Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 Gabriel_NYC

Gabriel_NYC

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 15 December 2008 - 02:53 PM

Admin, can you please delete the VMundo post? Thanks.


AVG said it cleaned the infected files, but I still can't install any programs or access the internet. Below are the logs.

log.txt
--------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Gabriel Ayache at 2008-12-15 14:14:45
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (26%) free of 31 GB
Total RAM: 1151 MB (59% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5BF49A2-94F1-42BD-F434-3604812C807D}]
C:\WINDOWS\system32\rsekd83jde.dll - C:\WINDOWS\system32\rsekd83jde.dll [2008-12-15 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f93e3ece-fdfa-45c4-a45f-af58065dfad5}]
C:\WINDOWS\system32\levipona.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-03 158208]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-15 1261336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"gadcom"=C:\Documents and Settings\Gabriel Ayache\Application Data\gadcom\gadcom.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 []
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-05 67128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\64c215db]
C:\WINDOWS\system32\hiyelele.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM67f12647]
c:\windows\system32\debuwefe.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd]
C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\csrssc.exe [2008-12-15 22017]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zanayahupe]
C:\WINDOWS\system32\javarago.dll []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\zitaheno.dll,c:\windows\system32\debuwefe.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\debuwefe.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\debuwefe.dll []
KJhaiufhw3nrih7wefywjfsdfd - {D5BF49A2-94F1-42BD-F434-3604812C807D} - C:\WINDOWS\system32\rsekd83jde.dll [2008-12-15 15000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\zitaheno.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SideCar.exe"="C:\WINDOWS\SideCar.exe:*:Enabled: SideCar"
"C:\Program Files\Joost\xulrunner\tvprunner.exe"="C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\WINDOWS\system32\prunnet.exe"="C:\WINDOWS\system32\prunnet.exe:*:Enabled:prunnet"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"
"C:\WINDOWS\system32\dllhost.exe"="C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======File associations======

.ini - open - notepad.exe %1
.js - edit -
.js - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2008-12-15 14:14:45 ----D---- C:\rsit
2008-12-15 12:30:35 ----HD---- C:\$AVG8.VAULT$
2008-12-15 11:36:29 ----D---- C:\WINDOWS\CSC
2008-12-15 02:46:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-15 02:46:21 ----D---- C:\Program Files\AVG
2008-12-15 02:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-15 02:30:15 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-15 02:18:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 01:08:12 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\ESET
2008-12-15 00:27:37 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-15 00:24:57 ----A---- C:\WINDOWS\p2hhr.bat
2008-12-15 00:24:38 ----A---- C:\WINDOWS\system32\rsekd83jde.dll
2008-12-15 00:24:36 ----A---- C:\WINDOWS\kernel32.exe
2008-12-15 00:24:28 ----A---- C:\WINDOWS\system32\xxyaxWMF.dll
2008-12-15 00:23:19 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-15 00:18:18 ----A---- C:\WINDOWS\system32\cbXNggHY.dll
2008-12-15 00:09:41 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\gadcom
2008-12-15 00:09:27 ----A---- C:\WINDOWS\system32\khfDuRii.dll
2008-12-15 00:04:35 ----SH---- C:\WINDOWS\system32\eleleyih.ini
2008-12-14 23:56:48 ----D---- C:\WINDOWS\pss
2008-12-14 23:52:22 ----D---- C:\Program Files\Trend Micro
2008-12-11 15:09:08 ----A---- C:\WINDOWS\SW_Win2000X1.DLL
2008-12-11 15:09:02 ----A---- C:\WINDOWS\SW_Win2146X32.DLL
2008-12-11 14:57:19 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Help
2008-12-11 14:57:11 ----A---- C:\WINDOWS\CX_SearchHistory.INI
2008-12-11 14:57:05 ----A---- C:\WINDOWS\system32\tx13_wnd.dll
2008-12-11 14:57:05 ----A---- C:\WINDOWS\system32\tx13_tls.dll
2008-12-11 14:57:05 ----A---- C:\WINDOWS\system32\tx13_rtf.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_pdf.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_obj.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_ic.ini
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_ic.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_htm.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_doc.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_css.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\SARzilla.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\RegisterExe.exe
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\DVM.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\C-XLS.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\CSVSpecialProcessing.dll
2008-12-11 14:57:03 ----D---- C:\Program Files\Softinterface, Inc
2008-12-11 14:10:22 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Blackberry Desktop
2008-12-11 14:09:38 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Research In Motion
2008-12-11 10:42:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 23:41:05 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-10 23:41:04 ----D---- C:\Program Files\Research In Motion
2008-12-10 23:41:02 ----SHD---- C:\Config.Msi
2008-12-10 23:35:23 ----D---- C:\Program Files\MSXML 6.0
2008-11-23 14:20:07 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\FileZilla
2008-11-23 14:20:01 ----D---- C:\Program Files\FileZilla FTP Client
2008-11-23 13:44:36 ----D---- C:\Program Files\IDM Computer Solutions
2008-11-23 13:44:36 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\IDMComp
2008-11-22 16:53:46 ----D---- C:\WINDOWS\WBEM
2008-11-22 16:53:44 ----D---- C:\WINDOWS\system32\en-US
2008-11-22 16:50:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-22 16:49:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-22 16:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-22 16:48:41 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-22 15:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-22 15:47:55 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-22 15:47:51 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-22 15:47:34 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-22 15:45:40 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-22 15:37:14 ----D---- C:\Documents and Settings\All Users\Application Data\MediaMall
2008-11-22 15:34:50 ----RSD---- C:\WINDOWS\assembly
2008-11-22 15:34:50 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-22 15:34:48 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-20 07:38:19 ----D---- C:\Program Files\TightVNC
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\px.dll
2008-11-19 22:39:17 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-19 22:39:10 ----D---- C:\Program Files\Google
2008-11-17 22:24:04 ----D---- C:\xampp

======List of files/folders modified in the last 1 months======

2008-12-15 14:12:31 ----SH---- C:\boot.ini
2008-12-15 14:12:31 ----A---- C:\WINDOWS\win.ini
2008-12-15 14:12:31 ----A---- C:\WINDOWS\system.ini
2008-12-15 14:08:56 ----D---- C:\Program Files\Mozilla Firefox
2008-12-15 14:05:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 13:42:46 ----D---- C:\WINDOWS\Prefetch
2008-12-15 13:42:34 ----D---- C:\WINDOWS\Temp
2008-12-15 13:00:01 ----D---- C:\WINDOWS\system32
2008-12-15 12:00:08 ----SHD---- C:\RECYCLER
2008-12-15 11:36:29 ----D---- C:\WINDOWS
2008-12-15 02:46:32 ----D---- C:\WINDOWS\system32\drivers
2008-12-15 02:46:21 ----RD---- C:\Program Files
2008-12-15 02:39:16 ----D---- C:\Documents and Settings
2008-12-15 02:18:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-15 02:18:23 ----HD---- C:\WINDOWS\inf
2008-12-15 02:18:23 ----D---- C:\WINDOWS\Help
2008-12-15 02:18:23 ----D---- C:\Program Files\Windows Media Player
2008-12-15 02:18:23 ----D---- C:\Program Files\Internet Explorer
2008-12-15 01:58:17 ----SHD---- C:\WINDOWS\Installer
2008-12-15 01:56:43 ----D---- C:\Program Files\ESET
2008-12-15 01:51:29 ----D---- C:\WINDOWS\WinSxS
2008-12-15 01:51:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-15 01:42:44 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 01:42:19 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-15 01:40:56 ----D---- C:\WINDOWS\Media
2008-12-15 01:40:05 ----D---- C:\Program Files\Common Files
2008-12-15 01:39:06 ----D---- C:\Program Files\Java
2008-12-15 01:35:52 ----D---- C:\Program Files\AviSynth 2.5
2008-12-15 01:35:42 ----D---- C:\Program Files\Apple Software Update
2008-12-15 01:35:38 ----SD---- C:\WINDOWS\Tasks
2008-12-15 01:34:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-15 01:05:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-15 01:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 00:20:02 ----D---- C:\Program Files\mIRC
2008-12-15 00:19:43 ----D---- C:\WINDOWS\Registration
2008-12-11 10:39:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 10:38:36 ----D---- C:\Program Files\Juniper Networks
2008-12-10 23:57:15 ----D---- C:\Program Files\InstallShield Installation Information
2008-12-10 23:56:40 ----D---- C:\Program Files\Avi2Dvd
2008-12-10 23:54:55 ----A---- C:\WINDOWS\hpdj5600.ini
2008-12-10 23:54:53 ----D---- C:\Program Files\Hewlett-Packard
2008-12-09 14:10:16 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Mozilla
2008-11-25 08:36:45 ----D---- C:\FTP
2008-11-23 14:17:53 ----D---- C:\Program Files\FileZilla
2008-11-22 17:04:23 ----D---- C:\WINDOWS\AppPatch
2008-11-22 16:48:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-22 15:46:18 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-17 22:21:49 ----D---- C:\Program Files\xampp
2008-11-16 18:24:06 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-15 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-24 3712]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-06 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys []
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SDVC05;USB SDVC05; C:\WINDOWS\System32\Drivers\SDVC05.sys [2003-07-22 18088]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-06 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R2 FileZilla Server;FileZilla Server FTP server; c:\xampp\FileZillaFTP\FileZillaServer.exe [2008-07-30 587776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mysql;mysql; C:\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 hpdj;hpdj; C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product= []
S2 hpdj5600;hpdj5600; C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj5600.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product=5600 []
S2 XAMPP;XAMPP Service; C:\Program Files\xampp\service.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

info.txt
----------

info.txt logfile of random's system information tool 1.04 2008-12-15 14:14:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{034E061B-B3A3-4123-842E-10C1B6B3C8C7}
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{034E061B-B3A3-4123-842E-10C1B6B3C8C7}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Convert XLS-->"C:\Program Files\Softinterface, Inc\Convert XLS\unins000.exe"
CUE Splitter-->MsiExec.exe /I{12B60D3B-90B4-4175-BB90-FCE19ACD9B02}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
FileZilla Client 3.1.5.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Security Update for Excel 2007 (KB934670)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD098537-8857-4065-B4B6-AC023CB2C48E}
Security Update for Office 2007 (KB934062)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
SimCity 3000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
UltraEdit 14.20-->MsiExec.exe /I{D4948A0D-402F-4966-AE08-76574503E9A4}
Update for Office 2007 (KB932080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934391)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB933493)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {23F2FF76-ABCD-421D-9860-0D0B2999D028}
Update for Outlook 2007 Junk Email Filter (KB934655)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F7185592-E40D-476E-9BC4-38DF96EE176B}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Word 2007 (KB934173)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XAMPP 1.6.8-->"c:\xampp\uninstall.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Hosts File======

127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babe.k-lined.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 did.i-used.cc
127.0.0.1 www.did.i-used.cc
127.0.0.1 coolwwwsearch.com
127.0.0.1 www.coolwwwsearch.com
127.0.0.1 coolwebsearch.com
127.0.0.1 www.coolwebsearch.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=2.1.5
"SESSIONID"=1211898946648g1u0355c.austin.hp.com264c33b:11a4070a4bb:-71b9
"COLLECTIONID"=COL7299
"ITEMID"=oj-21918-1
"UPDATEDIR"=C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\radAA02B.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPP
"LANG"=1033
"TIMEOUT"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 16 December 2008 - 12:43 AM

My Firefox browser was hijacked and I couldn't click on any website from a google search (including bitdefender, eset etc.) I was able to run the spybot s&d executable, but no GUI showed up. I was unable to install any virus program (McAfee, Eset) until I tried AVG free in safe mode with a manual update. Upon scanning, it found Vundo.CI, Vundo.CJ, and Vundo.H and supposedly removed the viruses upon restart. When I booted up again, I was still unable to search and the resident executables were still running. I tried to install HJT and MDAM to no avail. In both cases, the install processes showed up in task manager but there was no GUI.

Above is the RSIT logs. Is it necessary to post the the DDS logs as well?

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 19 December 2008 - 02:50 PM

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Double click combofix.exe and follow the prompts. Make sure you install Recovery Console if asked.
When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 December 2008 - 10:23 AM

I double clicked combofix.exe to run it off the desktop, but nothing happened. I don't even wee the exe in task manager.

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 23 December 2008 - 01:44 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Run RSIT again.. make sure you change the List files/folders created or modified in the last 3 months


Post these logs in your next reply..

1. Malwarebytes'
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 December 2008 - 02:32 PM

Unfortunately, the same issue happens. I double clicked mbam-setup.exe and nothing happens (it is not even in the task manager).

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 23 December 2008 - 11:35 PM

Rename ComboFix to Combo-Fix and run it.. Post the log here please :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 24 December 2008 - 12:26 AM

Couldn't install recovery console as my internet connection is not working on that computer...(seems to be a result of the infection, not a hardware issue)

ComboFix Log:

ComboFix 08-12-21.04 - Gabriel Ayache 2008-12-24 0:18:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1151.733 [GMT -5:00]
Running from: c:\documents and settings\Gabriel Ayache\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gabriel Ayache\Application Data\gadcom
c:\documents and settings\Gabriel Ayache\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\kernel32.exe
c:\windows\SW_Win2000X1.DLL
c:\windows\SW_Win2146X32.DLL
c:\windows\system32\cbXNggHY.dll
c:\windows\system32\drivers\TDSSrfdt.sys
c:\windows\system32\eleleyih.ini
c:\windows\system32\khfDuRii.dll
c:\windows\system32\rsekd83jde.dll
c:\windows\system32\TDSSayoa.log
c:\windows\system32\TDSSedwv.dll
c:\windows\system32\TDSSfvfe.dll
c:\windows\system32\TDSShrgi.dll
c:\windows\system32\TDSSjfhc.dll
c:\windows\system32\TDSSmhvw.log
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSoblw.dll
c:\windows\system32\TDSSpusx.dll
c:\windows\system32\TDSSwero.dat
c:\windows\system32\xxyaxWMF.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
.

2008-12-15 14:14 . 2008-12-15 14:22 <DIR> d-------- C:\rsit
2008-12-15 12:30 . 2008-12-15 12:51 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-15 02:46 . 2008-12-15 12:21 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-15 02:46 . 2008-12-15 02:46 <DIR> d-------- c:\program files\AVG
2008-12-15 02:46 . 2008-12-15 11:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-15 02:46 . 2008-12-15 02:46 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-15 02:46 . 2008-12-15 02:46 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-15 02:39 . 2008-12-15 02:49 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 02:30 . 2008-12-15 02:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-15 02:22 . 2008-12-15 02:23 23,392 --a------ c:\windows\system32\nscompat.tlb
2008-12-15 02:22 . 2008-12-15 02:23 16,832 --a------ c:\windows\system32\amcompat.tlb
2008-12-15 01:08 . 2008-12-15 01:08 <DIR> d-------- c:\documents and settings\Gabriel Ayache\Application Data\ESET
2008-12-15 00:27 . 2008-12-15 00:27 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-15 00:24 . 2008-12-15 00:24 46 --a------ c:\windows\p2hhr.bat
2008-12-15 00:23 . 2008-12-15 01:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-12-14 23:52 . 2008-12-14 23:52 <DIR> d-------- c:\program files\Trend Micro
2008-12-11 14:57 . 2008-12-11 14:57 <DIR> d-------- c:\program files\Softinterface, Inc
2008-12-11 14:10 . 2008-12-11 14:10 <DIR> d-------- c:\documents and settings\Gabriel Ayache\Application Data\Blackberry Desktop
2008-12-11 14:09 . 2008-12-11 14:09 <DIR> d-------- c:\documents and settings\Gabriel Ayache\Application Data\Research In Motion
2008-12-11 14:09 . 2008-12-11 15:20 256 --a------ c:\windows\system32\pool.bin
2008-12-11 10:42 . 2008-12-11 10:42 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-10 23:54 . 2007-05-22 01:31 231,737 --a------ c:\windows\hpdj5600.hi2
2008-12-10 23:54 . 2007-05-22 01:31 10,890 --a------ c:\windows\hpdj5600.bu2
2008-12-10 23:41 . 2008-12-10 23:41 <DIR> d-------- c:\program files\Research In Motion
2008-12-10 23:41 . 2008-12-10 23:41 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-12-10 23:41 . 2007-01-18 10:24 26,496 -ra------ c:\windows\system32\drivers\RimSerial.sys
2008-12-10 23:35 . 2008-12-10 23:35 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-09 12:30 . 2008-12-09 12:30 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Juniper Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 06:56 --------- d-----w c:\program files\ESET
2008-12-15 06:43 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-15 06:39 --------- d-----w c:\program files\Java
2008-12-15 06:35 --------- d-----w c:\program files\AviSynth 2.5
2008-12-15 06:35 --------- d-----w c:\program files\Apple Software Update
2008-12-15 06:05 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-15 06:05 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 05:20 --------- d-----w c:\program files\mIRC
2008-12-15 02:53 --------- d-----w c:\documents and settings\Gabriel Ayache\Application Data\FileZilla
2008-12-11 15:40 --------- d-----w c:\program files\TightVNC
2008-12-11 15:38 --------- d-----w c:\program files\Juniper Networks
2008-12-11 04:57 --------- d-----w c:\program files\InstallShield Installation Information
2008-12-11 04:56 --------- d-----w c:\program files\Avi2Dvd
2008-12-11 04:54 --------- d-----w c:\program files\Hewlett-Packard
2008-12-10 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\MediaMall
2008-12-01 15:22 720,896 ----a-w c:\windows\system32\C-XLS.dll
2008-11-23 19:20 --------- d-----w c:\program files\FileZilla FTP Client
2008-11-23 19:17 --------- d-----w c:\program files\FileZilla
2008-11-23 18:44 --------- d-----w c:\program files\IDM Computer Solutions
2008-11-23 18:44 --------- d-----w c:\documents and settings\Gabriel Ayache\Application Data\IDMComp
2008-11-20 03:39 --------- d-----w c:\program files\Google
2008-11-18 03:21 --------- d-----w c:\program files\xampp
2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
2004-08-04 04:56 73,728 --sha-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-05 67128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-15 1261336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-05 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-02-15 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
--a------ 2007-05-07 19:28 589824 c:\program files\TightVNC\WinVNC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-15 97928]
R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice [2008-06-14 17408]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2007-10-16 3712]
S0 black;black;c:\windows\system32\drivers\BlackDrv.sys []
S2 hpdj5600;hpdj5600;c:\docume~1\GABRIE~1\LOCALS~1\Temp\hpdj5600.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product=5600 []
S2 XAMPP;XAMPP Service;c:\program files\xampp\service.exe []
S3 RapFile;RapFile;\??\c:\windows\system32\drivers\RapFile.sys [2007-03-25 36644]
S3 RapNet;RapNet;\??\c:\windows\system32\drivers\RapNet.sys [2007-03-25 24344]
S3 SDVC05;USB SDVC05;c:\windows\system32\Drivers\SDVC05.sys [2007-06-17 18088]
.
- - - - ORPHANS REMOVED - - - -

BHO-{D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\rsekd83jde.dll
BHO-{f93e3ece-fdfa-45c4-a45f-af58065dfad5} - c:\windows\system32\levipona.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\debuwefe.dll
SharedTaskScheduler-{D5BF49A2-94F1-42BD-F434-3604812C807D} - c:\windows\system32\rsekd83jde.dll
MSConfigStartUp-64c215db - c:\windows\system32\hiyelele.dll
MSConfigStartUp-CPM67f12647 - c:\windows\system32\debuwefe.dll
MSConfigStartUp-Jnskdfmf9eldfd - c:\docume~1\GABRIE~1\LOCALS~1\Temp\csrssc.exe
MSConfigStartUp-zanayahupe - c:\windows\system32\javarago.dll


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: *.amaena.com
Trusted Zone: *.avsystemcare.com
Trusted Zone: *.onerateld.com
Trusted Zone: *.safetydownload.com
Trusted Zone: *.trustedantivirus.com
Trusted Zone: *.virusremover2008.com
Trusted Zone: *.virusschlacht.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Gabriel Ayache\Application Data\Mozilla\Firefox\Profiles\k4atlf0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\Gabriel Ayache\Application Data\Mozilla\Firefox\Profiles\k4atlf0c.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-24 00:20:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\xampp\FileZillaFTP\FileZillaServer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\xampp\mysql\bin\mysqld-nt.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-24 0:22:44 - machine was rebooted [Gabriel Ayache]
ComboFix-quarantined-files.txt 2008-12-24 05:22:41

Pre-Run: 8,431,841,280 bytes free
Post-Run: 8,359,747,584 bytes free

200

Edited by Gabriel_NYC, 24 December 2008 - 12:27 AM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 24 December 2008 - 05:17 AM

Its okay.. Now, do as per instruction in Post #5.. The Malwarebytes' Anti-Malware step..

Download >> Install >> Update >> Perform a Full Scan >> Remove everything you find >> Post the log here :thumbsup:

If you still can't run the Malwarebytes', please tell me :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 24 December 2008 - 06:18 PM

MBAM Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1539
Windows 5.1.2600 Service Pack 2

12/24/2008 6:14:27 PM
mbam-log-2008-12-24 (18-14-27).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 106068
Time elapsed: 1 hour(s), 15 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\kernel32.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbXNggHY.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\khfDuRii.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxyaxWMF.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C0587BF-7965-4120-BFB1-2DA4A055F0B2}\RP0\A0000024.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C0587BF-7965-4120-BFB1-2DA4A055F0B2}\RP0\A0000028.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C0587BF-7965-4120-BFB1-2DA4A055F0B2}\RP0\A0000030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C0587BF-7965-4120-BFB1-2DA4A055F0B2}\RP0\A0000032.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\putizoje.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\werosere.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lakalozo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avgrsstx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


RSIT Log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Gabriel Ayache at 2008-12-24 18:16:01
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (26%) free of 31 GB
Total RAM: 1151 MB (55% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-03 158208]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2008-11-04 615696]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-15 1261336]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-05 67128]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]
C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\system32\dllhost.exe"="C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======File associations======

.ini - open - notepad.exe %1
.js - edit -
.js - open - "C:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe" "%1"
.txt - open - notepad.exe %1

======List of files/folders created in the last 3 months======

2008-12-24 16:45:21 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Malwarebytes
2008-12-24 16:45:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-24 16:45:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-24 00:22:47 ----D---- C:\WINDOWS\temp
2008-12-24 00:22:45 ----A---- C:\ComboFix.txt
2008-12-24 00:10:03 ----A---- C:\WINDOWS\zip.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\VFIND.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\SWSC.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\SWREG.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\sed.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\grep.exe
2008-12-24 00:10:03 ----A---- C:\WINDOWS\fdsv.exe
2008-12-24 00:09:58 ----D---- C:\WINDOWS\ERDNT
2008-12-24 00:09:58 ----D---- C:\Qoobox
2008-12-15 14:14:45 ----D---- C:\rsit
2008-12-15 12:30:35 ----HD---- C:\$AVG8.VAULT$
2008-12-15 11:36:29 ----D---- C:\WINDOWS\CSC
2008-12-15 02:46:21 ----D---- C:\Program Files\AVG
2008-12-15 02:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-15 02:30:15 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-12-15 02:18:25 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-15 01:08:12 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\ESET
2008-12-15 00:27:37 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-15 00:24:57 ----A---- C:\WINDOWS\p2hhr.bat
2008-12-15 00:23:19 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2008-12-14 23:56:48 ----D---- C:\WINDOWS\pss
2008-12-14 23:52:22 ----D---- C:\Program Files\Trend Micro
2008-12-11 14:57:19 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Help
2008-12-11 14:57:11 ----A---- C:\WINDOWS\CX_SearchHistory.INI
2008-12-11 14:57:05 ----A---- C:\WINDOWS\system32\tx13_wnd.dll
2008-12-11 14:57:05 ----A---- C:\WINDOWS\system32\tx13_tls.dll
2008-12-11 14:57:05 ----A---- C:\WINDOWS\system32\tx13_rtf.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_pdf.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_obj.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_ic.ini
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_ic.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_htm.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_doc.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13_css.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\tx13.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\SARzilla.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\RegisterExe.exe
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\DVM.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\C-XLS.dll
2008-12-11 14:57:04 ----A---- C:\WINDOWS\system32\CSVSpecialProcessing.dll
2008-12-11 14:57:03 ----D---- C:\Program Files\Softinterface, Inc
2008-12-11 14:10:22 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Blackberry Desktop
2008-12-11 14:09:38 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Research In Motion
2008-12-11 10:42:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-10 23:41:05 ----D---- C:\Program Files\Common Files\Research In Motion
2008-12-10 23:41:04 ----D---- C:\Program Files\Research In Motion
2008-12-10 23:41:02 ----SHD---- C:\Config.Msi
2008-12-10 23:35:23 ----D---- C:\Program Files\MSXML 6.0
2008-11-23 14:20:07 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\FileZilla
2008-11-23 14:20:01 ----D---- C:\Program Files\FileZilla FTP Client
2008-11-23 13:44:36 ----D---- C:\Program Files\IDM Computer Solutions
2008-11-23 13:44:36 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\IDMComp
2008-11-22 16:53:46 ----D---- C:\WINDOWS\WBEM
2008-11-22 16:53:44 ----D---- C:\WINDOWS\system32\en-US
2008-11-22 16:50:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-22 16:49:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-22 16:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-22 16:48:41 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-22 15:48:20 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-11-22 15:47:55 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-11-22 15:47:51 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-22 15:47:34 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-22 15:45:40 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-22 15:37:14 ----D---- C:\Documents and Settings\All Users\Application Data\MediaMall
2008-11-22 15:34:50 ----RSD---- C:\WINDOWS\assembly
2008-11-22 15:34:50 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-22 15:34:48 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-20 07:38:19 ----D---- C:\Program Files\TightVNC
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-11-19 22:40:10 ----N---- C:\WINDOWS\system32\px.dll
2008-11-19 22:39:17 ----D---- C:\WINDOWS\system32\IOSUBSYS
2008-11-19 22:39:10 ----D---- C:\Program Files\Google
2008-11-17 22:24:04 ----D---- C:\xampp

======List of files/folders modified in the last 3 months======

2008-12-24 18:14:27 ----D---- C:\WINDOWS\system32
2008-12-24 16:45:21 ----D---- C:\WINDOWS\Prefetch
2008-12-24 16:45:19 ----D---- C:\WINDOWS\system32\drivers
2008-12-24 16:45:16 ----RD---- C:\Program Files
2008-12-24 00:22:47 ----D---- C:\WINDOWS
2008-12-24 00:22:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-24 00:21:05 ----A---- C:\WINDOWS\system.ini
2008-12-24 00:19:43 ----D---- C:\WINDOWS\system32\config
2008-12-24 00:19:01 ----D---- C:\WINDOWS\AppPatch
2008-12-24 00:19:01 ----D---- C:\Program Files\Common Files
2008-12-24 00:17:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-15 14:13:51 ----SHD---- C:\System Volume Information
2008-12-15 14:13:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-15 14:12:31 ----SH---- C:\boot.ini
2008-12-15 14:12:31 ----A---- C:\WINDOWS\win.ini
2008-12-15 14:08:56 ----D---- C:\Program Files\Mozilla Firefox
2008-12-15 02:39:16 ----D---- C:\Documents and Settings
2008-12-15 02:18:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-15 02:18:23 ----HD---- C:\WINDOWS\inf
2008-12-15 02:18:23 ----D---- C:\WINDOWS\Help
2008-12-15 02:18:23 ----D---- C:\Program Files\Windows Media Player
2008-12-15 02:18:23 ----D---- C:\Program Files\Internet Explorer
2008-12-15 01:58:17 ----SHD---- C:\WINDOWS\Installer
2008-12-15 01:56:43 ----D---- C:\Program Files\ESET
2008-12-15 01:51:29 ----D---- C:\WINDOWS\WinSxS
2008-12-15 01:51:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-15 01:42:44 ----A---- C:\WINDOWS\imsins.BAK
2008-12-15 01:40:56 ----D---- C:\WINDOWS\Media
2008-12-15 01:39:06 ----D---- C:\Program Files\Java
2008-12-15 01:35:52 ----D---- C:\Program Files\AviSynth 2.5
2008-12-15 01:35:42 ----D---- C:\Program Files\Apple Software Update
2008-12-15 01:35:38 ----SD---- C:\WINDOWS\Tasks
2008-12-15 01:34:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-15 01:05:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-15 01:05:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 00:20:02 ----D---- C:\Program Files\mIRC
2008-12-15 00:19:43 ----D---- C:\WINDOWS\Registration
2008-12-11 10:39:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-11 10:38:36 ----D---- C:\Program Files\Juniper Networks
2008-12-10 23:57:15 ----D---- C:\Program Files\InstallShield Installation Information
2008-12-10 23:56:40 ----D---- C:\Program Files\Avi2Dvd
2008-12-10 23:54:55 ----A---- C:\WINDOWS\hpdj5600.ini
2008-12-10 23:54:53 ----D---- C:\Program Files\Hewlett-Packard
2008-12-09 14:10:16 ----D---- C:\Documents and Settings\Gabriel Ayache\Application Data\Mozilla
2008-11-25 08:36:45 ----D---- C:\FTP
2008-11-23 14:17:53 ----D---- C:\Program Files\FileZilla
2008-11-22 16:48:46 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-22 15:46:18 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-17 22:21:49 ----D---- C:\Program Files\xampp
2008-11-16 18:24:06 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-15 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-05-24 3712]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 E1000;Intel® PRO/1000 Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2004-11-22 176128]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-06 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys []
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-05-10 27264]
S3 RapFile;RapFile; \??\C:\WINDOWS\system32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\system32\drivers\RapNet.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 SDVC05;USB SDVC05; C:\WINDOWS\System32\Drivers\SDVC05.sys [2003-07-22 18088]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-06 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache2.2;Apache2.2; C:\xampp\apache\bin\apache.exe [2008-06-14 17408]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
R2 FileZilla Server;FileZilla Server FTP server; c:\xampp\FileZillaFTP\FileZillaServer.exe [2008-07-30 587776]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mysql;mysql; C:\xampp\mysql\bin\mysqld-nt.exe [2008-08-04 5779456]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 hpdj;hpdj; C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product= []
S2 hpdj5600;hpdj5600; C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj5600.exe -servicerunning=true -uninstall=hp deskjet 5600 series -product=5600 []
S2 XAMPP;XAMPP Service; C:\Program Files\xampp\service.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-07 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 December 2008 - 06:27 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


NEXT


Please download HijackThis and save it into Desktop.
  • Double-click on HJTInstall.exe and install HijackThis in its default location C:\Program Files\Trend Micro\HijackThis folder
  • Next, please click on Do a system scan and save a logfile
  • After the scan finished, a HijackThis log will pop-on to your Desktop.
  • Please DO NOT fix anything inside HijackThis.. Most of the entries are legit and even needed..
  • Please post the content of that log in your next reply..


Post these logs in your next reply..

1. ESET Online Scanner
2. HijackThis log

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 28 December 2008 - 09:59 PM

Eset Log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3719 (20081227)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=f03bc45e88b98e48b2f9e4db534e560c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-12-29 02:56:27
# local_time=2008-12-28 09:56:27 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=157937
# found=0
# scan_time=1368


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:58:32 PM, on 12/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.istarfinancial.com/dana-cached/...perSetupSP1.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj5600 - Unknown owner - C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj5600.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe (file missing)

--
End of file - 6375 bytes


I'm not sure if this is related, but IE7 is not displaying any images.

Edited by Gabriel_NYC, 28 December 2008 - 10:00 PM.


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 29 December 2008 - 10:35 AM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis



NEXT


Please download CCleaner and save it to your Desktop.
  • Run the installer, and uncheck the option to install Yahoo Toolbar (unless you want Yahoo Toolbar).
  • Once installed, run CCleaner, click the Windows [tab]
  • The following should be selected by default, if not, please select:
    Posted Image
  • Next: click Options click the Settings tab
  • Uncheck: "Only delete files older than 48 hrs.", click Ok
  • Then click Run Cleaner (bottom right).. Let it scan until finish. After that click Exit

Post me a fresh HijackThis log and then tell me, how is the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Gabriel_NYC

Gabriel_NYC
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 29 December 2008 - 11:16 AM

Computer seems to be working fine but IE7 is still not displaying images for some reason...

Thanks for all the help!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:43 AM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\xampp\FileZillaFTP\FileZillaServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.istarfinancial.com/dana-cached/...perSetupSP1.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj5600 - Unknown owner - C:\DOCUME~1\GABRIE~1\LOCALS~1\Temp\hpdj5600.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampp\service.exe (file missing)

--
End of file - 6096 bytes

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 29 December 2008 - 10:27 PM

About your IE7 problem, have a look at below webpage and do all the suggested steps.. Then, tell me more about it :thumbsup:

http://support.microsoft.com/kb/283807

Edited by fenzodahl512, 29 December 2008 - 10:28 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users