Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp1 Infected With Virtumonde (i Need Help Please).


  • This topic is locked This topic is locked
11 replies to this topic

#1 YuriD

YuriD

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 16 April 2008 - 08:26 PM

Hi, I'm new to this forum. My Windows XP1 Home Ed. Pc is infected by some kind of trojan:

C:\WINDOWS\system32\hvotfgcb.dll ------> Vundo.Gen
C:\WINDOWS\System32\ddcDuRHw.dll
C:\WINDOWS\System32\tuvVmnLE.dll

I'm running now on Safe Mode w/ Networking since normal mode freezes up after a minute or so.
Couldn't turn my Windows Firewall, got some error message. I've tried other forums and other solutions but the problems keep coming back.

Here are my logs, Please help:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-16 21:13:49
Computer is in Safe Mode with Networking.
--------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 3000+
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 511.48 MiB / 302.82 MiB
Pagefile Memory (total/avail): 1250.97 MiB / 1058.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.43 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 105.1 GiB total, 65.46 GiB free.
D: is Fixed (FAT32) - 6.68 GiB total, 2.34 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG SP1203N - 111.81 GiB - 2 partitions
\PARTITION0 - Unknown - 6.7 GiB - D:
\PARTITION1 (bootable) - Installable File System - 105.1 GiB - C:

\\.\PHYSICALDRIVE1 - Canon MP600Storage USB Device

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-FSYLY0JTWN
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000
LOGONSERVER=\\YOUR-FSYLY0JTWN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SAFEBOOT_OPTION=NETWORK
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNERY~1.000\LOCALS~1\Temp
USERDOMAIN=YOUR-FSYLY0JTWN
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-FSYLY0JTWN.000 (admin)
Administrator.YOUR-FSYLY0JTWN.000 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Avira AntiVir Personal – Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Instant Support --> C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 2.0 - Photosmart Cameras --> MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HPIZ311 --> MsiExec.exe /X{F247869D-3643-4A9F-821B-3534145928E3}
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Internet Explorer Q828750 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q828750.inf
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD --> C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition --> MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Multimedia Card Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
NVIDIA GART Driver --> C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
Outlook Express Update Q330994 --> C:\WINDOWS\Q330994.exe C:\WINDOWS\INF\Q330994.inf
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions --> C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Revo Uninstaller 1.50 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
toolkit --> c:\Windows\HPTK\unhptkit.exe
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Updates from HP --> C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type244 / Error
Event Submitted/Written: 04/16/2008 08:41:02 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

Event Record #/Type243 / Error
Event Submitted/Written: 04/16/2008 08:41:02 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

Event Record #/Type237 / Warning
Event Submitted/Written: 04/16/2008 06:35:46 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\System32\ddcDuRHw.dll

Event Record #/Type236 / Warning
Event Submitted/Written: 04/16/2008 06:35:24 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/Vundo.GenC:\WINDOWS\System32\ddcDuRHw.dll

Event Record #/Type230 / Warning
Event Submitted/Written: 04/16/2008 06:24:31 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2118 / Error
Event Submitted/Written: 04/16/2008 08:59:13 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type2115 / Error
Event Submitted/Written: 04/16/2008 08:42:18 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
avipbb
Fips
Processor
ssmdrv

Event Record #/Type2114 / Error
Event Submitted/Written: 04/16/2008 08:41:21 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\Outerinfo\FF\components\FF.dll.
Reference error message: The operation completed successfully.
.

Event Record #/Type2113 / Error
Event Submitted/Written: 04/16/2008 08:41:21 PM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type2112 / Error
Event Submitted/Written: 04/16/2008 08:41:21 PM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.



-- End of Deckard's System Scanner: finished at 2008-04-16 21:15:08 ------------



-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; computer is in safe mode.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:30 PM, on 4/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B8D23EB-2D69-4B66-B2BF-83880D35661B} - C:\WINDOWS\System32\ddcDuRHw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {d0501cd6-8594-5c78-1804-fb7ed1f6d858} - {858d6f1d-e7bf-4081-87c5-49586dc1050d} - C:\WINDOWS\System32\adyxbqun.dll
O2 - BHO: (no name) - {9FDC66DF-A132-91E5-1797-D48F725B7AE7} - C:\WINDOWS\System32\kng.dll
O2 - BHO: nextads browser optimizer - {b5855ac6-e7be-75d2-c952-eb0a3b650ea9} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2} - C:\WINDOWS\System32\hggheefc.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1208195789515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208195916593
O20 - Winlogon Notify: hggheefc - C:\WINDOWS\SYSTEM32\hggheefc.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5793 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080119-221559-104 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080119-221559-134 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
backup-20080119-221559-146 O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
backup-20080119-221559-164 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080119-221559-201 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1195863369593
backup-20080119-221559-231 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080119-221559-239 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
backup-20080119-221559-316 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080119-221559-333 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080119-221559-377 O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
backup-20080119-221559-484 O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
backup-20080119-221559-487 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
backup-20080119-221559-548 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080119-221559-570 O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
backup-20080119-221559-605 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080119-221559-607 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
backup-20080119-221559-645 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080119-221559-648 O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
backup-20080119-221559-692 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080119-221559-731 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
backup-20080119-221559-750 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
backup-20080119-221559-751 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080119-221559-774 O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
backup-20080119-221559-835 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
backup-20080119-221559-857 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080119-221559-867 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080119-221559-869 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080119-221559-891 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20080119-221559-903 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080119-221559-905 O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
backup-20080119-221559-918 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080119-221559-948 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
backup-20080119-221559-996 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
backup-20080119-221600-102 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20080119-221600-110 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080119-221600-219 O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
backup-20080119-221600-269 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
backup-20080119-221600-463 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080119-221600-549 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195863600312
backup-20080119-221600-850 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080119-221600-907 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
backup-20080414-012124-453 O2 - BHO: (no name) - {A7547793-F2BE-480D-B423-77C3DFF121B7} - C:\WINDOWS\system32\ljJDUnkK.dll
backup-20080414-012128-538 O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\mlJYqQgf.dll
backup-20080414-012129-207 O20 - Winlogon Notify: mlJYqQgf - C:\WINDOWS\SYSTEM32\mlJYqQgf.dll
backup-20080414-022134-120 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080414-104553-180 O20 - Winlogon Notify: mlJYqQgf - C:\WINDOWS\SYSTEM32\mlJYqQgf.dll
backup-20080414-104553-401 O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\mlJYqQgf.dll
backup-20080414-104553-611 O2 - BHO: (no name) - {6364F226-1870-4BFA-AC7F-50429F95144D} - C:\WINDOWS\system32\ljJDUnkK.dll
backup-20080414-104631-464 O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\mlJYqQgf.dll
backup-20080414-104631-473 O20 - Winlogon Notify: mlJYqQgf - C:\WINDOWS\SYSTEM32\mlJYqQgf.dll
backup-20080414-104631-964 O2 - BHO: (no name) - {6364F226-1870-4BFA-AC7F-50429F95144D} - C:\WINDOWS\system32\ljJDUnkK.dll
backup-20080416-170340-112 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
backup-20080416-170340-403 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080416-170340-622 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080416-170341-343 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
backup-20080416-170341-856 O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
backup-20080416-170443-109 O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
backup-20080416-170443-308 O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
backup-20080416-170443-787 O4 - HKLM\..\Run: [08633db5] rundll32.exe "C:\WINDOWS\System32\tblbdpct.dll",b
backup-20080416-170443-977 O4 - HKLM\..\Run: [BM0b500e29] Rundll32.exe "C:\WINDOWS\System32\hvotfgcb.dll",s

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-14 02:31:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-12 14:53:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-07 03:00:00 304 --a------ C:\WINDOWS\Tasks\BugDoctorOwner.job
2008-04-05 01:20:00 566 --a------ C:\WINDOWS\Tasks\Owner scan and fix.job
2008-04-05 01:00:00 556 --a------ C:\WINDOWS\Tasks\Owner backup.job
2003-10-14 01:22:22 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-03-16 and 2008-04-16 -----------------------------

2008-04-16 20:59:38 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-16 20:59:36 0 d-------- C:\WINDOWS\LastGood
2008-04-16 17:29:38 0 d-------- C:\Program Files\Enigma Software Group
2008-04-16 17:01:27 34099 --a------ C:\WINDOWS\System32\efcawwxv.dll
2008-04-16 17:00:44 0 d-------- C:\WINDOWS\System32\?ssembly
2008-04-16 17:00:44 0 d-------- C:\Program Files\Outerinfo
2008-04-16 17:00:42 60928 --a------ C:\WINDOWS\System32\kng.dll
2008-04-16 17:00:27 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-04-16 17:00:25 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\??stem
2008-04-16 17:00:17 0 d-------- C:\WINDOWS\System32\xcsDd01
2008-04-16 17:00:16 34099 --a------ C:\WINDOWS\System32\hggheefc.dll
2008-04-16 16:56:04 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Recent
2008-04-16 16:39:39 0 d-------- C:\Program Files\Panda Security
2008-04-16 16:01:03 94272 --a------ C:\WINDOWS\System32\adyxbqun.dll
2008-04-16 11:59:34 309403 --ahs---- C:\WINDOWS\System32\wHRuDcdd.ini2
2008-04-16 11:39:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Malwarebytes
2008-04-16 11:38:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-16 11:38:33 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-16 10:58:25 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\TrojanHunter
2008-04-16 10:28:11 0 d-------- C:\Program Files\Spyware Doctor
2008-04-16 10:27:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-16 10:25:47 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Webroot
2008-04-16 10:25:46 0 d-------- C:\Program Files\Webroot
2008-04-16 10:25:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-16 10:18:52 0 d-------- C:\Program Files\CCleaner
2008-04-16 10:02:21 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-04-16 09:58:17 0 d-------- C:\VundoFix Backups
2008-04-16 09:55:42 1528 --a------ C:\WINDOWS\System32\tmp.reg
2008-04-16 09:55:17 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-04-16 09:55:17 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-16 09:55:17 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-16 09:55:17 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-16 09:55:17 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-16 09:55:17 82432 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-16 09:55:17 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-04-16 09:03:39 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\.housecall6.6
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Ashampoo
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Apple Computer
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\aignes
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Ahead
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\AdobeUM
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Adobe
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Acoustica
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Ace
2008-04-16 09:03:38 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\.limewire
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Lavasoft
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\InterVideo
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\interMute
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\InstallShield
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Identities
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\HorizonWimba
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Google
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\GetRightToGo
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\F?nts
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\DeepBurner
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\COWON
2008-04-16 09:03:37 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Canon
2008-04-16 09:03:32 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Macromedia
2008-04-16 09:03:31 0 d---s---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Microsoft
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\SopCast
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Sonic
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\ScanSoft
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\SampleView
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Roxio
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Registry Cleaner
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Real
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\PC Tools
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Mozilla
2008-04-16 09:03:30 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Motive
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Incomplete
2008-04-16 09:03:29 0 dr------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Favorites
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Desktop
2008-04-16 09:03:29 0 d---s---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Cookies
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Contacts
2008-04-16 09:03:29 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\vlc
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\URSoft
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\TypingMaster7
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Teleca
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Symantec
2008-04-16 09:03:29 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Sun
2008-04-16 09:03:24 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\WINDOWS
2008-04-16 09:03:24 0 d---s---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\UserData
2008-04-16 09:03:24 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Templates
2008-04-16 09:03:24 0 dr------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Start Menu
2008-04-16 09:03:24 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Spiderman
2008-04-16 09:03:24 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Shared
2008-04-16 09:03:24 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\SendTo
2008-04-16 09:03:24 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Recent
2008-04-16 09:03:24 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\PrintHood
2008-04-16 09:03:24 1048576 --ah----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\NTUSER.DAT
2008-04-16 09:03:24 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\NetHood
2008-04-16 09:03:24 0 dr------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\My Documents
2008-04-16 09:03:24 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Local Settings
2008-04-16 03:08:49 0 d-------- C:\WINDOWS\ERUNT
2008-04-16 02:22:01 162304 --a------ C:\WINDOWS\System32\ztvunrar36.dll
2008-04-16 02:22:01 77312 --a------ C:\WINDOWS\System32\ztvunace26.dll
2008-04-16 02:22:01 69632 --a------ C:\WINDOWS\System32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-16 02:22:00 153088 --a------ C:\WINDOWS\System32\unrar3.dll
2008-04-16 02:22:00 75264 --a------ C:\WINDOWS\System32\unacev2.dll
2008-04-16 02:21:59 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Simply Super Software
2008-04-16 02:21:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-04-16 02:21:32 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\WinRAR
2008-04-16 01:58:10 0 d-------- C:\Program Files\msn gaming zone
2008-04-15 21:01:51 273408 -----n--- C:\WINDOWS\System32\ddcDuRHw.dll
2008-04-15 21:01:22 0 d-------- C:\Program Files\VS Revo Group
2008-04-15 20:59:31 34099 --a------ C:\WINDOWS\System32\pmnlmnno.dll
2008-04-15 20:59:29 0 d--hs---- C:\WINDOWS\IA
2008-04-15 20:59:21 0 d-------- C:\WINDOWS\System32\bharebio01
2008-04-15 20:59:21 0 d-------- C:\Temp
2008-04-15 06:13:56 0 d-------- C:\Program Files\Avira
2008-04-15 05:54:55 0 d-------- C:\WINDOWS\Windows Update Setup Files
2008-04-15 05:44:06 0 d-------- C:\WINDOWS\System32\PreInstall
2008-04-14 16:03:38 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2008-04-14 14:03:18 0 d-------- C:\WINDOWS\System32\bits
2008-04-14 13:50:55 197632 --a------ C:\WINDOWS\System32\CNMLM87.DLL <Not Verified; CANON INC.; Canon IJ Printer Driver>
2008-04-14 13:43:19 0 dr-hs---- C:\cmdcons
2008-04-14 13:43:04 0 d-------- C:\WINDOWS\setupupd
2008-04-14 13:39:00 208896 --a------ C:\WINDOWS\System32\wmpns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-04-14 13:37:03 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Acoustica
2008-04-14 13:37:03 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Ace
2008-04-14 13:37:03 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\.limewire
2008-04-14 13:37:03 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\.housecall6.6
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Lavasoft
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\InterVideo
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\interMute
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\InstallShield
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Identities
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\HorizonWimba
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Google
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\GetRightToGo
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\F?nts
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\DeepBurner
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\COWON
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Canon
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Ashampoo
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Apple Computer
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\aignes
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Ahead
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\AdobeUM
2008-04-14 13:37:02 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Adobe
2008-04-14 13:36:56 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Macromedia
2008-04-14 13:36:54 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\PC Tools
2008-04-14 13:36:54 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Mozilla
2008-04-14 13:36:54 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Motive
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Incomplete
2008-04-14 13:36:53 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Favorites
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Desktop
2008-04-14 13:36:53 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Cookies
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Contacts
2008-04-14 13:36:53 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\vlc
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\URSoft
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\TypingMaster7
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Teleca
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Symantec
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Sun
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\SopCast
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Sonic
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\ScanSoft
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\SampleView
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Roxio
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Registry Cleaner
2008-04-14 13:36:53 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Real
2008-04-14 13:36:50 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\NetHood
2008-04-14 13:36:50 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\My Documents
2008-04-14 13:36:50 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Local Settings
2008-04-14 13:36:49 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\WINDOWS
2008-04-14 13:36:49 0 d---s---- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\UserData
2008-04-14 13:36:49 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Templates
2008-04-14 13:36:49 0 dr------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Start Menu
2008-04-14 13:36:49 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Spiderman
2008-04-14 13:36:49 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Shared
2008-04-14 13:36:49 0 dr-h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\SendTo
2008-04-14 13:36:49 0 d--h----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\PrintHood
2008-04-14 13:36:49 2359296 --ah----- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\NTUSER.DAT
2008-04-14 13:32:11 10368 --a------ C:\WINDOWS\System32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
2008-04-14 02:35:03 0 d-------- C:\429d9c27d4f2a3eebadabf
2008-04-14 01:26:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-14 01:00:50 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Acoustica
2008-04-14 01:00:50 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Ace
2008-04-14 01:00:50 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\.limewire
2008-04-14 01:00:50 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\.housecall6.6
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Lavasoft
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\InterVideo
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\interMute
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\InstallShield
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Identities
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\HorizonWimba
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Google
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\GetRightToGo
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\F?nts
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\DeepBurner
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\COWON
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Canon
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Ashampoo
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Apple Computer
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\aignes
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Ahead
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\AdobeUM
2008-04-14 01:00:49 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Adobe
2008-04-14 01:00:43 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Macromedia
2008-04-14 01:00:41 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Mozilla
2008-04-14 01:00:41 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Motive
2008-04-14 01:00:41 0 d---s---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Microsoft
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Contacts
2008-04-14 01:00:40 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\vlc
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\URSoft
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\TypingMaster7
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Teleca
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Symantec
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Sun
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\SopCast
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Sonic
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\ScanSoft
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\SampleView
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Roxio
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Registry Cleaner
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\Real
2008-04-14 01:00:40 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Application Data\PC Tools
2008-04-14 01:00:39 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Incomplete
2008-04-14 01:00:39 0 dr------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Favorites
2008-04-14 01:00:39 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Desktop
2008-04-14 01:00:39 0 d---s---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Cookies
2008-04-14 01:00:35 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Local Settings
2008-04-14 01:00:34 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\WINDOWS
2008-04-14 01:00:34 0 d--hs---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\UserData
2008-04-14 01:00:34 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Templates
2008-04-14 01:00:34 0 dr------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Start Menu
2008-04-14 01:00:34 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Spiderman
2008-04-14 01:00:34 0 d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Shared
2008-04-14 01:00:34 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\SendTo
2008-04-14 01:00:34 0 dr-h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\Recent
2008-04-14 01:00:34 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\PrintHood
2008-04-14 01:00:34 0 d--h----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\NetHood
2008-04-14 01:00:34 0 dr------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\My Documents
2008-04-14 01:00:33 1048576 --ah----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN\NTUSER.DAT
2008-04-14 00:05:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-03-24 14:48:28 0 d-------- C:\Program Files\CubeDesktop
2008-03-23 23:07:30 0 d-------- C:\Program Files\Prolific Publishing, Inc
2008-03-23 21:40:50 0 d-------- C:\Program Files\SereneScreen
2008-03-23 21:40:28 0 d-------- C:\Program Files\Coral Clock 3D Screensaver
2008-03-23 20:50:22 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-23 20:49:59 0 d-------- C:\Program Files\Common Files\TechSmith Shared
2008-03-23 18:46:09 0 d-------- C:\Program Files\Incomplete
2008-03-23 18:42:36 0 d-------- C:\Program Files\FrostWire
2008-03-23 16:10:29 0 d-------- C:\Program Files\uTorrent
2008-03-22 08:43:59 0 d-------- C:\Program Files\Microsoft Silverlight


-- Find3M Report ---------------------------------------------------------------

2008-04-16 18:24:26 0 d-------- C:\Program Files\Common Files
2008-04-16 17:19:41 0 d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\??stem
2008-04-16 16:42:39 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-16 10:22:40 164 --a------ C:\install.dat
2008-04-16 10:05:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 02:41:45 0 d-------- C:\Program Files\SpywareBlaster
2008-04-16 01:49:31 0 d-------- C:\Program Files\EA GAMES
2008-04-15 21:03:07 0 d-------- C:\Program Files\interMute
2008-04-15 15:55:49 0 d-------- C:\Program Files\FreeUndelete
2008-04-14 16:16:36 0 d-------- C:\Program Files\Windows NT
2008-04-14 16:16:33 0 d-------- C:\Program Files\Movie Maker
2008-04-14 16:16:32 0 d-------- C:\Program Files\Messenger
2008-04-14 14:12:59 0 d-------- C:\Program Files\Java
2008-04-14 14:05:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 14:05:02 0 d-------- C:\Program Files\Quicken
2008-04-14 14:01:47 0 d-------- C:\Program Files\Real
2008-04-14 14:01:42 0 d-------- C:\Program Files\Common Files\Real
2008-04-14 14:01:00 0 d-------- C:\Program Files\Sonic
2008-04-14 13:58:40 0 d-------- C:\Program Files\Easy Internet signup
2008-04-14 13:48:51 3888 --a------ C:\WINDOWS\viassary-hp.reg
2008-04-14 01:26:17 0 d-------- C:\Program Files\Kaspersky Lab
2008-04-14 00:34:50 0 dr------- C:\Program Files\TypingMaster
2008-04-13 23:25:45 0 d-------- C:\Program Files\Call of Duty
2008-03-23 18:01:18 0 d-------- C:\Program Files\LimeWire
2008-01-17 00:39:48 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B8D23EB-2D69-4B66-B2BF-83880D35661B}]
04/15/2008 09:01 PM 273408 --------- C:\WINDOWS\System32\ddcDuRHw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{858d6f1d-e7bf-4081-87c5-49586dc1050d}]
04/16/2008 04:01 PM 94272 --a------ C:\WINDOWS\System32\adyxbqun.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9FDC66DF-A132-91E5-1797-D48F725B7AE7}]
04/11/2008 01:51 PM 60928 --a------ C:\WINDOWS\System32\kng.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b5855ac6-e7be-75d2-c952-eb0a3b650ea9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
04/16/2008 05:00 PM 34099 --a------ C:\WINDOWS\System32\hggheefc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/29/2002 05:00 AM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 03:47 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\System32\hggheefc.dll [04/16/2008 05:00 PM 34099]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggheefc]
hggheefc.dll 04/16/2008 05:00 PM 34099 C:\WINDOWS\system32\hggheefc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner.YOUR-FSYLY0JTWN.000^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0b500e29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
LTMSG.exe 7

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]
c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]
"C:\DOCUME~1\OWNERY~1.000\APPLIC~1\STEM~1\services.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
rundll32.exe nview.dll,nViewLoadHook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rqrcz]
C:\WINDOWS\system32\?ssembly\w?auclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 5.0\THGuard.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
VTTimer.exe




-- End of Deckard's System Scanner: finished at 2008-04-16 21:15:08 ------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:23 PM, on 4/16/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1208195789515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208195916593
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4689 bytes

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:43 PM

Posted 17 April 2008 - 09:36 AM

Hello YuriD and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 YuriD

YuriD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 18 April 2008 - 03:35 PM

Hi, I followed allow your instructions.
I had done some changes to the system before I saw your response.
Talked to someone from Microsoft, they told me to install XP2, so I did and the Trojan/Virus is still in the PC.
Uninstalled a bunch of antivirus and spyware programs.
Running Bifdenfender only. (Detected C:\Windows\system32\tuvvmle.dll.vir as infected w/ Trojan.Vundo.EFK before Malwarebytes' scan)

Malwarebytes detected 22 infection (it says that it deleted them but they reappear)

HJT log: find

Probs:
Bitdefender detected ComboFix as spyware (turned off Bitdefender, download worked)

Am not quite sure what you mean by Windows Recovery Console CD (I had made 8 CDs when I bought the PC (they are named HP Recovery Console, is that it?)

Followed the instructions on the Microsoft website, typed this in E:\i386\winnt32.exe /cmdcons E= drive where CD was

So I download the download from website. Tried dragging it to the ComboFix in my desktop, it doesn't work (moves but does "fall" inside ComboFix.

So I guess I am stuck, if you could help me please.

here are the Malwarebytes and HJT logs

Malwarebytes' Anti-Malware 1.11
Database version: 651

Scan type: Quick Scan
Objects scanned: 38107
Time elapsed: 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\hggheefc.dll (Trojan.Agent) -> Unloaded module successfully.
C:\WINDOWS\system32\ddcDuRHw.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\mxrerwxv.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{fb422e7b-3d5e-4d9b-84c2-91b6c888cde2} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb422e7b-3d5e-4d9b-84c2-91b6c888cde2} (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggheefc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48ca8b6c-1df1-4057-b12d-943fc732d4a4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48ca8b6c-1df1-4057-b12d-943fc732d4a4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fdc66df-a132-91e5-1797-d48f725b7ae7} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9fdc66df-a132-91e5-1797-d48f725b7ae7} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67d1614f-2328-47db-8ac9-873be904301e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67d1614f-2328-47db-8ac9-873be904301e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{fb422e7b-3d5e-4d9b-84c2-91b6c888cde2} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\xcsDd01 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\hggheefc.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ddcDuRHw.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wHRuDcdd.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wHRuDcdd.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\niwckwev.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vewkcwin.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kng.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mxrerwxv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\pmnlmnno.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xcsDd01\xcsDd011065.exe (Trojan.Agent) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:51 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\update\update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: nextads browser optimizer - {b5855ac6-e7be-75d2-c952-eb0a3b650ea9} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1208195789515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208195916593
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 5097 bytes

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:43 PM

Posted 19 April 2008 - 04:02 AM

No problem, YuriD :thumbsup:

Just download this file : http://www.microsoft.com/downloads/details...;displaylang=en
and drag it to ComboFix.exe.
That should work without any problem. :blink:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 YuriD

YuriD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 27 April 2008 - 04:01 AM

Hi Thunder,
Sry for the delay, busy with school finals.

I have downloaded all SP2 to my pc and gotten all the securities updates, the pc has been running fine but I fear that there could still be traces left in the pc.

I downloaded from the site you provided and tried to drag into ComboFix.exe but it won't work.

Now I can't even uninstall ComboFix.exe from my desktop.

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:43 PM

Posted 27 April 2008 - 05:32 AM

Hello YuriD,

Just run ComboFix by doubleclicking the ComboFix.exe icon,
and post the log provided upon finishing.
We'll take it from there. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 YuriD

YuriD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 29 April 2008 - 02:34 PM

Thunder,

Here is the ComFix log. I'm logged on Save mode w/ Networking now since right after ComboFix scan Firefox nor Explorer would open (it's probably good now, I hope)



ComboFix 08-04-28.2 - Owner 2008-04-29 8:45:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.260 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\FNTS~1
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\FNTS~1
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\STEM~1
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\STEM~1\??stem\
C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\FNTS~1
C:\Program Files\Common Files\{38633~1
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\IA
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\lorvdfte.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\ssembl~1\w?auclt.exe
C:\WINDOWS\system32\tcpdblbt.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-21 01:24 . 2008-04-21 01:24 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-20 22:16 . 2008-04-20 22:16 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-04-20 22:13 . 2008-04-20 22:14 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-04-20 05:26 . 2008-04-28 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 05:26 . 2008-04-20 05:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 02:28 . 2006-10-04 22:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-20 02:28 . 2006-10-04 22:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-20 02:21 . 2008-04-20 02:28 <DIR> d-------- C:\Program Files\Picasa2
2008-04-19 21:06 . 2008-04-28 20:54 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\uTorrent
2008-04-18 21:17 . 2008-04-18 21:17 <DIR> d-------- C:\Program Files\MSBuild
2008-04-18 21:05 . 2008-04-20 04:39 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-18 21:01 . 2008-04-18 21:01 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-18 20:57 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-18 20:56 . 2008-04-18 20:56 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-18 20:56 . 2008-04-18 20:56 <DIR> d-------- C:\4c7b3355d9200d8687f5706848
2008-04-18 20:54 . 2006-10-04 10:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-18 20:54 . 2006-10-04 10:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-18 20:54 . 2006-10-04 10:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-18 20:51 . 2008-04-18 20:51 <DIR> d-------- C:\Program Files\DiskInternals
2008-04-18 20:39 . 2008-04-18 20:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-18 20:39 . 2008-04-18 20:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-18 20:32 . 2008-04-20 00:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-18 20:15 . 2006-11-13 02:02 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-04-18 20:15 . 2006-11-13 02:02 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2008-04-18 20:15 . 2006-11-13 02:02 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2008-04-18 14:52 . 2008-04-18 14:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-18 13:41 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-18 13:41 . 2007-06-30 23:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-18 13:41 . 2007-06-30 23:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-18 13:41 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-18 13:41 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-18 13:41 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-18 13:41 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-18 13:41 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-18 13:41 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-18 12:47 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-18 12:47 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-18 12:47 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-18 09:01 . 2007-02-28 05:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-04-18 09:01 . 2007-02-28 05:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-04-18 09:01 . 2007-02-28 04:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-04-18 09:01 . 2007-02-28 04:38 2,015,744 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-04-18 09:01 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-18 05:57 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\004672_.tmp
2008-04-17 15:44 . 2008-04-20 03:04 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-17 15:08 . 2008-04-29 15:04 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-17 15:04 . 2008-04-17 15:04 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Bitdefender
2008-04-17 15:01 . 2008-04-17 15:01 <DIR> d-------- C:\Program Files\Softwin
2008-04-17 15:01 . 2008-04-17 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-17 14:57 . 2008-04-17 15:01 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-04-16 21:03 . 2008-04-16 21:03 <DIR> d-------- C:\Deckard
2008-04-16 20:59 . 2008-04-16 20:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-16 17:29 . 2008-04-16 17:29 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-16 17:00 . 2008-04-16 17:00 <DIR> d-------- C:\Temp\berDrv11
2008-04-16 16:39 . 2008-04-17 06:11 <DIR> d-------- C:\Program Files\Panda Security
2008-04-16 11:39 . 2008-04-16 11:39 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Malwarebytes
2008-04-16 11:38 . 2008-04-16 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-16 10:58 . 2008-04-16 10:58 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\TrojanHunter
2008-04-16 10:18 . 2008-04-16 10:18 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 10:02 . 2008-04-17 18:28 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-04-16 09:58 . 2008-04-16 09:58 <DIR> d-------- C:\VundoFix Backups
2008-04-16 09:55 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-16 09:55 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-16 09:55 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-16 09:55 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-16 09:55 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-16 09:55 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-16 09:55 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-16 09:55 . 2008-04-16 09:55 1,528 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-16 09:37 . 2008-04-17 17:34 <DIR> d-------- C:\Program Files\Unlocker
2008-04-16 09:05 . 2008-04-16 17:15 101,225 --a------ C:\WINDOWS\BM0b500e29.xml
2008-04-16 09:03 . 2003-10-11 01:19 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\WINDOWS
2008-04-16 09:03 . 2007-11-23 18:08 <DIR> d---s---- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\UserData
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Spiderman
2008-04-16 09:03 . 2007-11-23 17:30 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Shared
2008-04-16 09:03 . 2007-11-23 17:38 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Incomplete
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Contacts
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\vlc
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\URSoft
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\TypingMaster7
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Teleca
2008-04-16 09:03 . 2003-10-14 01:21 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Symantec
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\SopCast
2008-04-16 09:03 . 2003-10-11 00:57 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Sonic
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\ScanSoft
2008-04-16 09:03 . 2003-10-11 01:47 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\SampleView
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Roxio
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Registry Cleaner
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\PC Tools
2008-04-16 09:03 . 2007-11-23 05:45 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Motive
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Lavasoft
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\InterVideo
2008-04-16 09:03 . 2003-10-14 01:24 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\interMute
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\InstallShield
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\HorizonWimba
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\GetRightToGo
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\DeepBurner
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\COWON
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Canon
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Ashampoo
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Apple Computer
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\aignes
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Ahead
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\AdobeUM
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Acoustica
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Application Data\Ace
2008-04-16 09:03 . 2007-11-23 17:38 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\.limewire
2008-04-16 09:03 . 2007-11-23 05:46 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\.housecall6.6
2008-04-16 09:03 . 2008-04-16 09:03 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000
2008-04-16 09:03 . 2008-04-29 08:41 1,024 --ah----- C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\ntuser.dat.LOG
2008-04-16 03:08 . 2008-04-16 03:09 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-16 03:08 . 2008-04-15 11:39 <DIR> d-------- C:\SDFix
2008-04-16 02:22 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-16 02:22 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-04-16 02:22 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-16 02:22 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-04-16 02:22 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-04-16 02:21 . 2008-04-16 02:22 <DIR> d-------- C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN.000\Application Data\Simply Super Software
2008-04-16 02:21 . 2008-04-16 02:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-04-15 21:01 . 2008-04-15 21:01 <DIR> d-------- C:\Program Files\VS Revo Group
2008-04-15 20:59 . 2008-04-16 11:57 <DIR> d-------- C:\WINDOWS\system32\bharebio01
2008-04-15 20:59 . 2008-04-15 20:59 <DIR> d-------- C:\Temp\wdlw14
2008-04-15 20:59 . 2008-04-18 21:20 <DIR> d-------- C:\Temp
2008-04-15 06:13 . 2008-04-21 00:43 <DIR> d-------- C:\Program Files\Avira
2008-04-15 05:54 . 2008-04-15 05:55 <DIR> d-------- C:\WINDOWS\Windows Update Setup Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 10:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-28 09:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-21 04:57 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-21 02:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-21 02:16 --------- d-----w C:\Program Files\Logitech
2008-04-20 06:25 --------- d-----w C:\Program Files\Google
2008-04-20 04:59 --------- d-----w C:\Program Files\MSN Messenger
2008-04-20 04:29 --------- d-----w C:\Program Files\QuickTime
2008-04-20 01:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 00:31 --------- d-----w C:\Program Files\LimeWire
2008-04-17 22:36 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-17 21:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-17 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-17 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-04-16 14:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-16 14:22 164 ----a-w C:\install.dat
2008-04-16 14:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 05:49 --------- d-----w C:\Program Files\EA GAMES
2008-04-16 01:03 --------- d-----w C:\Program Files\interMute
2008-04-15 19:55 --------- d-----w C:\Program Files\FreeUndelete
2008-04-14 18:12 --------- d-----w C:\Program Files\Java
2008-04-14 18:05 --------- d-----w C:\Program Files\Quicken
2008-04-14 18:01 --------- d-----w C:\Program Files\Sonic
2008-04-14 18:01 --------- d-----w C:\Program Files\Real
2008-04-14 18:01 --------- d-----w C:\Program Files\Common Files\Real
2008-04-14 17:58 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-14 17:48 3,888 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-14 06:31 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-14 05:26 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-14 04:47 --------- d-----w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\uTorrent
2008-04-14 04:34 --------- d-----r C:\Program Files\TypingMaster
2008-04-14 03:25 --------- d-----w C:\Program Files\Call of Duty
2008-03-28 03:21 --------- d-----w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\TypingMaster7
2008-03-24 03:07 --------- d-----w C:\Program Files\Prolific Publishing, Inc
2008-03-24 01:40 --------- d-----w C:\Program Files\SereneScreen
2008-03-24 01:40 --------- d-----w C:\Program Files\Coral Clock 3D Screensaver
2008-03-24 01:08 --------- d-----w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\Real Desktop
2008-03-24 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-24 00:49 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-03-23 23:15 --------- d-----w C:\Program Files\Incomplete
2008-03-23 23:15 --------- d-----w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\FrostWire
2008-03-23 23:10 --------- d-----w C:\Program Files\FrostWire
2008-03-23 20:10 --------- d-----w C:\Program Files\uTorrent
2008-03-22 12:18 --------- d-----w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\Sammsoft
2008-03-21 20:27 --------- d-----w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\Uniblue
2008-01-21 03:59 22,328 ----a-w C:\Documents and Settings\Owner.YOUR-FSYLY0JTWN\Application Data\PnkBstrK.sys
2005-02-16 19:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2007-11-23 22:07 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-11-24 01:19 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007112320071124\index.dat
2007-11-23 22:15 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\UserData\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b5855ac6-e7be-75d2-c952-eb0a3b650ea9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-03-26 13:19:43 147456]

C:\Documents and Settings\Yuri\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-03-26 13:19:43 147456]

C:\Documents and Settings\Administrator.YOUR-FSYLY0JTWN.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-03-26 13:19:43 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-FSYLY0JTWN.000^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AROReminder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
--a------ 2007-03-26 15:49 69632 C:\Program Files\Softwin\BitDefender10\bdagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
--a------ 2008-04-18 15:08 290816 C:\Program Files\Softwin\BitDefender10\bdmcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0b500e29]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-10-07 10:23 90112 c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2003-08-15 03:59 70816 c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-04-07 10:07 114688 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a------ 2003-05-23 05:55 483328 C:\WINDOWS\System32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 19:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 23:02 61440 C:\HP\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-04-20 22:16 36864 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-06-26 09:46 497200 C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a------ 2003-07-14 10:52 40960 C:\WINDOWS\ltmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware Reboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notn]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-08-19 05:56 4841472 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
--a------ 2003-08-19 05:56 852038 C:\WINDOWS\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-08-19 05:56 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2002-10-16 19:57 81920 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-14 00:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rqrcz]
C:\WINDOWS\system32\?ssembly\w?auclt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite]
--a------ 2008-01-23 15:47 847872 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2003-08-14 23:11 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-11-03 23:36 45056 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-02-26 05:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-04-20 04:26:39 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-28 07:00:00 C:\WINDOWS\Tasks\BugDoctorOwner.job"
- C:\Program Files\Bug Doctor\BugDoctor.exe
"2008-04-28 05:34:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-05 05:00:00 C:\WINDOWS\Tasks\Owner backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-04-05 05:20:00 C:\WINDOWS\Tasks\Owner scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 15:05:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-29 15:17:43 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-04-29 19:17:22

Pre-Run: 62,488,592,384 bytes free
Post-Run: 63,046,328,320 bytes free

349 --- E O F --- 2008-04-21 23:03:25

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:43 PM

Posted 30 April 2008 - 08:23 AM

Hello YuriD,

What antivirus program would you like to keep ?
Running more than one is NOT recommended !!
Please remove one of them through Control Panel > Software. :thumbsup:

Open Notepad and copy and paste the bold, blue text below in it:
(don't forget to copy and paste REGEDIT4)REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b5855ac6-e7be-75d2-c952-eb0a3b650ea9}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rqrcz]

Save this as fix.reg Choose to save as "all files" and place it on your Desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
Reboot your system and post a fresh HijackThis log please.
Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 YuriD

YuriD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 01 May 2008 - 12:22 PM

Hi Thunder,
I thought that I had already taken out Norton (if that's one o the anti-virus programs you talking about) and only have BitDefender running.

Computer has been running well last couple of weeks, after I installed SP2 and installed all security updates. I was just afraid that there could still be traces of the Trojan left.

Followed all the instructions above, everything went well.

Here is the log.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:59 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: nextads browser optimizer - {b5855ac6-e7be-75d2-c952-eb0a3b650ea9} - (no file)
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1208195789515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208195916593
O18 - Protocol: bw+0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 17957 bytes

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:43 PM

Posted 01 May 2008 - 03:14 PM

Hello YuriD,

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if still present :O2 - BHO: nextads browser optimizer - {b5855ac6-e7be-75d2-c952-eb0a3b650ea9} - (no file)
Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Obviously, Norton was not removed properly, and all it does right now is slow down your system. :thumbsup:

Go to Start > Control Panel > Software > Add/remove programs and uninstall LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Symantec Script Blocking Installer
Norton

Reboot your PC, download to your Desktop and run the appropriate version of the Symantec Removal Tool to remove leftovers from Norton.
Reboot again and post a fresh HijackThis log for final check please.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 YuriD

YuriD
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:43 AM

Posted 01 May 2008 - 05:49 PM

Hi Thunder,
Followed all steps above, everything worked fine.
I did find and removed O2 - BHO: nextads browser optimizer - {b5855ac6-e7be-75d2-c952-eb0a3b650ea9} - (no file)

Here is a fresh HJT log.
Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:53 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - .DEFAULT User Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/oas/ActiveX/MSDcode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1208195789515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208195916593
O18 - Protocol: bw+0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {604F1EA0-E0D1-47FA-9FE0-F4B7D93BAA16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 17281 bytes

#12 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:43 PM

Posted 01 May 2008 - 06:10 PM

Hello YuriD,

That looks fine now :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users