Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo. EDO, Vundo.EES & Virtumonde. Dll

Started by mikka_78 , Mar 26 2008 09:32 AM

  • Please log in to reply

#1
mikka_78
Posted 26 March 2008 - 09:32 AM

mikka_78

    New Member

  • Member
  • Pip
  • 1 posts
Hi there,

I'd appreciate any help with this. I appear to have Vundo.EDO, Vundo.EDS and Virtumonde present on my computer. I've tried a number of fixes, including VundoFix, VirtumundoBeGone, Spybot, AD-Aware and Bit-Defender Free Edition Volume 10. I think I have sorted out my problem Virtumonde with Spybot, as it no longer registers when the scan is completed, however Im not confident , i think this maybe a false positive. I have been trying to remove Vundo.EDO & Vundo.EDS. for days. Bit-Defender keeps on moving them to Quarintine and I keep deleting it from there but its always there in the System Volume Information folder on the next scan (I tried to access the System Volume Information folder using the search function and for some reason it does not show up). My computer is a shambles at the moment and i am desperate for some help. Attached below are copies of my HijackThis log, Vundofix log, VirtumundoBeGone log, AD-Aware Scan log and finally my Bit-Defender log.

HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:46 PM, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\NetComm\NB2\dslstat.exe
C:\Program Files\NetComm\NB2\dslagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {236AEA6D-3192-43F5-8EE0-36E90C32B0D1} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8202A0FA-720B-40DE-841B-CDFB94076E73} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.3558\swg.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\NetComm\NB2\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\NetComm\NB2\dslagent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\_avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave...ploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E07F78E-615C-42F9-B92C-366CE16706D8}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: bw+0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {8B27AEDD-63AE-4273-82E7-6EB9519A3962} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 19625 bytes


Vundofix log

VundoFix V7.0.3

Scan started at 5:05:34 PM 26/03/2008

Listing files found while scanning....

No infected files were found.


VirtumundoBeGone log


[03/26/2008, 17:21:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Bousy\Desktop\VirtumundoBeGone.exe" )
[03/26/2008, 17:21:35] - Detected System Information:
[03/26/2008, 17:21:35] - Windows Version: 5.1.2600, Service Pack 2
[03/26/2008, 17:21:35] - Current Username: Bousy (Admin)
[03/26/2008, 17:21:35] - Windows is in NORMAL mode.
[03/26/2008, 17:21:35] - Searching for Browser Helper Objects:
[03/26/2008, 17:21:35] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/26/2008, 17:21:35] - BHO 2: {236AEA6D-3192-43F5-8EE0-36E90C32B0D1} ()
[03/26/2008, 17:21:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/26/2008, 17:21:35] - No filename found. Continuing.
[03/26/2008, 17:21:35] - BHO 3: {28dc4399-9a6a-479f-9f8d-2842d52618a6} ()
[03/26/2008, 17:21:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/26/2008, 17:21:35] - Checking for HKLM\...\Winlogon\Notify\voxudctn
[03/26/2008, 17:21:35] - Key not found: HKLM\...\Winlogon\Notify\voxudctn, continuing.
[03/26/2008, 17:21:35] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/26/2008, 17:21:35] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/26/2008, 17:21:35] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/26/2008, 17:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/26/2008, 17:21:36] - No filename found. Continuing.
[03/26/2008, 17:21:36] - BHO 7: {8202A0FA-720B-40DE-841B-CDFB94076E73} ()
[03/26/2008, 17:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/26/2008, 17:21:36] - No filename found. Continuing.
[03/26/2008, 17:21:36] - BHO 8: {9D757E65-FF9B-45B1-889D-B8F359A4E425} ()
[03/26/2008, 17:21:36] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/26/2008, 17:21:36] - Checking for HKLM\...\Winlogon\Notify\awtqr
[03/26/2008, 17:21:36] - Key not found: HKLM\...\Winlogon\Notify\awtqr, continuing.
[03/26/2008, 17:21:36] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/26/2008, 17:21:36] - Finished Searching Browser Helper Objects
[03/26/2008, 17:21:36] - Finishing up...
[03/26/2008, 17:21:36] - Nothing found! Exiting...


AD-Aware Scan log


Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, 27 March 2008 12:55:03 AM
Using definitions file:SE1R232 25.03.2008
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):23 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Log Ad-Aware events
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


27/03/2008 12:55:04 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Bousy\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Bousy\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\terminal server client\default
Description : list of recent systems connected to using remote desktop / terminal services


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1606980848-1454471165-725345543-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 444
ThreadCreationTime : 26/03/2008 12:27:13 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 26/03/2008 12:27:19 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 26/03/2008 12:27:19 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 26/03/2008 12:27:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 26/03/2008 12:27:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 26/03/2008 12:27:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 832
ThreadCreationTime : 26/03/2008 12:27:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [msmpeng.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 868
ThreadCreationTime : 26/03/2008 12:27:20 PM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Service Executable
InternalName : MsMpEng.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MsMpEng.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 912
ThreadCreationTime : 26/03/2008 12:27:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 26/03/2008 12:27:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 996
ThreadCreationTime : 26/03/2008 12:27:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1292
ThreadCreationTime : 26/03/2008 12:27:23 PM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1320
ThreadCreationTime : 26/03/2008 12:27:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [lvprcsrv.exe]
FilePath : c:\program files\common files\logitech\lvmvfm\
ProcessID : 1368
ThreadCreationTime : 26/03/2008 12:27:23 PM
BasePriority : Normal
FileVersion : 10.0.0.1438
ProductVersion : 10.0.0.1438
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech LVPrcSrv Module.
InternalName : LVPrcSrv.exe
LegalCopyright : © 1996-2006 Logitech. All rights reserved.
OriginalFilename : LVPrcSrv.exe

#:15 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 1468
ThreadCreationTime : 26/03/2008 12:27:24 PM
BasePriority : Normal
FileVersion : 1, 14, 0, 0
ProductVersion : 1, 14, 0, 0
ProductName : Apple Mobile Device Service
CompanyName : Apple, Inc.
FileDescription : Apple Mobile Device Service
InternalName : usbaapld
LegalCopyright : Copyright 2007 Apple, Inc. All Rights Reserved.
OriginalFilename : usbmuxd.exe

#:16 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 1480
ThreadCreationTime : 26/03/2008 12:27:24 PM
BasePriority : Normal
FileVersion : 7, 5, 1, 22
ProductVersion : 7, 5, 1, 22
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : guard.exe

#:17 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1584
ThreadCreationTime : 26/03/2008 12:27:24 PM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1664
ThreadCreationTime : 26/03/2008 12:27:25 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Communicator\
ProcessID : 1764
ThreadCreationTime : 26/03/2008 12:27:26 PM
BasePriority : Normal
FileVersion : 1, 8, 11, 0
ProductVersion : 1, 8, 11, 0
ProductName : Softwin BitDefender Communicator Server
CompanyName : SOFTWIN S.R.L
FileDescription : BitDefender Communicator Server
InternalName : XCOMMSVR
LegalCopyright : Copyright © 2003-2004 Softwin
OriginalFilename : xcommsvr.exe
Comments : Manages communication between BitDefender components

#:20 [livesrv.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Update Service\
ProcessID : 1992
ThreadCreationTime : 26/03/2008 12:27:31 PM
BasePriority : Normal
FileVersion : 10, 2, 0, 18
ProductVersion : 10, 2, 0, 18
ProductName : BitDefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : LiveSrv
LegalCopyright : © 2007 SOFTWIN S.R.L.
OriginalFilename : livesrv.exe

#:21 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2040
ThreadCreationTime : 26/03/2008 12:27:32 PM
BasePriority : Normal
FileVersion : 5.1.0.36
ProductVersion : 5.1.0.36
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:22 [dslstat.exe]
FilePath : C:\Program Files\NetComm\NB2\
ProcessID : 112
ThreadCreationTime : 26/03/2008 12:27:32 PM
BasePriority : Normal
FileVersion : 4.1.0
ProductVersion : 4.1.0
ProductName : DSL Status
CompanyName : GlobespanVirata, Inc.
FileDescription : DSL Status Executable
InternalName : DslStatus
LegalCopyright : Copyright © 2002
OriginalFilename : dslstatus.exe

#:23 [dslagent.exe]
FilePath : C:\Program Files\NetComm\NB2\
ProcessID : 168
ThreadCreationTime : 26/03/2008 12:27:32 PM
BasePriority : Normal


#:24 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 184
ThreadCreationTime : 26/03/2008 12:27:33 PM
BasePriority : Normal
FileVersion : 1.1.1593.0
ProductVersion : 1.1.1593.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe

#:25 [_avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 192
ThreadCreationTime : 26/03/2008 12:27:33 PM
BasePriority : Normal
FileVersion : 7, 5, 1, 43
ProductVersion : 7, 5, 1, 43
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : avgas.exe

#:26 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 180
ThreadCreationTime : 26/03/2008 12:27:33 PM
BasePriority : Normal
FileVersion : 7.6.0.29
ProductVersion : 7.6.0.29
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2008 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:27 [bdmcon.exe]
FilePath : C:\PROGRA~1\Softwin\BITDEF~1\
ProcessID : 208
ThreadCreationTime : 26/03/2008 12:27:33 PM
BasePriority : Normal
FileVersion : 10, 2, 0, 15
ProductVersion : 10, 2, 0, 15
ProductName : BitDefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Management Console
InternalName : Management Console
LegalCopyright : © 2006 SOFTWIN S.R.L.
OriginalFilename : bdmcon.exe

#:28 [bdagent.exe]
FilePath : C:\Program Files\Softwin\BitDefender10\
ProcessID : 236
ThreadCreationTime : 26/03/2008 12:27:33 PM
BasePriority : Normal
FileVersion : 10, 2, 0, 16
ProductVersion : 10, 2, 0, 16
ProductName : Bitdefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BDAgent Application
InternalName : BDSwitch
LegalCopyright : © 2006 SOFTWIN S.R.L.
OriginalFilename : BDSwitch.exe

#:29 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 288
ThreadCreationTime : 26/03/2008 12:27:34 PM
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:30 [teatimer.exe]
FilePath : C:\Program Files\Spybot - Search & Destroy\
ProcessID : 344
ThreadCreationTime : 26/03/2008 12:27:34 PM
BasePriority : Idle
FileVersion : 1, 5, 2, 16
ProductVersion : 1, 5, 2, 0
ProductName : Spybot - Search & Destroy
CompanyName : Safer Networking Limited
FileDescription : System settings protector
InternalName : TeaTimer
LegalCopyright : © 2000-2008 Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename : TeaTimer.exe
Comments : Schützt Systemeinstellungen vor ungewollten Änderungen.

#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 356
ThreadCreationTime : 26/03/2008 12:27:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [ad-watch.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 388
ThreadCreationTime : 26/03/2008 12:27:37 PM
BasePriority : High
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe

#:33 [sistray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 416
ThreadCreationTime : 26/03/2008 12:27:38 PM
BasePriority : Normal
FileVersion : 0.0.0.3611
ProductVersion : 0.0.0.3611
ProductName : SiS ® Compatible Super VGA SiSTray application
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS Compatible Super VGA Tray Application
InternalName : SISTRAY 3.61a.02
LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2004
OriginalFilename : SISTRAY.EXE
Comments : SiS Compatible Super VGA Tray Application

#:34 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2188
ThreadCreationTime : 26/03/2008 12:28:15 PM
BasePriority : Normal
FileVersion : 7.6.0.29
ProductVersion : 7.6.0.29
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2008 Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2240
ThreadCreationTime : 26/03/2008 12:28:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:36 [taskmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3360
ThreadCreationTime : 26/03/2008 12:32:56 PM
BasePriority : High
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskmgr.exe

#:37 [bdss.exe]
FilePath : C:\Program Files\Common Files\Softwin\BitDefender Scan Server\
ProcessID : 3764
ThreadCreationTime : 26/03/2008 12:38:21 PM
BasePriority : Normal


#:38 [vsserv.exe]
FilePath : C:\Program Files\Softwin\BitDefender10\
ProcessID : 3832
ThreadCreationTime : 26/03/2008 12:38:29 PM
BasePriority : Normal
FileVersion : 10, 2, 1, 147
ProductVersion : 10, 2, 1, 147
ProductName : BitDefender 10
CompanyName : SOFTWIN S.R.L.
FileDescription : BitDefender Security Service
InternalName : VSServ
LegalCopyright : © 2007 SOFTWIN S.R.L.
OriginalFilename : vsserv.exe

#:39 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3996
ThreadCreationTime : 26/03/2008 12:42:18 PM
BasePriority : Normal


#:40 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 3504
ThreadCreationTime : 26/03/2008 1:13:21 PM
BasePriority : Normal
FileVersion : 6.2.0.238
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:41 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2516
ThreadCreationTime : 26/03/2008 1:51:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
8034 entries scanned.
New critical objects:0
Objects found so far: 23




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

1:10:47 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:40.235
Objects scanned:188440
Objects identified:0
Objects ignored:0
New critical objects:0


Bit-Defender log


//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 27/03/2008 00:00:08
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
Folders : 5444
Files : 193623
Memory processes scanned : 42
Archives : 1495
Runtime packers : 5884
Identified viruses : 2
Infected files : 2
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 1
Moved files : 1
I/O errors : 31
Scan time : 00:48:33
Scan speed (files/sec) : 66

Spyware Statistics

Registry keys scanned : 321
Registry keys infected : 0
Cookies scanned : 6
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 1023405
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensi
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP