Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antispyware Master

Started by chubb3g114 , May 16 2008 04:59 AM

Please log in to reply

#1
chubb3g114

Posted 16 May 2008 - 04:59 AM

Member

Member
27 posts

Hi
My computer has been infected with the download "MediaTubeCodec _ver1.725.4exe" apart from the pop-ups, Task manager has been disabled, I cannot use system restore, automatic updates is turned off, my browser, Firefox will not load nor will google and some sites like Geeks to go just hang after the main page has loaded so I cannot use any of the fixes on your site.
I have used AVG, Ad-aware, Spyhunter, Spybot and Bitdefender have also managed to run Smitfraudfix but my computer is still the same,
help. sad.gif

p.s. using my laptop to send this.

#2
Tal

Posted 17 May 2008 - 04:40 AM

Trusted Helper

Retired Staff
2,138 posts

Hi chubb3g114, welcome to GeeksToGo.

My name is Tal, and I will be helping you in the process of removing malware from your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!

You may also want to Track This Topic. This feature of the forum will send out an email to the email address you've signed up with as soon as I reply, so you can be notified of my reply. To do this, please locate the Options menu, located just under the New Topic and New Reply icons. Once you've found it, click it, and choose Track This Topic from the dropdown menu (the first option). In the page that appears after you have clicked Track This Topic, select Immediate Email Notification, then click Proceed.

Seeing as you can't access many websites, you'll need to use your laptop and a USB disk (or any other storage device) to transfer the required tools to the infected PC. We'll start off with running DSS to get a good look on what's going on inside.

On your laptop: please download Deckard's System Scanner (DSS) and save it to your Desktop.

Using a USB disk or any other storage device, transfer dss.exe to the infected PC.
Close all other windows on the infected PC before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Note: It's likely that the two logs won't fit into one post. If so, please post extra.txt in a separate post.

Regards,

Tal.

#3
chubb3g114

Posted 17 May 2008 - 08:47 AM

Member

Topic Starter
Member
27 posts

Hi Tal, thanks for your e-mail.
Deckard's System Scanner v20071014.68
Run by IT on 2008-05-17 13:02:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 3 Restore Point(s) --
3: 2008-05-17 12:02:10 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-05-16 15:57:27 UTC - RP2 - retore for scan
1: 2008-05-16 15:55:21 UTC - RP1 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.8 GiB (less than 15%) free.

-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:07, on 17/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe

O2 - BHO: (no name) - {28AA5272-0AB3-4EF5-84F9-D06263F76555} - C:\WINDOWS\system32\rqRijgGv.dll (file missing)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\iiffFVml.dll
O2 - BHO: (no name) - {36CB0AB7-D91F-45DF-8C05-69C97FDABF51} - C:\WINDOWS\system32\jkkJDtut.dll (file missing)
O2 - BHO: {f31d16fb-f5ee-b7da-dae4-4ebb999f5905} - {5095f999-bbe4-4ead-ad7b-ee5fbf61d13f} - C:\WINDOWS\system32\bcrdjeip.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7F214EA8-D3EB-4FFC-AC20-69291653F494} - C:\WINDOWS\system32\urqOEXpp.dll (file missing)
O2 - BHO: (no name) - {8092E3D1-0DD1-428B-88D8-434341DB59E5} - C:\WINDOWS\system32\ssqRJyVP.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A217E423-42D0-4DD3-B86F-3CF25FAECB62} - C:\WINDOWS\system32\ljJDVpOg.dll (file missing)
O2 - BHO: (no name) - {B9B5A8F0-396F-488F-A867-BCE7B5F865CB} - C:\WINDOWS\system32\ddcCUlJa.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7} - C:\WINDOWS\system32\ljJBtspo.dll (file missing)
O2 - BHO: (no name) - {DA1AF5EB-8C08-4086-A691-008CB0F19165} - C:\WINDOWS\system32\jkkjjhEt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [10e053bb] rundll32.exe "C:\WINDOWS\system32\knnlvjfu.dll",b
O4 - HKLM\..\Run: [BM13d36027] Rundll32.exe "C:\WINDOWS\system32\ysdiekhl.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: iiffFVml - C:\WINDOWS\SYSTEM32\iiffFVml.dll
O20 - Winlogon Notify: jkkJyVOI - jkkJyVOI.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp

; AnyTrial>
R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\common files\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-05-17 11:48:00 248 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-05-16 11:58:04 430 --a------ C:\WINDOWS\Tasks\EasyShare Registration Task.job
2008-02-22 13:00:23 444 --a------ C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job
2008-01-08 23:11:39 332 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job

-- Files created between 2008-04-17 and 2008-05-17 -----------------------------

2008-05-17 08:52:45 116736 --a------ C:\WINDOWS\system32\knnlvjfu.dll
2008-05-17 08:49:48 135680 --a------ C:\WINDOWS\system32\bcrdjeip.dll
2008-05-17 08:47:29 125952 --a------ C:\WINDOWS\system32\ysdiekhl.dll
2008-05-17 08:46:44 711100 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2
2008-05-17 08:46:41 370688 --a------ C:\WINDOWS\system32\jkkjjhEt.dll
2008-05-16 19:01:06 135680 --a------ C:\WINDOWS\system32\kgrlpgtc.dll
2008-05-16 18:46:35 125952 --a------ C:\WINDOWS\system32\btlcwtwa.dll
2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2
2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security
2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-16 09:45:06 116736 --a------ C:\WINDOWS\system32\jakxhtym.dll
2008-05-16 09:36:08 135680 --a------ C:\WINDOWS\system32\xqrgirvs.dll
2008-05-16 09:33:48 125952 --a------ C:\WINDOWS\system32\dmfnnbux.dll
2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2
2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll
2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2
2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll
2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll
2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2
2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2
2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2
2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss
2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group
2008-05-14 12:15:08 57344 --a------ C:\WINDOWS\system32\iiffFVml.dll
2008-05-14 10:20:54 94720 --a------ C:\WINDOWS\system32\gqkhstvd.dll
2008-05-14 10:18:02 108544 --a------ C:\WINDOWS\system32\exwokwlx.dll
2008-05-14 10:17:54 105984 --a------ C:\WINDOWS\system32\pofavgit.dll
2008-05-13 10:23:58 105984 --a------ C:\WINDOWS\system32\suekdhxn.dll
2008-05-13 10:17:58 104960 --a------ C:\WINDOWS\system32\cjchinld.dll
2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft
2008-05-12 10:17:44 104960 --a------ C:\WINDOWS\system32\fnybipok.dll
2008-05-12 10:15:48 105984 --a------ C:\WINDOWS\system32\xjmqoclx.dll
2008-05-11 10:18:52 106496 --a------ C:\WINDOWS\system32\ounveuhj.dll
2008-05-11 10:14:25 104960 --a------ C:\WINDOWS\system32\bfpplbwo.dll
2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6
2008-05-10 10:01:40 106496 --a------ C:\WINDOWS\system32\vktsoncp.dll
2008-05-10 10:00:18 104960 --a------ C:\WINDOWS\system32\mtrdlwxu.dll
2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up
2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-09 09:32:19 105472 --a------ C:\WINDOWS\system32\sqfjbuuy.dll
2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2
2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-29 13:57:56 0 d-------- C:\ISIS
2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS
2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent
2008-04-22 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-22 17:08:05 0 d-------- C:\Program Files\TomTom HOME 2

-- Find3M Report ---------------------------------------------------------------

2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate
2008-05-17 10:30:36 79479 --a------ C:\logfile
2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat
2008-05-16 09:26:32 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent
2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat
2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files
2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso
2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME
2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA
2008-03-22 12:08:40 0 d-------- C:\Program Files\Easy Video Downloader
2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml
2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log
2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf
2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat
2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp

; AnyTrial>
2008-02-24 16:50:42 73 --a------ C:\WINDOWS\system32\installerror.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28AA5272-0AB3-4EF5-84F9-D06263F76555}]
C:\WINDOWS\system32\rqRijgGv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AA0726C-95B7-4216-AA43-B5BDD524892F}]
14/05/2008 12:15 57344 --a------ C:\WINDOWS\system32\iiffFVml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36CB0AB7-D91F-45DF-8C05-69C97FDABF51}]
C:\WINDOWS\system32\jkkJDtut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5095f999-bbe4-4ead-ad7b-ee5fbf61d13f}]
17/05/2008 08:49 135680 --a------ C:\WINDOWS\system32\bcrdjeip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F214EA8-D3EB-4FFC-AC20-69291653F494}]
C:\WINDOWS\system32\urqOEXpp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8092E3D1-0DD1-428B-88D8-434341DB59E5}]
C:\WINDOWS\system32\ssqRJyVP.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A217E423-42D0-4DD3-B86F-3CF25FAECB62}]
C:\WINDOWS\system32\ljJDVpOg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9B5A8F0-396F-488F-A867-BCE7B5F865CB}]
C:\WINDOWS\system32\ddcCUlJa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7}]
C:\WINDOWS\system32\ljJBtspo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA1AF5EB-8C08-4086-A691-008CB0F19165}]
17/05/2008 08:46 370688 --a------ C:\WINDOWS\system32\jkkjjhEt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [09/05/2008 13:21]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [09/05/2008 13:21]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [23/01/2008 14:47]
"10e053bb"="C:\WINDOWS\system32\knnlvjfu.dll" [17/05/2008 08:52]
"BM13d36027"="C:\WINDOWS\system32\ysdiekhl.dll" [17/05/2008 08:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="E:\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2AA0726C-95B7-4216-AA43-B5BDD524892F}"= C:\WINDOWS\system32\iiffFVml.dll [14/05/2008 12:15 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffFVml]
iiffFVml.dll 14/05/2008 12:15 57344 C:\WINDOWS\system32\iiffFVml.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkJyVOI]
jkkJyVOI.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjjhEt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe /automation
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
"PMX Daemon"=ICO.EXE
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE
"Persistence"=C:\WINDOWS\system32\igfxpers.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"10e053bb"=rundll32.exe "C:\WINDOWS\system32\gqkhstvd.dll",b
"BM13d36027"=Rundll32.exe "C:\WINDOWS\system32\pofavgit.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f264675-e51b-11dc-8cd7-00188b6175a8}]
AutoRun\command- G:\InstallTomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com

-- End of Deckard's System Scanner: finished at 2008-05-17 13:08:32 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1013.54 MiB / 607.2 MiB
Pagefile Memory (total/avail): 2440.8 MiB / 2002.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.61 MiB

C: is Fixed (NTFS) - 74.44 GiB total, 0.8 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75MSA3 - 74.5 GiB - 2 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 74.44 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Bitdefender Firewall v8.0 (BitDefender)
AV: Bitdefender Antivirus v8.0 (BitDefender)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\IT\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=VAUPROP6102
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\IT
LOGONSERVER=\\VAUPROP6102
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\IT\LOCALS~1\Temp
TMP=C:\DOCUME~1\IT\LOCALS~1\Temp
USERDOMAIN=VAUPROP6102
USERNAME=IT
USERPROFILE=C:\Documents and Settings\IT
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

IT (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Avidemux 2.4 --> C:\Program Files\Avidemux 2.4\uninstall.exe
BitDefender Total Security 2008 --> MsiExec.exe /I{DB368901-C41E-4D86-9809-E0EE635A6939}
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Broadcom ASF Management Applications --> MsiExec.exe /I{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}
Broadcom Management Programs --> MsiExec.exe /X{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Dell ETS Factory Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}\setup.exe" -l0x9
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVDFab Platinum 4.1.0.0 by Team RES --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
Easy Video Downloader v. 2.0 --> "C:\Program Files\Easy Video Downloader\unins000.exe"
EPSON-printersoftware --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON PhotoQuicker3.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\setup.exe" -SMT
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink --> MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
Hallmark Card Studio 2008 Deluxe --> MsiExec.exe /X{747A6A10-DA58-48C2-A1F0-C15514419C8A}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.6.5 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140002_8928da\Setup.exe /APR-REMOVE
LG ODD Auto Firmware Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe System Software 1.12.29.2 --> MsiExec.exe /X{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}
LightScribe Template Designs - Fantasy Pack 1 --> MsiExec.exe /X{DE72186D-A4A5-4504-839C-B14FC3432DA1}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.3 (build 0221) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic Video Converter Trial Version (English) 8.0.2.18 --> "C:\Program Files\Magic Video Converter\unins000.exe"
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft CAPICOM 2.1.0.2 SDK --> MsiExec.exe /I{2FF43F5D-5729-4E02-A548-310E30A5F29B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mouse Suite for Desktop Computers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448E2D77-E504-4221-B2C2-93646B344729}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Photo Calendars and Cards --> MsiExec.exe /I{E285C3A0-C883-4B42-849D-8BA71768EE64}
Nero 7 Essentials --> MsiExec.exe /X{A2104078-AAA5-449E-95DD-55C9443A1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
PDF-XChange PDF Viewer --> "C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe"
Photo Viewer 2.3 --> "C:\Program Files\Photo Viewer\uninstall.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
SecurDisc Viewer --> MsiExec.exe /X{ABD1DC2F-0D20-4C44-BEB9-3EEFA0EA1033}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001 --> MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
SUPER © Version 2007.bld.23 (July 4, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SuperMegaSpoof 2.0 --> "C:\Program Files\MegaSpoof\unins000.exe"
SureThing CD Labeler LightScribe 5.0.581.0 --> "C:\Program Files\SureThing CD Labeler 5\unins000.exe"
TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Ultra Video Joiner 4.6.1114 --> "C:\Program Files\Ultra Video Joiner\unins000.exe"
Uniblue PowerSuite --> "C:\Program Files\Uniblue\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Wind

#4
Tal

Posted 17 May 2008 - 12:40 PM

Trusted Helper

Retired Staff
2,138 posts

Hello again,

You have Vundo in there, we'll try using VundoFix. If it doesn't work we'll taunt it using a manual method. Download VundoFix to your laptop and transfer it - however, try downloading it to the infected machine first, see if that doesn't work.

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include a new DSS log (it will only produce main.txt this time) and the VundoFix log in your next reply.

Tal

#5
chubb3g114

Posted 18 May 2008 - 03:55 AM

Member

Topic Starter
Member
27 posts

Hello Tal, Thank you very much for your time and effort.
I ran Vundofix and when it finished it said "no infected files found" I clicked on remove Vundo it said "removing files" and about two hours later I had an animation of Bugs eating the Vundo window, so I closed Vundow and ran DSS. Cannot find the Vundofix log when I click on export log it puts a file on desktop which is empty.

Deckard's System Scanner v20071014.68
Run by IT on 2008-05-18 10:30:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 0.8 GiB (less than 15%) free.

-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:31, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {28AA5272-0AB3-4EF5-84F9-D06263F76555} - C:\WINDOWS\system32\rqRijgGv.dll (file missing)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\iiffFVml.dll
O2 - BHO: (no name) - {36CB0AB7-D91F-45DF-8C05-69C97FDABF51} - C:\WINDOWS\system32\jkkJDtut.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7F214EA8-D3EB-4FFC-AC20-69291653F494} - C:\WINDOWS\system32\urqOEXpp.dll (file missing)
O2 - BHO: (no name) - {8092E3D1-0DD1-428B-88D8-434341DB59E5} - C:\WINDOWS\system32\ssqRJyVP.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {eac4ceff-83f5-c22b-d614-2c3db17e1c1a} - {a1c1e71b-d3c2-416d-b22c-5f38ffec4cae} - C:\WINDOWS\system32\qwbotjap.dll
O2 - BHO: (no name) - {A217E423-42D0-4DD3-B86F-3CF25FAECB62} - C:\WINDOWS\system32\ljJDVpOg.dll (file missing)
O2 - BHO: (no name) - {B9B5A8F0-396F-488F-A867-BCE7B5F865CB} - C:\WINDOWS\system32\ddcCUlJa.dll (file missing)
O2 - BHO: (no name) - {BC5B5D55-9CF5-4F85-8836-E33987776099} - C:\WINDOWS\system32\jkkjjhEt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7} - C:\WINDOWS\system32\ljJBtspo.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [BM13d36027] Rundll32.exe "C:\WINDOWS\system32\mslsgrif.dll",s
O4 - HKLM\..\Run: [10e053bb] rundll32.exe "C:\WINDOWS\system32\ragsgcas.dll",b
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: iiffFVml - C:\WINDOWS\SYSTEM32\iiffFVml.dll
O20 - Winlogon Notify: jkkJyVOI - jkkJyVOI.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp

- C:\WINDOWS\AnyTrial.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 19807 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 08:59:54 116224 --a------ C:\WINDOWS\system32\ragsgcas.dll
2008-05-18 08:51:29 0 d-------- C:\VundoFix Backups
2008-05-18 08:50:55 134144 --a------ C:\WINDOWS\system32\qwbotjap.dll
2008-05-18 08:48:06 125952 --a------ C:\WINDOWS\system32\mslsgrif.dll
2008-05-17 08:52:45 116736 -----n--- C:\WINDOWS\system32\knnlvjfu.dll
2008-05-17 08:49:48 135680 --a------ C:\WINDOWS\system32\bcrdjeip.dll
2008-05-17 08:47:29 125952 --a------ C:\WINDOWS\system32\ysdiekhl.dll
2008-05-17 08:46:44 697816 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2
2008-05-17 08:46:41 370688 --a------ C:\WINDOWS\system32\jkkjjhEt.dll
2008-05-16 19:01:06 135680 --a------ C:\WINDOWS\system32\kgrlpgtc.dll
2008-05-16 18:46:35 125952 --a------ C:\WINDOWS\system32\btlcwtwa.dll
2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2
2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security
2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-16 09:45:06 116736 --a------ C:\WINDOWS\system32\jakxhtym.dll
2008-05-16 09:36:08 135680 --a------ C:\WINDOWS\system32\xqrgirvs.dll
2008-05-16 09:33:48 125952 --a------ C:\WINDOWS\system32\dmfnnbux.dll
2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2
2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll
2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2
2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll
2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll
2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2
2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2
2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2
2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss
2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group
2008-05-14 12:15:08 57344 --a------ C:\WINDOWS\system32\iiffFVml.dll
2008-05-14 10:20:54 94720 --a------ C:\WINDOWS\system32\gqkhstvd.dll
2008-05-14 10:17:54 105984 --a------ C:\WINDOWS\system32\pofavgit.dll
2008-05-13 10:23:58 105984 --a------ C:\WINDOWS\system32\suekdhxn.dll
2008-05-13 10:17:58 104960 --a------ C:\WINDOWS\system32\cjchinld.dll
2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft
2008-05-12 10:17:44 104960 --a------ C:\WINDOWS\system32\fnybipok.dll
2008-05-12 10:15:48 105984 --a------ C:\WINDOWS\system32\xjmqoclx.dll
2008-05-11 10:18:52 106496 --a------ C:\WINDOWS\system32\ounveuhj.dll
2008-05-11 10:14:25 104960 --a------ C:\WINDOWS\system32\bfpplbwo.dll
2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6
2008-05-10 10:01:40 106496 --a------ C:\WINDOWS\system32\vktsoncp.dll
2008-05-10 10:00:18 104960 --a------ C:\WINDOWS\system32\mtrdlwxu.dll
2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up
2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-09 09:32:19 105472 --a------ C:\WINDOWS\system32\sqfjbuuy.dll
2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2
2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-29 13:57:56 0 d-------- C:\ISIS
2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS
2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent
2008-04-22 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-22 17:08:05 0 d-------- C:\Program Files\TomTom HOME 2

-- Find3M Report ---------------------------------------------------------------

2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate
2008-05-17 10:30:36 79479 --a------ C:\logfile
2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat
2008-05-16 09:26:32 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent
2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat
2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files
2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso
2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME
2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA
2008-03-22 12:08:40 0 d-------- C:\Program Files\Easy Video Downloader
2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml
2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log
2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf
2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat
2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp

#6
Tal

Posted 18 May 2008 - 03:59 AM

Trusted Helper

Retired Staff
2,138 posts

chubb3g114,

Yup, the bug thingy hints this is the new one. I am currently at school, I will write a fix when I get back, in a few hours - we'll do a manual removal.

#7
Tal

Posted 18 May 2008 - 09:02 AM

Trusted Helper

Retired Staff
2,138 posts

Please save these instructions in a notepad file. You will NOT be able to access them in Safe Mode, where our fix will take place.

Please download The Avenger by Swandog46 to your Desktop. Do not do anything with it yet.

Next, please download the attached file. Open it up. Click File > Save As... > Name the file fix2.reg > Change the Filetype to All Files. Save the file on your desktop.

After The Avenger has finished downloading, please reboot your computer. As soon as it boots up, continuously tap the F8 key. This will show up a menu: using the arrow keys, choose Safe Mode (not Safe Mode with Networking) and click the Enter key. This will load up Safe Mode; please allow it to load, even if it appears to have been stuck.

Launch fix2.reg. Click Yes to merge the information with the registry. This should only take a moment.

Now, navigate to the directory where you placed The Avenger.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\rqRijgGv.dll
C:\WINDOWS\system32\iiffFVml.dll
C:\WINDOWS\system32\jkkJDtut.dll
C:\WINDOWS\system32\bcrdjeip.dll
C:\WINDOWS\system32\urqOEXpp.dll
C:\WINDOWS\system32\ssqRJyVP.dll
C:\WINDOWS\system32\ljJDVpOg.dll
C:\WINDOWS\system32\ddcCUlJa.dll
C:\WINDOWS\system32\ljJBtspo.dll
C:\WINDOWS\system32\jkkjjhEt.dll
C:\WINDOWS\system32\mslsgrif.dll
C:\WINDOWS\system32\ragsgcas.dll
C:\WINDOWS\system32\gqkhstvd.dll
C:\WINDOWS\system32\pofavgit.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log (it will only produce main.txt this time) .

Note that when The Avenger reboots, you will be logged in to normal mode. Please include the DSS main.txt log and The Avenger's log.

Tal.

Attached Files

fix2.txt 1.42KB 159 downloads

#8
chubb3g114

Posted 18 May 2008 - 10:30 AM

Member

Topic Starter
Member
27 posts

Hi Tal.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\rqRijgGv.dll" not found!
Deletion of file "C:\WINDOWS\system32\rqRijgGv.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\iiffFVml.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\jkkJDtut.dll" not found!
Deletion of file "C:\WINDOWS\system32\jkkJDtut.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\bcrdjeip.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\urqOEXpp.dll" not found!
Deletion of file "C:\WINDOWS\system32\urqOEXpp.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\ssqRJyVP.dll" not found!
Deletion of file "C:\WINDOWS\system32\ssqRJyVP.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\ljJDVpOg.dll" not found!
Deletion of file "C:\WINDOWS\system32\ljJDVpOg.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\ddcCUlJa.dll" not found!
Deletion of file "C:\WINDOWS\system32\ddcCUlJa.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\ljJBtspo.dll" not found!
Deletion of file "C:\WINDOWS\system32\ljJBtspo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\jkkjjhEt.dll" deleted successfully.
File "C:\WINDOWS\system32\mslsgrif.dll" deleted successfully.
File "C:\WINDOWS\system32\ragsgcas.dll" deleted successfully.
File "C:\WINDOWS\system32\gqkhstvd.dll" deleted successfully.
File "C:\WINDOWS\system32\pofavgit.dll" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Deckard's System Scanner v20071014.68
Run by IT on 2008-05-18 17:15:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 7.26 GiB (less than 15%) free.

-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:48, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {28AA5272-0AB3-4EF5-84F9-D06263F76555} - C:\WINDOWS\system32\rqRijgGv.dll (file missing)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\iiffFVml.dll (file missing)
O2 - BHO: (no name) - {36CB0AB7-D91F-45DF-8C05-69C97FDABF51} - C:\WINDOWS\system32\jkkJDtut.dll (file missing)
O2 - BHO: (no name) - {5103DBA2-634A-42EF-A57B-FDE3DCDE9C8A} - C:\WINDOWS\system32\jkkjjhEt.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7F214EA8-D3EB-4FFC-AC20-69291653F494} - C:\WINDOWS\system32\urqOEXpp.dll (file missing)
O2 - BHO: (no name) - {8092E3D1-0DD1-428B-88D8-434341DB59E5} - C:\WINDOWS\system32\ssqRJyVP.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {eac4ceff-83f5-c22b-d614-2c3db17e1c1a} - {a1c1e71b-d3c2-416d-b22c-5f38ffec4cae} - C:\WINDOWS\system32\qwbotjap.dll
O2 - BHO: (no name) - {A217E423-42D0-4DD3-B86F-3CF25FAECB62} - C:\WINDOWS\system32\ljJDVpOg.dll (file missing)
O2 - BHO: (no name) - {B9B5A8F0-396F-488F-A867-BCE7B5F865CB} - C:\WINDOWS\system32\ddcCUlJa.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7} - C:\WINDOWS\system32\ljJBtspo.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: iiffFVml - iiffFVml.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp

- C:\WINDOWS\AnyTrial.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 19572 bytes

-- Files created between 2008-04-18 and 2008-05-18 -----------------------------

2008-05-18 08:51:29 0 d-------- C:\VundoFix Backups
2008-05-18 08:50:55 134144 --a------ C:\WINDOWS\system32\qwbotjap.dll
2008-05-17 08:47:29 125952 --a------ C:\WINDOWS\system32\ysdiekhl.dll
2008-05-17 08:46:44 713919 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2
2008-05-16 19:01:06 135680 --a------ C:\WINDOWS\system32\kgrlpgtc.dll
2008-05-16 18:46:35 125952 --a------ C:\WINDOWS\system32\btlcwtwa.dll
2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2
2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security
2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-16 09:45:06 116736 --a------ C:\WINDOWS\system32\jakxhtym.dll
2008-05-16 09:36:08 135680 --a------ C:\WINDOWS\system32\xqrgirvs.dll
2008-05-16 09:33:48 125952 --a------ C:\WINDOWS\system32\dmfnnbux.dll
2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2
2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll
2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2
2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll
2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll
2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2
2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2
2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2
2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss
2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group
2008-05-13 10:23:58 105984 --a------ C:\WINDOWS\system32\suekdhxn.dll
2008-05-13 10:17:58 104960 --a------ C:\WINDOWS\system32\cjchinld.dll
2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft
2008-05-12 10:17:44 104960 --a------ C:\WINDOWS\system32\fnybipok.dll
2008-05-12 10:15:48 105984 --a------ C:\WINDOWS\system32\xjmqoclx.dll
2008-05-11 10:18:52 106496 --a------ C:\WINDOWS\system32\ounveuhj.dll
2008-05-11 10:14:25 104960 --a------ C:\WINDOWS\system32\bfpplbwo.dll
2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6
2008-05-10 10:01:40 106496 --a------ C:\WINDOWS\system32\vktsoncp.dll
2008-05-10 10:00:18 104960 --a------ C:\WINDOWS\system32\mtrdlwxu.dll
2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up
2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-09 09:32:19 105472 --a------ C:\WINDOWS\system32\sqfjbuuy.dll
2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2
2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-29 13:57:56 0 d-------- C:\ISIS
2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS
2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent
2008-04-22 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-22 17:08:05 0 d-------- C:\Program Files\TomTom HOME 2

-- Find3M Report ---------------------------------------------------------------

2008-05-18 12:32:30 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent
2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate
2008-05-17 10:30:36 79479 --a------ C:\logfile
2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat
2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat
2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files
2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso
2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME
2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA
2008-03-22 12:08:40 0 d-------- C:\Program Files\Easy Video Downloader
2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml
2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log
2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf
2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat
2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp

#9
Tal

Posted 19 May 2008 - 01:32 PM

Trusted Helper

Retired Staff
2,138 posts

Hi,

Could you give me some feedback on your PC's status so I can know where we stand and what do we need to look for? Also some - hopefully final - cleanup to do.

Step1 : Correcting entries with HijackThis
Please re-open HijackThis and click Scan. Put a check next to the following entries presented in the window: (Do NOT click Fix yet!)

O2 - BHO: (no name) - {28AA5272-0AB3-4EF5-84F9-D06263F76555} - C:\WINDOWS\system32\rqRijgGv.dll (file missing)
O2 - BHO: (no name) - {2AA0726C-95B7-4216-AA43-B5BDD524892F} - C:\WINDOWS\system32\iiffFVml.dll (file missing)
O2 - BHO: (no name) - {36CB0AB7-D91F-45DF-8C05-69C97FDABF51} - C:\WINDOWS\system32\jkkJDtut.dll (file missing)
O2 - BHO: (no name) - {5103DBA2-634A-42EF-A57B-FDE3DCDE9C8A} - C:\WINDOWS\system32\jkkjjhEt.dll (file missing)
O2 - BHO: (no name) - {7F214EA8-D3EB-4FFC-AC20-69291653F494} - C:\WINDOWS\system32\urqOEXpp.dll (file missing)
O2 - BHO: (no name) - {8092E3D1-0DD1-428B-88D8-434341DB59E5} - C:\WINDOWS\system32\ssqRJyVP.dll (file missing)
O2 - BHO: {eac4ceff-83f5-c22b-d614-2c3db17e1c1a} - {a1c1e71b-d3c2-416d-b22c-5f38ffec4cae} - C:\WINDOWS\system32\qwbotjap.dll
O2 - BHO: (no name) - {A217E423-42D0-4DD3-B86F-3CF25FAECB62} - C:\WINDOWS\system32\ljJDVpOg.dll (file missing)
O2 - BHO: (no name) - {B9B5A8F0-396F-488F-A867-BCE7B5F865CB} - C:\WINDOWS\system32\ddcCUlJa.dll (file missing)
O2 - BHO: (no name) - {CDE9FDBE-E416-4146-9EC3-C5B8B9440EC7} - C:\WINDOWS\system32\ljJBtspo.dll (file missing)
O20 - Winlogon Notify: iiffFVml - iiffFVml.dll (file missing)

Now, close all other windows but HijackThis, including Explorer windows (folders) and this window, and click Fix. Note: It is vital you close all other windows, otherwise the fix will not succeed.

Restart your computer.

Step2 : Deleting file

Now, navigate to the directory where you placed The Avenger.

Right click on the Avenger.zip folder and select "Extract All..."
Follow the prompts and extract the avenger folder to your desktop

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\qwbotjap.dll

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh DSS log (it will only produce main.txt this time) .

In your next reply, please include The Avenger log and DSS.

Tal

#10
chubb3g114

Posted 20 May 2008 - 02:02 AM

Member

Topic Starter
Member
27 posts

Hello Tal, thanks for your time and effort.

After the work we did on Saturday my computer still has the blue screen but the message is gone I can now access Firefox and Google, there are no more pop-ups and the speed is back to normal. At start up I get the message "auto update is switched off" but when I go there it is on.

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: file "C:\WINDOWS\system32\qwbotjap.dll" not found!
Deletion of file "C:\WINDOWS\system32\qwbotjap.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Deckard's System Scanner v20071014.68
Run by IT on 2008-05-20 09:52:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.17 GiB (less than 15%) free.

-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:24, on 20/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp

- C:\WINDOWS\AnyTrial.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 18375 bytes

-- Files created between 2008-04-20 and 2008-05-20 -----------------------------

2008-05-18 08:51:29 0 d-------- C:\VundoFix Backups
2008-05-17 08:47:29 125952 --a------ C:\WINDOWS\system32\ysdiekhl.dll
2008-05-17 08:46:44 713919 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2
2008-05-16 19:01:06 135680 --a------ C:\WINDOWS\system32\kgrlpgtc.dll
2008-05-16 18:46:35 125952 --a------ C:\WINDOWS\system32\btlcwtwa.dll
2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2
2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security
2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-16 09:45:06 116736 --a------ C:\WINDOWS\system32\jakxhtym.dll
2008-05-16 09:36:08 135680 --a------ C:\WINDOWS\system32\xqrgirvs.dll
2008-05-16 09:33:48 125952 --a------ C:\WINDOWS\system32\dmfnnbux.dll
2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2
2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll
2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2
2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll
2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll
2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2
2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2
2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2
2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss
2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group
2008-05-13 10:23:58 105984 --a------ C:\WINDOWS\system32\suekdhxn.dll
2008-05-13 10:17:58 104960 --a------ C:\WINDOWS\system32\cjchinld.dll
2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft
2008-05-12 10:17:44 104960 --a------ C:\WINDOWS\system32\fnybipok.dll
2008-05-12 10:15:48 105984 --a------ C:\WINDOWS\system32\xjmqoclx.dll
2008-05-11 10:18:52 106496 --a------ C:\WINDOWS\system32\ounveuhj.dll
2008-05-11 10:14:25 104960 --a------ C:\WINDOWS\system32\bfpplbwo.dll
2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6
2008-05-10 10:01:40 106496 --a------ C:\WINDOWS\system32\vktsoncp.dll
2008-05-10 10:00:18 104960 --a------ C:\WINDOWS\system32\mtrdlwxu.dll
2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up
2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-09 09:32:19 105472 --a------ C:\WINDOWS\system32\sqfjbuuy.dll
2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2
2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-29 13:57:56 0 d-------- C:\ISIS
2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS
2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent
2008-04-22 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-22 17:08:05 0 d-------- C:\Program Files\TomTom HOME 2

-- Find3M Report ---------------------------------------------------------------

2008-05-19 18:29:59 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent
2008-05-19 10:55:29 80301 --a------ C:\logfile
2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate
2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat
2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat
2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files
2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso
2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME
2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA
2008-03-22 12:08:40 0 d-------- C:\Program Files\Easy Video Downloader
2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml
2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log
2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf
2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat
2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp

#11
Tal

Posted 21 May 2008 - 09:29 AM

Trusted Helper

Retired Staff
2,138 posts

Hi again and sorry for the delay.

Before we start the registry fix, we need to backup the registry in case anything goes wrong. This is a very simple and quick process

Please go to Start > Run
Paste in the following line: regedit /e c:\registrybackup.reg
Click OK. It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix1.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Please include a new DSS log as well as a report on how your system is running, in your next reply.

#12
chubb3g114

Posted 22 May 2008 - 02:19 AM

Member

Topic Starter
Member
27 posts

Hello Tal
My computer is running the same as on Saturday, still have blue screen and is not as fast also when I run DSS I get a warning window from Bitdefender stating "Bitdefender has blocked multiple viruses"
Vundo.ENB path C:\system information\_restore(4....
Vundo.ENB path C:\system information\_restore(4....

Deckard's System Scanner v20071014.68
Run by IT on 2008-05-21 18:20:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 2.95 GiB (less than 15%) free.

-- HijackThis (run as IT.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:15, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\AnyTrial.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\IT\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\IT.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgall..._2/axofupld.cab
O18 - Protocol: bw+0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F15B2EC1-1967-4BFD-9E43-F4203089CD30} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp

- C:\WINDOWS\AnyTrial.exe
O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 18013 bytes

-- Files created between 2008-04-21 and 2008-05-21 -----------------------------

2008-05-21 18:17:15 70595238 --a------ C:\registrybackup.reg
2008-05-18 08:51:29 0 d-------- C:\VundoFix Backups
2008-05-17 08:46:44 713919 --ahs---- C:\WINDOWS\system32\tEhjjkkj.ini2
2008-05-16 19:01:06 135680 --a------ C:\WINDOWS\system32\kgrlpgtc.dll
2008-05-16 18:46:35 125952 --a------ C:\WINDOWS\system32\btlcwtwa.dll
2008-05-16 18:45:47 687396 --ahs---- C:\WINDOWS\system32\vGgjiRqr.ini2
2008-05-16 18:21:31 0 d-------- C:\Program Files\Trend Micro
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\IT\Application Data\SUPERAntiSpyware.com
2008-05-16 18:07:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-16 17:23:49 0 d-------- C:\Program Files\Panda Security
2008-05-16 09:56:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-16 09:55:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-16 09:55:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-16 09:55:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:23 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-16 09:55:22 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-16 09:55:22 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-16 09:55:22 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-16 09:45:06 116736 --a------ C:\WINDOWS\system32\jakxhtym.dll
2008-05-16 09:36:08 135680 --a------ C:\WINDOWS\system32\xqrgirvs.dll
2008-05-16 09:33:04 725822 --ahs---- C:\WINDOWS\system32\opstBJjl.ini2
2008-05-15 12:36:36 125440 --a------ C:\WINDOWS\system32\ikmliwqx.dll
2008-05-15 12:35:45 11770 --ahs---- C:\WINDOWS\system32\ppXEOqru.ini2
2008-05-15 09:37:46 134656 --a------ C:\WINDOWS\system32\glfxbkos.dll
2008-05-15 09:34:46 125440 --a------ C:\WINDOWS\system32\mxuuoodw.dll
2008-05-15 08:58:44 436266 --ahs---- C:\WINDOWS\system32\aJlUCcdd.ini2
2008-05-14 17:34:04 419128 --ahs---- C:\WINDOWS\system32\gOpVDJjl.ini2
2008-05-14 15:37:28 418382 --ahs---- C:\WINDOWS\system32\PVyJRqss.ini2
2008-05-14 15:01:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-14 14:42:38 0 d-------- C:\WINDOWS\pss
2008-05-14 12:29:54 0 d-------- C:\Program Files\Enigma Software Group
2008-05-13 10:23:58 105984 --a------ C:\WINDOWS\system32\suekdhxn.dll
2008-05-13 10:17:58 104960 --a------ C:\WINDOWS\system32\cjchinld.dll
2008-05-12 21:16:16 0 d-------- C:\Program Files\Lavasoft
2008-05-12 10:17:44 104960 --a------ C:\WINDOWS\system32\fnybipok.dll
2008-05-12 10:15:48 105984 --a------ C:\WINDOWS\system32\xjmqoclx.dll
2008-05-11 10:18:52 106496 --a------ C:\WINDOWS\system32\ounveuhj.dll
2008-05-11 10:14:25 104960 --a------ C:\WINDOWS\system32\bfpplbwo.dll
2008-05-10 17:00:03 0 d-------- C:\Documents and Settings\IT\.housecall6.6
2008-05-10 10:01:40 106496 --a------ C:\WINDOWS\system32\vktsoncp.dll
2008-05-10 10:00:18 104960 --a------ C:\WINDOWS\system32\mtrdlwxu.dll
2008-05-09 13:57:44 0 d-------- C:\Bitdefender back-up
2008-05-09 13:22:46 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-05-09 11:04:17 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-05-09 11:04:03 0 d-------- C:\Documents and Settings\IT\Application Data\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Program Files\BitDefender
2008-05-09 11:02:44 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-09 10:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-09 10:48:58 0 d-------- C:\Program Files\Common Files\BitDefender
2008-05-09 09:32:19 105472 --a------ C:\WINDOWS\system32\sqfjbuuy.dll
2008-05-08 17:41:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 14:03:04 443813 --ahs---- C:\WINDOWS\system32\tutDJkkj.ini2
2008-05-08 13:56:14 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-08 13:55:46 160256 --a------ C:\WINDOWS\system32\blackster.scr <Not Verified; Peter's Productions; Bugs!>
2008-04-29 13:57:56 0 d-------- C:\ISIS
2008-04-29 13:57:32 246272 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; Stirling Technologies, Inc.; InstallShield Deinstaller>
2008-04-29 13:57:30 0 d-------- C:\Documents and Settings\IT\WINDOWS
2008-04-25 20:44:04 0 dr-h----- C:\Documents and Settings\IT\Recent
2008-04-22 17:08:44 0 d-------- C:\Documents and Settings\All Users\Application Data\TomTom
2008-04-22 17:08:05 0 d-------- C:\Program Files\TomTom HOME 2

-- Find3M Report ---------------------------------------------------------------

2008-05-21 18:19:59 0 d-------- C:\Documents and Settings\IT\Application Data\BitTorrent
2008-05-19 10:55:29 80301 --a------ C:\logfile
2008-05-17 10:33:29 0 d-------- C:\Program Files\lg_fwupdate
2008-05-16 17:24:03 2530 --a------ C:\WINDOWS\mozver.dat
2008-05-12 22:55:19 2002 --a------ C:\Documents and Settings\IT\Application Data\wklnhst.dat
2008-05-12 21:15:12 0 d-------- C:\Program Files\Common Files
2008-05-09 13:19:28 77824 --a------ C:\WINDOWS\system32\xcomm.dll <Not Verified; BitDefender; BitDefender Communicator>
2008-05-04 12:32:53 0 d-------- C:\Documents and Settings\IT\Application Data\Vso
2008-04-23 08:28:17 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-22 16:58:23 0 d-------- C:\Program Files\TomTom HOME
2008-04-19 18:09:37 0 d-------- C:\Documents and Settings\IT\Application Data\DNA
2008-03-22 12:08:40 0 d-------- C:\Program Files\Easy Video Downloader
2008-03-03 21:05:17 668 --a------ C:\Documents and Settings\IT\Application Data\vso_ts_preview.xml
2008-03-03 21:03:32 34 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.log
2008-03-03 21:03:26 47360 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-03-03 21:03:26 1144 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.inf
2008-03-03 21:03:26 7887 --a------ C:\Documents and Settings\IT\Application Data\pcouffin.cat
2008-02-24 16:55:09 15872 --ahs---- C:\WINDOWS\AnyTrial.exe <Not Verified; Dr.Pc Putte Corp

#13
Tal

Posted 22 May 2008 - 09:43 AM

Trusted Helper

Retired Staff
2,138 posts

Hi,

Could you please include a screenshot of the blue screen? BitDefender 'found' viruses from the system restore, where they are no longer active obviously. Once you're clean, we can flush them so it doesn't detect them. You can safely ignore them.

Let's see what else is there.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post. Also include a new DSS log and a screenshot of the blue screen, if possible.

Edited by Tal, 22 May 2008 - 09:44 AM.

#14
chubb3g114

Posted 22 May 2008 - 12:34 PM

Member

Topic Starter
Member
27 posts

Hello Tal
I am sorry if I appear stupid but I have tried to get a screen shot first by taking a picture with my camera but it was rejected as too big then by pressing "screen shot" on my keyboard but nomater how small I make the picture it is still too big for this site. My normal screen is a shot of the moon but this disapeared with the virus replaced by a blue screen it maybe that all I have to do is replace it but I am loath to try anything in case it buggers up the computer.
Kaspersky web scanner will not work, I have opened a window in IE but when I click accept I get a message from Micosoft saying it has blocked the download as it was from an unknown auther.

#15
Tal

Posted 23 May 2008 - 05:47 AM

Trusted Helper

Retired Staff
2,138 posts

First off, you can safely try to change it. It won't hurt. Let me know if it works. As for the virus scan, let's try this, and a different anti-virus scan.

First, open up Internet Explorer. Click Tools > Internet Options. Click the Security tab. Make sure the Security level for this zone setting is set on Medium-High. If not, set it to this setting and click OK and proceed. If it's already set to this setting, proceed.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

Follow the Instruction Here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.