Antispyware Master

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

2 Pages

1 2 >

Antispyware Master

Options

chubb3g114 View Member Profile	May 16 2008, 04:59 AM Post #1
Member Posts: 12 OS: XP	Hi My computer has been infected with the download "MediaTubeCodec _ver1.725.4exe" apart from the pop-ups, Task manager has been disabled, I cannot use system restore, automatic updates is turned off, my browser, Firefox will not load nor will google and some sites like Geeks to go just hang after the main page has loaded so I cannot use any of the fixes on your site. I have used AVG, Ad-aware, Spyhunter, Spybot and Bitdefender have also managed to run Smitfraudfix but my computer is still the same, help. sad.gif p.s. using my laptop to send this.

Tal View Member Profile	May 17 2008, 04:40 AM Post #2
Trusted Helper Posts: 2,133 From: Tel-Aviv, Israel OS: Windows XP Pro SP2	Hi chubb3g114, welcome to GeeksToGo. My name is Tal, and I will be helping you in the process of removing malware from your computer. Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer: Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry! Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know. NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask! You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed. Seeing as you can't access many websites, you'll need to use your laptop and a USB disk (or any other storage device) to transfer the required tools to the infected PC. We'll start off with running DSS to get a good look on what's going on inside. On your laptop: please download Deckard's System Scanner (DSS) and save it to your Desktop. Using a USB disk or any other storage device, transfer dss.exe to the infected PC. Close all other windows on the infected PC before proceeding. Double-click on dss.exe and follow the prompts. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post. Regards, Tal.

chubb3g114 View Member Profile	May 17 2008, 08:47 AM Post #3
Member Posts: 12 OS: XP	Hi Tal, thanks for your e-mail. Deckard's System Scanner v20071014.68 Run by IT on 2008-05-17 13:02:02 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2008-05-17 12:02:10 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2008-05-16 15:57:27 UTC - RP2 - retore for scan 1: 2008-05-16 15:55:21 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. System Drive C: has 0.8 GiB (less than 15%) free. -- HijackThis (run as IT.exe) -------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:03:07, on 17/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\AnyTrial.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\IT\Desktop\dss.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe O2 - BHO: (no name) - {28AA5272-0AB3-4EF5-84F9-D06263F76555} - C:\WINDOWS\system32\rqRijgGv.dll (file missing) O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\iiffFVml.dll O2 - BHO: (no name) - {36CB0AB7-D91F-45DF-8C05-69C97FDABF51} - C:\WINDOWS\system32\jkkJDtut.dll (file missing) O2 - BHO: {f31d16fb-f5ee-b7da-dae4-4ebb999f5905} - {5095f999-bbe4-4ead-ad7b-ee5fbf61d13f} - C:\WINDOWS\system32\bcrdjeip.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7F214EA8-D3EB-4FFC-AC20-69291653F494} - C:\WINDOWS\system32\urqOEXpp.dll (file missing) O2 - BHO: (no name) - {8092E3D1-0DD1-428B-88D8-434341DB59E5} - C:\WINDOWS\system32\ssqRJyVP.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A217E423-42D0-4DD3-B86F-3CF25FAECB62} - C:\WINDOWS\system32\ljJDVpOg.dll (file missing) O2 - BHO: (no name) - {B9B5A8F0-396F-488F-A867-BCE7B5F865CB} - C:\WINDOWS\system32\ddcCUlJa.dll (file missing) O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7} - C:\WINDOWS\system32\ljJBtspo.dll (file missing) O2 - BHO: (no name) - {DA1AF5EB-8C08-4086-A691-008CB0F19165} - C:\WINDOWS\system32\jkkjjhEt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [10e053bb] rundll32.exe "C:\WINDOWS\system32\knnlvjfu.dll",b O4 - HKLM\..\Run: [BM13d36027] Rundll32.exe "C:\WINDOWS\system32\ysdiekhl.dll",s O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads/BU..._2/axofupld.cab O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: iiffFVml - C:\WINDOWS\SYSTEM32\iiffFVml.dll O20 - Winlogon Notify: jkkJyVOI - jkkJyVOI.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp - C:\WINDOWS\AnyTrial.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 19807 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 BDSelfPr - c:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender> R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> S1 SASDIFSV - e:\superantispyware\sasdifsv.sys (file missing) S1 SASKUTIL - e:\superantispyware\saskutil.sys (file missing) S3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt> S3 SASENUM - e:\superantispyware\sasenum.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AnyTrial (BugSoft AnyTrial) - c:\windows\anytrial.exe <Not Verified; Dr.Pc Putte Corp ; AnyTrial> R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer> R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-17 11:48:00 248 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job 2008-05-16 11:58:04 430 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job 2008-02-22 13:00:23 444 --a------ C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job 2008-01-08 23:11:39 332 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job -- Files created between 2008-04-17 and 2008-05-17 ----------------------------- 2008-05-17 08:52:45 116736 --a------ C:\WINDOWS\system32\knnlvjfu.dll 2008-05-17 08:49:48 135680 --a------ C:\WINDOWS\system32\bcrdjeip.dll 2008-05-17 08:47:29 125952 --a------ C:\WINDOWS\system32\ysdiekhl.dll 2008-05-17 08:46:44 711100 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2 2008-05-17 08:46:41 370688 --a------ C:\WINDOWS\system32\jkkjjhEt.dll 2008-05-16 19:01:06 135680 --a------ C:\WINDOWS\system32\kgrlpgtc.dll 2008-05-16 18:46:35 125952 --a------ C:\WINDOWS\system32\btlcwtwa.dll 2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2 2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro 2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com 2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security 2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-16 09:45:06 116736 --a------ C:\WINDOWS\system32\jakxhtym.dll 2008-05-16 09:36:08 135680 --a------ C:\WINDOWS\system32\xqrgirvs.dll 2008-05-16 09:33:48 125952 --a------ C:\WINDOWS\system32\dmfnnbux.dll 2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2 2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll 2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2 2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll 2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll 2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2 2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2 2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2 2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss 2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group 2008-05-14 12:15:08 57344 --a------ C:\WINDOWS\system32\iiffFVml.dll 2008-05-14 10:20:54 94720 --a------ C:\WINDOWS\system32\gqkhstvd.dll 2008-05-14 10:18:02 108544 --a------ C:\WINDOWS\system32\exwokwlx.dll 2008-05-14 10:17:54 105984 --a------ C:\WINDOWS\system32\pofavgit.dll 2008-05-13 10:23:58 105984 --a------ C:\WINDOWS\system32\suekdhxn.dll 2008-05-13 10:17:58 104960 --a------ C:\WINDOWS\system32\cjchinld.dll 2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft 2008-05-12 10:17:44 104960 --a------ C:\WINDOWS\system32\fnybipok.dll 2008-05-12 10:15:48 105984 --a------ C:\WINDOWS\system32\xjmqoclx.dll 2008-05-11 10:18:52 106496 --a------ C:\WINDOWS\system32\ounveuhj.dll 2008-05-11 10:14:25 104960 --a------ C:\WINDOWS\system32\bfpplbwo.dll 2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6 2008-05-10 10:01:40 106496 --a------ C:\WINDOWS\system32\vktsoncp.dll 2008-05-10 10:00:18 104960 --a------ C:\WINDOWS\system32\mtrdlwxu.dll 2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up 2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin 2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender 2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender 2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender 2008-05-09 09:32:19 105472 --a------ C:\WINDOWS\system32\sqfjbuuy.dll 2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2 2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de 2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!> 2008-04-29 13:57:56 0 d-------- C:\ISIS 2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller> 2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS 2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent 2008-04-22 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom 2008-04-22 17:08:05 0 d-------- C:\Program Files\TomTom HOME 2 -- Find3M Report --------------------------------------------------------------- 2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate 2008-05-17 10:30:36 79479 --a------ C:\logfile 2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat 2008-05-16 09:26:32 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent 2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat 2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files 2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator> 2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso 2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME 2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA 2008-03-22 12:08:40 0 d-------- C:\Program Files\Easy Video Downloader 2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml 2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log 2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine> 2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf 2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat 2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp ; AnyTrial> 2008-02-24 16:50:42 73 --a------ C:\WINDOWS\system32\installerror.dat -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28AA5272-0AB3-4EF5-84F9-D06263F76555}] C:\WINDOWS\system32\rqRijgGv.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}] 14/05/2008 12:15 57344 --a------ C:\WINDOWS\system32\iiffFVml.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36CB0AB7-D91F-45DF-8C05-69C97FDABF51}] C:\WINDOWS\system32\jkkJDtut.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5095f999-bbe4-4ead-ad7b-ee5fbf61d13f}] 17/05/2008 08:49 135680 --a------ C:\WINDOWS\system32\bcrdjeip.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F214EA8-D3EB-4FFC-AC20-69291653F494}] C:\WINDOWS\system32\urqOEXpp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8092E3D1-0DD1-428B-88D8-434341DB59E5}] C:\WINDOWS\system32\ssqRJyVP.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A217E423-42D0-4DD3-B86F-3CF25FAECB62}] C:\WINDOWS\system32\ljJDVpOg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9B5A8F0-396F-488F-A867-BCE7B5F865CB}] C:\WINDOWS\system32\ddcCUlJa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7}] C:\WINDOWS\system32\ljJBtspo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA1AF5EB-8C08-4086-A691-008CB0F19165}] 17/05/2008 08:46 370688 --a------ C:\WINDOWS\system32\jkkjjhEt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [] "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/05/2008 13:21] "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [09/05/2008 13:21] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23/01/2008 14:47] "10e053bb"="C:\WINDOWS\system32\knnlvjfu.dll" [17/05/2008 08:52] "BM13d36027"="C:\WINDOWS\system32\ysdiekhl.dll" [17/05/2008 08:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="E:\SUPERAntiSpyware\SUPERAntiSpyware.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\iiffFVml.dll [14/05/2008 12:15 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffFVml] iiffFVml.dll 14/05/2008 12:15 57344 C:\WINDOWS\system32\iiffFVml.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJyVOI] jkkJyVOI.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjjhEt [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe "InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe "SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe "LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "PMX Daemon"=ICO.EXE "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE "Persistence"=C:\WINDOWS\system32\igfxpers.exe "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe "10e053bb"=rundll32.exe "C:\WINDOWS\system32\gqkhstvd.dll",b "BM13d36027"=Rundll32.exe "C:\WINDOWS\system32\pofavgit.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx scan [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f264675-e51b-11dc-8cd7-00188b6175a8}] AutoRun\command- G:\InstallTomTomHOME.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" -- Hosts ----------------------------------------------------------------------- 127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com -- End of Deckard's System Scanner: finished at 2008-05-17 13:08:32 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel® Pentium® D CPU 3.00GHz CPU 1: Intel® Pentium® D CPU 3.00GHz Percentage of Memory in Use: 40% Physical Memory (total/avail): 1013.54 MiB / 607.2 MiB Pagefile Memory (total/avail): 2440.8 MiB / 2002.07 MiB Virtual Memory (total/avail): 2047.88 MiB / 1941.61 MiB C: is Fixed (NTFS) - 74.44 GiB total, 0.8 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA3 - 74.5 GiB - 2 partitions \PARTITION0 - Unknown - 54.88 MiB \PARTITION1 (bootable) - Installable File System - 74.44 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. FW: Bitdefender Firewall v8.0 (BitDefender) AV: Bitdefender Antivirus v8.0 (BitDefender) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe::Enabled:DNA" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe::Enabled:BitTorrent" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe::Enabled:EasyShare" "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe::Disabled:Logitech Desktop Messenger" "C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe::Enabled:Nero ProductSetup" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\IT\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=VAUPROP6102 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\IT LOGONSERVER=\\VAUPROP6102 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0605 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\IT\LOCALS~1\Temp TMP=C:\DOCUME~1\IT\LOCALS~1\Temp USERDOMAIN=VAUPROP6102 USERNAME=IT USERPROFILE=C:\Documents and Settings\IT windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- IT (admin)* Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> C:\WINDOWS\NuNInst.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Avidemux 2.4 --> C:\Program Files\Avidemux 2.4\uninstall.exe BitDefender Total Security 2008 --> MsiExec.exe /I{DB368901-C41E-4D86-9809-E0EE635A6939} BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe Broadcom ASF Management Applications --> MsiExec.exe /I{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E} Broadcom Management Programs --> MsiExec.exe /X{FB64BF25-3593-4E4E-AA85-84AEF1D1475F} CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe" Dell ETS Factory Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}\setup.exe" -l0x9 Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413} DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall DVDFab Platinum 4.1.0.0 by Team RES --> "C:\Program Files\DVDFab Platinum 4\unins000.exe" Easy Video Downloader v. 2.0 --> "C:\Program Files\Easy Video Downloader\unins000.exe" EPSON-printersoftware --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -SMT ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB} Hallmark Card Studio 2008 Deluxe --> MsiExec.exe /X{747A6A10-DA58-48C2-A1F0-C15514419C8A} High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} K-Lite Codec Pack 3.6.5 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe" kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344} kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E} kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1} kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B} kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4} kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC} kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549} Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_8928da\Setup.exe /APR-REMOVE LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe" LightScribe System Software 1.12.29.2 --> MsiExec.exe /X{CF8C077A-B467-4C43-8DB5-3A9B94FF9681} LightScribe Template Designs - Fantasy Pack 1 --> MsiExec.exe /X{DE72186D-A4A5-4504-839C-B14FC3432DA1} Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9 Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG Magic Video Converter Trial Version (English) 8.0.2.18 --> "C:\Program Files\Magic Video Converter\unins000.exe" MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA} Microsoft CAPICOM 2.1.0.2 SDK --> MsiExec.exe /I{2FF43F5D-5729-4E02-A548-310E30A5F29B} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mouse Suite for Desktop Computers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\setup.exe" -l0x9 -removeonly Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} My Photo Calendars and Cards --> MsiExec.exe /I{E285C3A0-C883-4B42-849D-8BA71768EE64} Nero 7 Essentials --> MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1033} neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} PDF-XChange PDF Viewer --> "C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe" Photo Viewer 2.3 --> "C:\Program Files\Photo Viewer\uninstall.exe" Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe" PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} SecurDisc Viewer --> MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210} SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 SuperMegaSpoof 2.0 --> "C:\Program Files\MegaSpoof\unins000.exe" SureThing CD Labeler LightScribe 5.0.581.0 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe" TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} Ultra Video Joiner 4.6.1114 --> "C:\Program Files\Ultra Video Joiner\unins000.exe" Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe" Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe" VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66} Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750} Windows Live Toolbar Extension (Wind

Tal View Member Profile	May 17 2008, 12:40 PM Post #4
Trusted Helper Posts: 2,133 From: Tel-Aviv, Israel OS: Windows XP Pro SP2	Hello again, You have Vundo in there, we'll try using VundoFix. If it doesn't work we'll taunt it using a manual method. Download VundoFix to your laptop and transfer it - however, try downloading it to the infected machine first, see if that doesn't work. Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Please include a new DSS log (it will only produce main.txt this time) and the VundoFix log in your next reply. Tal

chubb3g114

May 18 2008, 03:55 AM

Post #5

Member

Posts: 12
OS: XP

Hello Tal, Thank you very much for your time and effort.
I ran Vundofix and when it finished it said "no infected files found" I clicked on remove Vundo it said "removing files" and about two hours later I had an animation of Bugs eating the Vundo window, so I closed Vundow and ran DSS. Cannot find the Vundofix log when I click on export log it puts a file on desktop which is empty.

Deckard's System Scanner v20071014.68
Run by IT on 2008-05-18 10:30:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.8 GiB (less than 15%) free.

-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:31, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {28AA5272-0AB3-4EF5-84F9-D06263F76555} - C:\WINDOWS\system32\rqRijgGv.dll (file missing)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\iiffFVml.dll
O2 - BHO: (no name) - {36CB0AB7-D91F-45DF-8C05-69C97FDABF51} - C:\WINDOWS\system32\jkkJDtut.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7F214EA8-D3EB-4FFC-AC20-69291653F494} - C:\WINDOWS\system32\urqOEXpp.dll (file missing)
O2 - BHO: (no name) - {8092E3D1-0DD1-428B-88D8-434341DB59E5} - C:\WINDOWS\system32\ssqRJyVP.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {eac4ceff-83f5-c22b-d614-2c3db17e1c1a} - {a1c1e71b-d3c2-416d-b22c-5f38ffec4cae} - C:\WINDOWS\system32\qwbotjap.dll
O2 - BHO: (no name) - {A217E423-42D0-4DD3-B86F-3CF25FAECB62} - C:\WINDOWS\system32\ljJDVpOg.dll (file missing)
O2 - BHO: (no name) - {B9B5A8F0-396F-488F-A867-BCE7B5F865CB} - C:\WINDOWS\system32\ddcCUlJa.dll (file missing)
O2 - BHO: (no name) - {BC5B5D55-9CF5-4F85-8836-E33987776099} - C:\WINDOWS\system32\jkkjjhEt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7} - C:\WINDOWS\system32\ljJBtspo.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [BM13d36027] Rundll32.exe "C:\WINDOWS\system32\mslsgrif.dll",s
O4 - HKLM\..\Run: [10e053bb] rundll32.exe "C:\WINDOWS\system32\ragsgcas.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.co.uk/downloads/BU..._2/axofupld.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws