
cap (2).lnk - F:\cap.bat [2007-04-14 14:16:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-24 06:47:33]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-07-03 14:32:55]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2006-06-15 08:33:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 16:42:41
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 16:43:10
.
--- E O F ---

#12 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 04 December 2007 - 09:36 AM

Did you set this policie? Or do you recognise it?

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

==

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

File::

C:\WINNT\system32\vygrmpqd.exe
C:\WINNT\system32\pngspwrf.dll


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe


You said you do not know how your system is running.. How come you can not know?

Edited by Rahina Rescue, 04 December 2007 - 09:37 AM.

[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#13 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 04 December 2007 - 01:28 PM

There have been no issues as of today. Symantec is no longer telling me that I have a virus. Thank you so much for your help. I really really appreciate it. :thumbsup:

Edited by OMG I am SO Fired, 04 December 2007 - 01:29 PM.


#14 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:31 AM

Posted 04 December 2007 - 02:25 PM

Sounds good :thumbsup: I am happy about that things are better now.

( 1 )

Open notepad and copy/paste the text in the quotebox below into it: ( Please make sure you copy everything in the code box )

Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]


Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

( 2 )

Let us just make a last scan with F-secure online scanner

Please run the F-Secure Online Scanner
Note: Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Please post back with a fresh log from the F-Secure Onlinescanner log and a fresh HijackThis log.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#15 OMG I am SO Fired

OMG I am SO Fired
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 04 December 2007 - 03:46 PM

The requested reports are below.



Scanning Report
Tuesday, December 04, 2007 14:50:46 - 15:38:25

Computer name: STATION20
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 3 malware found
Tracking Cookie (spyware)

* System (Disinfected)

Trojan.Win32.Obfuscated.kp (virus)

* C:\WINNT\SYSTEM32\VYGRMPQD.EXE (Renamed & Submitted)

Vundo.gen51 (virus)

* C:\WINNT\SYSTEM32\PNGSPWRF.DLL

Statistics
Scanned:

* Files: 30802
* System: 3397
* Not scanned: 3

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 1
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINNT\SYSTEM32\CONFIG\DEFAULT
* C:\DOCUMENTS AND SETTINGS\D.ROBISON\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\ARCHIVE1.PST

Options
Scanning engines:

* F-Secure AVP: 7.0.171, 2007-12-04
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0593-150-72
* F-Secure Libra: 2.4.2, 2007-11-28
* F-Secure Orion: 1.2.37, 2007-12-04
* F-Secure Pegasus: 1.19.0, 2007-11-03

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43, on 2007-12-04
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\WINNT\system32\VTTimer.exe
C:\WINNT\system32\VTtrayp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SYSPRO60\base\IMPCSC.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\D2EE4~1.ROB\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\D2EE4~1.ROB\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\explorer.exe
C:\Documents and Settings\D.Robison\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.speck-pumps.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ITPIPSetup] "E:\setupstb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: cap (2).lnk = ?
O4 - Startup: cap.lnk = C:\cap.bat
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = speck.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = speck.local
O18 - Protocol: bw+0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {4E28E6A0-0853-40E8-8CF8-902250A2811D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

--
End of file - 16723 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users