Jump to content


Photo

Computer Over Throw


  • This topic is locked This topic is locked
46 replies to this topic

#1 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 04 June 2007 - 11:33 AM

Have downloaded some viruses that have taken over my computer. Initially the computer was running slowly and the CPU was usually at 100%. I ran Kaspersky and found 30 unwanted programs. I had installed Norton AV and Zone Alarm Firewall and thought I was protected. Attached is the logfile for Kaspersky and hijack this. I tried to run Panda but after it crashed twice I gave up.

Please let me know how to get my computer back in order

Thanks.

Protection
----------
Total scanned: 32730
Detected: 30
Untreated: 27
Start time: 6/3/2007 9:26:41 PM
Duration: 10:21:18


Detected
--------
Status Object
------ ------
detected: riskware Invader Running process: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
detected: riskware Hidden object Running process: C:\WINDOWS\system32\dnrpitxk.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: c:\windows\system32\xydzyh.exe
detected: Trojan program Backdoor.Win32.Hupigon.wi File: c:\windows\iis\iissets
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\WINDOWS\system\svchest.exe/svchests.exe
detected: Trojan program Backdoor.Win32.Hupigon.wi File: c:\program files\netmeeting\msmsgs
deleted: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0050009.exe
detected: Trojan program Trojan.Win32.BHO.o File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233\A0046346.dll//Virtumonde//PE_Patch.UPX//UPX
detected: Trojan program Trojan.Win32.BHO.o File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233\A0046475.dll//Virtumonde//PE_Patch.UPX//UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ar File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046494.dll//Virtumonde//PE_Patch.UPX//UPX
detected: Trojan program Trojan-Downloader.Win32.PurityScan.eg File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046529.exe//PE_Patch.PECompact//PecBundle//PECompact
detected: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046530.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.jp File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046541.dll
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046549.dll//PE_Patch.PECompact
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051013.exe
detected: Trojan program Trojan.Win32.Agent.amk File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP237\A0046793.exe//PE_Patch.UPX//UPX
detected: Trojan program Backdoor.Win32.Hupigon.wi File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP239\A0046872.EXE
detected: Trojan program Backdoor.Win32.Hupigon.wi File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0046974.EXE
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0049966.exe
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0049993.dll//PE_Patch.PECompact
detected: adware not-a-virus:AdWare.Win32.Virtumonde.fp File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0049994.dll//PE_Patch.PECompact
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0050002.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/svchest.exe/svchests.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0052013.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053013.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053313.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053466.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053480.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/svchests.exe
detected: Trojan program Trojan-Downloader.Win32.Delf.bfu File: C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe


Events
------
Time Event
---- -----
6/3/2007 7:12:36 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
6/3/2007 7:12:57 PM Protection of your computer started.
6/3/2007 7:15:57 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:15:57 PM Running process C:\WINDOWS\system32\dnrpitxk.exe: detected modification of riskware 'Hidden object'.
6/3/2007 7:15:57 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:15:57 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:15:58 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:15:58 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:16:16 PM Process (PID 3144) tried to access Kaspersky Anti-Virus process (PID 112), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
6/3/2007 7:16:18 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:16:18 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:16:24 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:16:24 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:17:12 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:17:12 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:17:41 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 7:17:41 PM Security threats have been detected. You are advised to neutralize them immediately.
6/3/2007 7:17:41 PM File c:\windows\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 7:17:43 PM File c:\windows\iis\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 7:17:43 PM File c:\windows\iis\iissets: is still infected, postponed.
6/3/2007 7:17:46 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 7:17:46 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: is still infected, postponed.
6/3/2007 7:17:51 PM File c:\program files\netmeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 7:17:51 PM File c:\program files\netmeeting\msmsgs: is still infected, postponed.
6/3/2007 7:17:59 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:17:59 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:18:42 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:18:42 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:18:56 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 7:19:07 PM Process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (PID 1576) successfully terminated.
6/3/2007 7:24:51 PM File C:\Program Files\NetMeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 7:24:51 PM File C:\Program Files\NetMeeting\msmsgs: is still infected, postponed.
6/3/2007 7:25:27 PM File C:\WINDOWS\IIS\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 7:25:27 PM File C:\WINDOWS\IIS\iissets: is still infected, postponed.
6/3/2007 7:34:21 PM Running process C:\WINDOWS\system32\dnrpitxk.exe: detected modification of riskware 'Hidden object'.
6/3/2007 7:34:33 PM Process C:\WINDOWS\system32\dnrpitxk.exe (PID 296) successfully terminated.
6/3/2007 8:25:50 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0050009.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'. User: MSHOME\ALLIKAT$, computer: localhost.
6/3/2007 9:09:07 PM Process (PID 3720) tried to access Kaspersky Anti-Virus process (PID 3852), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
6/3/2007 9:09:07 PM Process (PID 3720) tried to access Kaspersky Anti-Virus process (PID 112), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
6/3/2007 9:16:17 PM File C:\WINDOWS\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:16:18 PM File C:\WINDOWS\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 9:16:44 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0050009.exe: deleted.
6/3/2007 9:17:11 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:19:22 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:26:16 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
6/3/2007 9:26:41 PM Security threats have been detected. You are advised to neutralize them immediately.
6/3/2007 9:26:41 PM Protection of your computer started.
6/3/2007 9:29:26 PM Process (PID 2968) tried to access Kaspersky Anti-Virus process (PID 620), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
6/3/2007 9:29:26 PM Process (PID 2968) tried to access Kaspersky Anti-Virus process (PID 1700), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
6/3/2007 9:32:05 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:32:46 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:32:46 PM File c:\windows\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 9:32:47 PM File c:\windows\iis\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 9:32:47 PM File c:\windows\iis\iissets: is still infected, postponed.
6/3/2007 9:32:48 PM Update completed successfully
6/3/2007 9:32:49 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:32:49 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: is still infected, postponed.
6/3/2007 9:32:51 PM File c:\program files\netmeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 9:32:51 PM File c:\program files\netmeeting\msmsgs: is still infected, postponed.
6/3/2007 9:34:25 PM File C:\Program Files\NetMeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 9:34:25 PM File C:\Program Files\NetMeeting\msmsgs: is still infected, postponed.
6/3/2007 9:34:35 PM File C:\WINDOWS\IIS\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 9:34:35 PM File C:\WINDOWS\IIS\iissets: is still infected, postponed.
6/3/2007 9:35:42 PM File C:\WINDOWS\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:35:42 PM File C:\WINDOWS\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 9:35:45 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 9:37:10 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:42:10 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:47:12 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:52:13 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:56:29 PM Process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (PID 1600) successfully terminated.
6/3/2007 9:56:30 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:56:30 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:56:30 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 9:56:30 PM Running process c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe: detected modification of riskware 'Invader'.
6/3/2007 10:08:41 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:08:41 PM File c:\windows\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 10:08:41 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:08:41 PM File c:\windows\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 10:08:46 PM File c:\windows\iis\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:08:46 PM File c:\windows\iis\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:08:46 PM File c:\windows\iis\iissets: is still infected, postponed.
6/3/2007 10:08:46 PM File c:\windows\iis\iissets: is still infected, postponed.
6/3/2007 10:08:59 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:08:59 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:09:00 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: is still infected, postponed.
6/3/2007 10:09:00 PM File C:\WINDOWS\system\svchest.exe/svchests.exe: is still infected, postponed.
6/3/2007 10:09:04 PM File c:\program files\netmeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:09:04 PM File c:\program files\netmeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:09:04 PM File c:\program files\netmeeting\msmsgs: is still infected, postponed.
6/3/2007 10:09:04 PM File c:\program files\netmeeting\msmsgs: is still infected, postponed.
6/3/2007 10:12:06 PM File C:\Program Files\NetMeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:12:06 PM File C:\Program Files\NetMeeting\msmsgs: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:12:06 PM File C:\Program Files\NetMeeting\msmsgs: is still infected, postponed.
6/3/2007 10:12:06 PM File C:\Program Files\NetMeeting\msmsgs: is still infected, postponed.
6/3/2007 10:12:11 PM File C:\WINDOWS\IIS\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:12:11 PM File C:\WINDOWS\IIS\iissets: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 10:12:11 PM File C:\WINDOWS\IIS\iissets: is still infected, postponed.
6/3/2007 10:12:11 PM File C:\WINDOWS\IIS\iissets: is still infected, postponed.
6/3/2007 10:12:33 PM File C:\WINDOWS\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:12:33 PM File C:\WINDOWS\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 10:12:34 PM File C:\WINDOWS\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:12:34 PM File C:\WINDOWS\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 10:41:17 PM File c:\windows\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:49:36 PM File C:\WINDOWS\system32\xydzyh.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 10:49:36 PM File C:\WINDOWS\system32\xydzyh.exe: is still infected, postponed.
6/3/2007 11:23:03 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233\A0046346.dll//Virtumonde//PE_Patch.UPX//UPX: detected Trojan program 'Trojan.Win32.BHO.o'.
6/3/2007 11:23:04 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233\A0046346.dll//Virtumonde//PE_Patch.UPX//UPX: is still infected, postponed.
6/3/2007 11:23:55 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233\A0046475.dll//Virtumonde//PE_Patch.UPX//UPX: detected Trojan program 'Trojan.Win32.BHO.o'.
6/3/2007 11:23:55 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233\A0046475.dll//Virtumonde//PE_Patch.UPX//UPX: is still infected, postponed.
6/3/2007 11:24:51 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046494.dll//Virtumonde//PE_Patch.UPX//UPX: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.ar'.
6/3/2007 11:24:51 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046494.dll//Virtumonde//PE_Patch.UPX//UPX: is still infected, postponed.
6/3/2007 11:25:59 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046529.exe//PE_Patch.PECompact//PecBundle//PECompact: detected Trojan program 'Trojan-Downloader.Win32.PurityScan.eg'.
6/3/2007 11:26:00 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046529.exe//PE_Patch.PECompact//PecBundle//PECompact: is still infected, postponed.
6/3/2007 11:26:00 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046530.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.jp'.
6/3/2007 11:26:01 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046530.dll: is still infected, postponed.
6/3/2007 11:26:07 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046541.dll: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.jp'.
6/3/2007 11:26:07 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046541.dll: is still infected, postponed.
6/3/2007 11:26:16 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046549.dll//PE_Patch.PECompact: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.fp'.
6/3/2007 11:26:16 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046549.dll//PE_Patch.PECompact: is still infected, postponed.
6/3/2007 11:26:59 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051013.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'. User: MSHOME\ALLIKAT$, computer: localhost.
6/3/2007 11:32:00 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP237\A0046793.exe//PE_Patch.UPX//UPX: detected Trojan program 'Trojan.Win32.Agent.amk'.
6/3/2007 11:32:00 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP237\A0046793.exe//PE_Patch.UPX//UPX: is still infected, postponed.
6/3/2007 11:33:20 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP239\A0046872.EXE: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 11:33:20 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP239\A0046872.EXE: is still infected, postponed.
6/3/2007 11:35:36 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0046974.EXE: detected Trojan program 'Backdoor.Win32.Hupigon.wi'.
6/3/2007 11:35:36 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0046974.EXE: is still infected, postponed.
6/3/2007 11:37:01 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0049966.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:37:01 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0049966.exe: is still infected, postponed.
6/3/2007 11:38:07 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0049993.dll//PE_Patch.PECompact: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.fp'.
6/3/2007 11:38:07 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0049993.dll//PE_Patch.PECompact: is still infected, postponed.
6/3/2007 11:38:10 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0049994.dll//PE_Patch.PECompact: detected adware 'not-a-virus:AdWare.Win32.Virtumonde.fp'.
6/3/2007 11:38:10 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0049994.dll//PE_Patch.PECompact: is still infected, postponed.
6/3/2007 11:38:13 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0050002.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:38:14 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0050002.exe: is still infected, postponed.
6/3/2007 11:39:06 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051013.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:39:06 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051013.exe: is still infected, postponed.
6/3/2007 11:39:18 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/svchest.exe/svchests.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:39:18 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/svchest.exe/svchests.exe: is still infected, postponed.
6/3/2007 11:39:21 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0052013.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:39:21 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0052013.exe: is still infected, postponed.
6/3/2007 11:39:24 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053013.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:39:24 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053013.exe: is still infected, postponed.
6/3/2007 11:48:12 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053313.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/3/2007 11:48:12 PM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053313.exe: is still infected, postponed.
6/4/2007 12:01:19 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053466.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/4/2007 12:01:19 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053466.exe: is still infected, postponed.
6/4/2007 12:07:35 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053480.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/4/2007 12:07:35 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053480.exe: is still infected, postponed.
6/4/2007 12:07:38 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/svchests.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/4/2007 12:07:38 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/svchests.exe: is still infected, postponed.
6/4/2007 12:07:46 AM File C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe: detected Trojan program 'Trojan-Downloader.Win32.Delf.bfu'.
6/4/2007 2:08:36 AM Update completed successfully
6/4/2007 3:09:48 AM Process (PID 1860) tried to access Kaspersky Anti-Virus process (PID 620), but the action has been blocked by the Self-Defense component. No action on your part is necessary.


Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Proactive Defense running 6/3/2007 9:26:41 PM 14.9 KB
File Anti-Virus running 6/3/2007 9:26:41 PM 1.2 MB
Mail Anti-Virus running 6/3/2007 9:26:41 PM 0 bytes
Update completed 6/3/2007 9:26:48 PM 6/3/2007 9:32:48 PM 14.2 KB
Web Anti-Virus running 6/3/2007 9:26:41 PM 667.4 KB
Scan startup objects running 6/3/2007 9:31:05 PM 579.1 KB
Quarantine completed 6/3/2007 9:32:47 PM 6/3/2007 9:32:47 PM 4.8 KB
Scan My Computer running 6/3/2007 9:57:40 PM 3.3 MB
Scan critical areas completed 6/3/2007 9:59:31 PM 6/3/2007 10:49:38 PM 1 MB
Update completed 6/4/2007 1:27:01 AM 6/4/2007 2:08:35 AM 14.4 KB
Quarantine completed 6/4/2007 2:08:07 AM 6/4/2007 2:08:09 AM 4.8 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Possibly infected: riskware Hidden object C:\WINDOWS\system32\dnrpitxk.exe 19 KB 6/3/2007 7:34:20 PM


Backup
------
Status Object Size
------ ------ ----
Infected: Trojan program Trojan-Downloader.Win32.Delf.bfu C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051013.exe 29.5 KB
Infected: Trojan program Trojan-Downloader.Win32.Delf.bfu C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0050009.exe 29.5 KB
Infected: Trojan program Trojan-Downloader.Win32.Delf.bfu c:\windows\system32\xydzyh.exe 29.5 KB
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 04, 2007 6:11:51 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 4/04/2007
Kaspersky Anti-Virus database records: 291574
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 75478
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 03:02:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-04-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\A90AD9E2.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\FD6251DA.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\call256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chat512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\index2.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\user1024.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\user16384.dbb Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000002.pst Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007040420070405\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fla67.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_888.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4E49.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5C73.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PDFMaker.dot Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP196\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{152BCB18-E5C4-4CEC-94EA-DB78CF3089EF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1935E828-0AAD-46CD-B17F-2003069358F5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MFCtor.dll Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00005.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\cav37D6.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 11:17:11 AM, on 6/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\tuvvurr.dll (file missing)
O2 - BHO: (no name) - {5EB0B507-262B-44AF-87E8-AB711BDE2E64} - C:\WINDOWS\system32\gebyw.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protoco

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 07 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 09 June 2007 - 12:23 PM

Hi,

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#4 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 13 June 2007 - 06:09 AM

Jedi,

thanks for the help. I installed Combofix but cannot get it to run a scan. The program loads but I get an error message 'writing '@' with data 'explorer.exe-111' failed. the program then tries to run. after that I will get a popup error message 'runtime error 204 at 131426C1' and other messages about closing msmsg.exe and oscheck.exe. while this is going on somehow the computer opens multiple copies of 'dwwn.exe' and 'drwtsn32.exe until the CPU is running at 100% and then crashes. When this happens I have to power off to restart my computer.

Any suggestions?

Thanks
Gary

#5 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 June 2007 - 07:31 AM

Hi again,

Ok, try ComboFix in safe mode:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.

Run ComboFix.

Restart normally.

Post the report here, if CF runs correctly. Whether it does or not, please also carry out these two steps:

1. Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt.
2. Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#6 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 13 June 2007 - 02:53 PM

Hello.

getting somewhere slowly. attached is combifix log, drweb log. vundofix returned no infected files.
ComboFix 07-06-11.3 - C:\Documents and Settings\Owner\My Documents\My Downloads\ComboFix.exe
"Owner" - 2007-06-13 14:36:10 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


2007-06-13 12:15 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-06-11 13:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-03 19:05 71,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-03 19:05 2,426,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-03 19:05 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-03 18:06 <DIR> d-------- C:\KAV
2007-06-01 19:56 <DIR> d-------- C:\WINDOWS\IIS
2007-05-15 16:16 258,048 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-15 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-13 11:45 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-13 11:45 <DIR> d-------- C:\Temp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 19:17:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-06-11 05:57:22 -------- d-----w C:\Program Files\iTunes
2007-06-04 00:01:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 23:59:10 -------- d-----w C:\Program Files\Symantec
2007-06-03 23:36:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-19 16:21:29 -------- d-----w C:\Program Files\Messenger
2007-05-17 16:17:51 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-04-17 11:38:36 -------- d-----w C:\Program Files\BroadJump
2007-04-16 16:40:48 -------- d-----w C:\Program Files\Western Digital Technologies


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 00:47]
{5EB0B507-262B-44AF-87E8-AB711BDE2E64}=C:\WINDOWS\system32\gebyw.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 01:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" []
"GWMDMMSG"="GWMDMMSG.exe" [2003-09-13 20:02 C:\WINDOWS\GWMDMMSG.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
"xydzyh"="C:\WINDOWS\system32\xydzyh.exe" []
"dnrpitxk"="c:\windows\system32\dnrpitxk.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20]
"LDM"="\Program\" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvurr]
tuvvurr.dll


Contents of the 'Scheduled Tasks' folder
2007-06-03 18:45:10 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-04 05:00:00 C:\WINDOWS\tasks\At1.job
2007-06-12 14:00:03 C:\WINDOWS\tasks\At10.job
2007-06-13 15:00:00 C:\WINDOWS\tasks\At11.job
2007-06-13 16:00:00 C:\WINDOWS\tasks\At12.job
2007-06-13 17:00:00 C:\WINDOWS\tasks\At13.job
2007-06-12 18:00:00 C:\WINDOWS\tasks\At14.job
2007-06-12 19:00:00 C:\WINDOWS\tasks\At15.job
2007-06-12 20:00:00 C:\WINDOWS\tasks\At16.job
2007-06-12 21:00:00 C:\WINDOWS\tasks\At17.job
2007-06-12 22:00:00 C:\WINDOWS\tasks\At18.job
2007-06-12 23:00:00 C:\WINDOWS\tasks\At19.job
2007-06-11 06:00:00 C:\WINDOWS\tasks\At2.job
2007-06-13 00:00:00 C:\WINDOWS\tasks\At20.job
2007-06-09 01:00:00 C:\WINDOWS\tasks\At21.job
2007-06-09 02:00:00 C:\WINDOWS\tasks\At22.job
2007-06-09 03:00:00 C:\WINDOWS\tasks\At23.job
2007-06-09 04:00:00 C:\WINDOWS\tasks\At24.job
2007-06-11 07:00:00 C:\WINDOWS\tasks\At3.job
2007-06-04 08:00:00 C:\WINDOWS\tasks\At4.job
2007-06-08 09:00:00 C:\WINDOWS\tasks\At5.job
2007-06-08 10:00:00 C:\WINDOWS\tasks\At6.job
2007-06-13 11:00:00 C:\WINDOWS\tasks\At7.job
2007-06-13 12:00:00 C:\WINDOWS\tasks\At8.job
2007-06-08 13:00:00 C:\WINDOWS\tasks\At9.job
2007-06-12 14:00:04 C:\WINDOWS\tasks\wnaspi32.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 14:41:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-13 14:42:22
C:\ComboFix-quarantined-files.txt ... 2007-06-13 14:41

--- E O F ---
((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


Combofix quarantine log


2004-09-19 14:18	  1	--a--c---	C:\Qoobox\Quarantine\C\WINDOWS\HOSTS.vir
2006-07-11 14:29	  3787	--a--c---	C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
2006-11-28 20:37	  2566	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system\svchest.reg.vir
2007-05-13 11:49	  40183	--a------	C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir
2007-06-13 09:59	  30208	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system32\xydzyh.exe.vir
2007-06-13 09:59	  85107	--a------	C:\Qoobox\Quarantine\C\WINDOWS\system\svchest.exe.vir
2007-06-13 10:39	  2558	--a------	C:\Qoobox\Quarantine\Registry_backups\services_Indexingbox.reg.cf


Folder PATH listing
Volume serial number is 8C0F-6B72
C:\QOOBOX
\---Quarantine
	+---C
	|   +---Program Files
	|   |   |   INSTALL.LOG.vir
	|   |   |   
	|   |   \---Common Files
	|   |		   Yazzle1281OinUninstaller.exe.vir
	|   |		   
	|   \---WINDOWS
	|	   |   HOSTS.vir
	|	   |   
	|	   +---system
	|	   |	   svchest.exe.vir
	|	   |	   svchest.reg.vir
	|	   |	   
	|	   \---system32
	|			   xydzyh.exe.vir
	|			   
	\---Registry_backups
			services_Indexingbox.reg.cf
			

Dr Web Log

UDC6_0001_D19M1908NetInstaller.exe;C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp;Trojan.DownLoader.17676;Deleted.;
InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably MULDROP.Trojan;;
update.exe;C:\Program Files\Netpas\Estimator 2005;Probably DLOADER.Trojan;;
tgcmd.exe;C:\Program Files\SupportSoft\bin;Probably DLOADER.Trojan;;
A0044764.exe;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP210;Adware.Cfd;;
A0046346.dll;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233;Trojan.Virtumod;Deleted.;
A0046475.dll;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP233;Trojan.Virtumod;Deleted.;
A0046494.dll;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234;Trojan.Virtumod;Deleted.;
A0046529.exe;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234;Adware.ClickSpring;;
A0046549.dll;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234;Trojan.Virtumod;Deleted.;
A0049993.dll;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242;Trojan.Virtumod;Deleted.;
A0049994.dll;C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242;Trojan.Virtumod;Deleted.;
UDC6_0001_D19M1908NetInstaller.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.17676;Deleted.;
UDC6_0001_D19M1908NetInstaller.exe;C:\WINDOWS\Downloaded Program Files\CONFLICT.1;Trojan.DownLoader.17676;Deleted.;

thanks again for your help.

#7 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 13 June 2007 - 03:56 PM

Hi again,

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5EB0B507-262B-44AF-87E8-AB711BDE2E64}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xydzyh"=-
"dnrpitxk"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvurr]



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Unzip this file to desktop:
[attachment=1684:attachment]
Double-click on Remove.bat and post the output textfile here.
Note: This file was designed for Allikat's problem, and will not help anyone else's, if you are not Allikat do not use this file

Next:

Please do the following:
Run a BitDefender Online scan Here and post the results.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#8 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 14 June 2007 - 11:28 AM

Hello,

have done as you suggested. herebelow are the logs

BitDefender Online Scanner



Scan report generated at: Thu, Jun 14, 2007 - 10:22:48





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
02:12:20

Files
316812

Folders
6854

Boot Sectors
2

Archives
8570

Packed Files
48730




Results

Identified Viruses
2

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4




Engines Info

Virus Definitions
513586

Engine build
AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab=>UDC6_0001_D19M1908NetInstaller.exe
Infected with: Trojan.Downloader.AVN

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab=>UDC6_0001_D19M1908NetInstaller.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab=>UDC6_0001_D19M1908NetInstaller.exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab
Update failed

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.reg.vir
Infected with: Trojan.Downloader.Delf.ALF

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.reg.vir
Disinfection failed

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.reg.vir
Deleted

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)=>svchest.reg
Infected with: Trojan.Downloader.Delf.ALF

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)=>svchest.reg
Disinfection failed

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)=>svchest.reg
Deleted

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)
Update failed

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058010.reg
Infected with: Trojan.Downloader.Delf.ALF

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058010.reg
Disinfection failed

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058010.reg
Deleted




and output log



Delitor by wng_z3r0

Files to delete:
**************************
"C:\WINDOWS\tasks\At1.job"
"C:\WINDOWS\tasks\At10.job"
"C:\WINDOWS\tasks\At11.job"
"C:\WINDOWS\tasks\At12.job"
"C:\WINDOWS\tasks\At13.job"
"C:\WINDOWS\tasks\At14.job"
"C:\WINDOWS\tasks\At15.job"
"C:\WINDOWS\tasks\At16.job"
"C:\WINDOWS\tasks\At17.job"
"C:\WINDOWS\tasks\At18.job"
"C:\WINDOWS\tasks\At19.job"
"C:\WINDOWS\tasks\At2.job"
"C:\WINDOWS\tasks\At20.job"
"C:\WINDOWS\tasks\At21.job"
"C:\WINDOWS\tasks\At22.job"
"C:\WINDOWS\tasks\At23.job"
"C:\WINDOWS\tasks\At24.job"
"C:\WINDOWS\tasks\At3.job"
"C:\WINDOWS\tasks\At4.job"
"C:\WINDOWS\tasks\At5.job"
"C:\WINDOWS\tasks\At6.job"
"C:\WINDOWS\tasks\At7.job"
"C:\WINDOWS\tasks\At8.job"
"C:\WINDOWS\tasks\At9.job"

END Files to delete:
**************************



Files remaining after deletion:
**************************

END of file:
**************************


Thanks again

#9 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 June 2007 - 12:34 PM

Hi again,

Good, that looks like it all went well, please now post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#10 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 15 June 2007 - 06:38 AM

Good Morning.

still getting msmsg crash and oscheck crash everytime I reboot. dont know if the virus has caused this problem. here is the new log.

thanks

Logfile of HijackThis v1.97.7
Scan saved at 06:33, on 2007-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Web Anti-Virus statistics (HKLM)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Share in Hello (HKLM)
O9 - Extra 'Tools' menuitem: Share in H&ello (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

#11 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 15 June 2007 - 07:03 AM

Hi again,

dont know if the virus has caused this problem

. Quite likely, there are still some problems visible in your log. Because of the annoyingly large amount of entries Logitech adds to a HiJackThis log, and because there's a word limit on posts here, you've cut off the bottom of your log, can you post it again in two equal sections using two posts, so I can see it all.
Thanks.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#12 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 16 June 2007 - 05:52 PM

Posting again

1st half

Logfile of HijackThis v1.97.7
Scan saved at 06:33, on 2007-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Web Anti-Virus statistics (HKLM)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Share in Hello (HKLM)
O9 - Extra 'Tools' menuitem: Share in H&ello (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

#13 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 16 June 2007 - 05:52 PM

2nd half

O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc3.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

thanks

#14 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 17 June 2007 - 04:27 AM

Hi again,

* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\system32\xydzyh.exe
C:\windows\system32\dnrpitxk.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Next:

Download getservices from http://www.bleepingc...getservices.zip

To use this script, extract the zip file to your C: drive. Once it is extracted you will find a directory on your C: drive called getservice. Inside the C:\getservice directory will be a file called getservice.bat . Simply double-click on the getservice.bat file and when it is completed a notepad will open with a lot of information. Copy and paste the information from the notepad and post it here as your reply.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#15 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 17 June 2007 - 10:51 AM

Good Morning.

tried your suggestions but KillBox didnt work.

- could not use cut n paste so retyped file path. could only do one at a time. first file resulted in error message "file does not exist" 2nd file resulted in error message 'PendingFileRenameOperations Registry Data has been Removed by External Process!" Capitalization and spacing as per error message.

ran program a number of times, rebooting each time. same results.

ran the log file which is attached.

PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Active HelpAssistants
Active HelpAssistants
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\IIS\iissets
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Active HelpAssistants
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AVG Anti-Spyware Guard
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG Anti-Spyware Guard
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AVP
Provides protection against computer viruses and another dangerous software.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Kaspersky Anti-Virus 6.0
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CiSvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HID Input Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: iPod Service
iPod hardware management services
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\iPod\bin\iPodService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : iPod Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: LVPrcSrv
Webcam Effects Helper.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Logitech Process Monitor
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: workService
: Distributed Transaction Coordinator
: ion
: d Settin€
: 
: ?
: 
: ˜N7
: x7
: ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
:
: u
: n
: a
: v
: a
: i
: l
: a
: b
: l
: e
: .
:
: I
: f
:
: t
: h
: i
: s
:
: s
: e
: r
: v
: i
: c
: e
:
: i
: s
:
: d
: i
: s
: a
: b
: l
: e
: d
: ,
:
: a
: n
: y
:
: s
: e
: r
: v
: i
: c
: e
: s
:
: t
: h
: a
: t
:
: e
: x
: p
: l
: i
: c
: i
: t
: l
: y
:
: d
: e
: p
: e
: n
: d
:
: o
: n
:
: i
: t
:
: w
: i
: l
: l
:
: f
: a
: i
: l
:
: t
: o
:
: s
: t
: a
: r
: t
: .
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NMSSvc
Intel® NIC Management Service
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\NMSSvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Intel® NMS
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Office Source Engine Help
Office Source Engine Help
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\NetMeeting\msmsgs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : OESH
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ose
Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Office Source Engine
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PictureTaker
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\PCTKRNT.SYS
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : PictureTaker
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Pml Driver HPZ12
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\HPZipm12.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Pml Driver HPZ12
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PrismXL
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : PrismXL
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Schedule
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 6000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Internet Connection Sharing
DEPENDENCIES : RasMan
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\dllhost.exe /Processid:{06D9925E-F54C-43BA-A457-82B2C066D7F5}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

thanks again.

#16 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 17 June 2007 - 11:27 AM

Ok,

Please run Notepad and paste the following text in the Code box into a new file:

sc stop Active HelpAssistants
sc delete Active HelpAssistants
attrib -r -h -s C:\windows\system32\dnrpitxk.exe
del C:\windows\system32\dnrpitxk.exe
attrib -r -h -s C:\WINDOWS\system32\xydzyh.exe
del C:\WINDOWS\system32\xydzyh.exe


Save the file to the desktop as remove.bat and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on remove.bat.

Next, please do the following:
Run a BitDefender Online scan Here and post the results.

Next, please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Please also post a fresh HiJackThis log. You may need several posts to fit all this in, please check all logs are complete when you post, you can use the 'Preview Post' tab to check this.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#17 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 June 2007 - 02:04 PM

Hello

Logfile of HijackThis v1.99.1
Scan saved at 14:01, on 2007-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\Acrobat.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Owner\My Documents\My Downloads\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Active HelpAssistants - Unknown owner - C:\WINDOWS\IIS\iissets (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

BitDefender Online Scanner



Scan report generated at: Tue, Jun 19, 2007 - 13:59:27





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:58:11

Files
325570

Folders
6857

Boot Sectors
2

Archives
8585

Packed Files
49352




Results

Identified Viruses
2

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
514367

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab=>UDC6_0001_D19M1908NetInstaller.exe
Infected with: Trojan.Downloader.AVN

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab=>UDC6_0001_D19M1908NetInstaller.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab=>UDC6_0001_D19M1908NetInstaller.exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab
Update failed

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)=>svchest.reg
Infected with: Trojan.Downloader.Delf.ALF

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)=>svchest.reg
Disinfection failed

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)=>svchest.reg
Deleted

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE=>(RAR Sfx o)
Update failed



continued

#18 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 June 2007 - 02:05 PM

continued

KASPERSKY ONLINE SCANNER REPORT
2007-06-19 11:31
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 349215


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 86680
Number of viruses found 8
Number of infected objects 172
Number of suspicious objects 0
Duration of the scan process 02:21:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0384_File_Monitoring_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0384_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0386_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\038a_pdm_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\038a_pdm_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\call256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chat512.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\index2.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\user1024.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\user4096.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0046529.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007061920070620\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\dnrpitxk.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\Documents and Settings\Owner\Local Settings\Temp\g0ld.com Infected: Trojan-Downloader.Win32.Small.elj skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2TG7Y1U5\wscnfty[2].txt Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab CAB: infected - 1 skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\NetMeeting\msmsgs Infected: Backdoor.Win32.Hupigon.wi skipped

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.exe.vir/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.exe.vir/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.exe.vir RarSFX: infected - 2 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\xydzyh.exe.vir Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046530.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046541.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP237\A0046793.exe Infected: Trojan.Win32.Agent.amk skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP239\A0046872.EXE Infected: Backdoor.Win32.Hupigon.wi skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0046974.EXE Infected: Backdoor.Win32.Hupigon.wi skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0049966.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0050002.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar/svchest.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar/svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar/svchest.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0052013.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053013.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053313.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053466.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053480.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053484.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053502.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053506.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053506.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053506.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053564.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053566.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053566.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053566.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053584.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053585.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053585.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053585.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053590.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053596.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053596.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053596.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053600.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053607.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053607.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053607.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053608.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053615.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053618.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053618.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053618.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053626.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053626.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053626.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053639.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053645.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053645.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053645.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053652.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053656.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053656.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053656.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053660.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053670.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053670.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053670.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053678.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053683.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053683.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053683.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053687.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053690.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053691.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053691.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053691.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053703.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053711.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053711.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053711.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054700.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054702.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054703.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054703.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054703.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054711.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054715.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054715.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054715.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054718.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055708.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055710.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055710.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055710.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055722.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055725.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055725.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055725.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055735.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055740.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055740.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055740.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055748.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055751.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055751.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055751.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055764.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055770.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055770.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055770.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055775.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055782.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055782.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055782.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055789.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055792.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055792.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055792.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055796.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055803.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055803.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055803.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055809.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055817.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055817.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055817.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055821.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055827.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055827.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055827.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055832.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055837.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055837.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055837.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056831.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056833.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056833.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056833.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056841.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056844.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056844.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056844.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056854.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056861.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056861.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056861.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056879.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056884.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056884.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056884.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057879.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057937.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057937.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057937.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057947.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057951.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057951.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057951.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058009.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058009.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058009.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058011.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP248\A0059115.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP250\A0059215.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP251\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{152BCB18-E5C4-4CEC-94EA-DB78CF3089EF}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{7C939661-EE2E-4A1B-AC17-3672D9087C83}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\system32\config\sam Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\security Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\spool\PRINTERS\00005.SPL Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

thanks again all your assistance

#19 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 June 2007 - 02:09 PM

continued

KASPERSKY ONLINE SCANNER REPORT
2007-06-19 11:31
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 349215


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 86680
Number of viruses found 8
Number of infected objects 172
Number of suspicious objects 0
Duration of the scan process 02:21:11

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0384_File_Monitoring_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0384_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0386_Web_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\038a_pdm_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\038a_pdm_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\call256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\callmember256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chat512.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg2048.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg4096.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\chatmsg512.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\contactgroup256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\index2.dat Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\profile16384.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\user1024.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\user4096.dbb Object is locked skipped

C:\Documents and Settings\Owner\Application Data\Skype\gary.frankston\voicemail256.dbb Object is locked skipped

C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0046529.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007061920070620\index.dat Object is locked skipped

C:\Documents and Settings\Owner\Local Settings\Temp\dnrpitxk.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\Documents and Settings\Owner\Local Settings\Temp\g0ld.com Infected: Trojan-Downloader.Win32.Small.elj skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2TG7Y1U5\wscnfty[2].txt Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4XYVS5UB\installdrivecleanerstart[1].cab CAB: infected - 1 skipped

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped

C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

C:\Program Files\NetMeeting\msmsgs Infected: Backdoor.Win32.Hupigon.wi skipped

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.exe.vir/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.exe.vir/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\QooBox\Quarantine\C\WINDOWS\system\svchest.exe.vir RarSFX: infected - 2 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\xydzyh.exe.vir Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046530.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP234\A0046541.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP237\A0046793.exe Infected: Trojan.Win32.Agent.amk skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP239\A0046872.EXE Infected: Backdoor.Win32.Hupigon.wi skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0046974.EXE Infected: Backdoor.Win32.Hupigon.wi skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP241\A0049966.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP242\A0050002.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar/svchest.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar/svchest.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar/svchest.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0051019.EXE RarSFX: infected - 4 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0052013.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053013.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053313.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP243\A0053466.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053480.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053483.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053484.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053495.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053502.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053506.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053506.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053506.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053564.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053566.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053566.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053566.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053584.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053585.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053585.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053585.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053590.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053596.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053596.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053596.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053600.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053607.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053607.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053607.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053608.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053615.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053618.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053618.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053618.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053626.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053626.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053626.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053639.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053645.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053645.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053645.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053652.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053656.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053656.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053656.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053660.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053670.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053670.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053670.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053678.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053683.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053683.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053683.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053687.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053690.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053691.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053691.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053691.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053703.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053711.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053711.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0053711.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054700.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054702.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054703.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054703.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP244\A0054703.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054711.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054715.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054715.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054715.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0054718.exe Infected: Trojan-Clicker.Win32.VB.qj skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055708.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055710.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055710.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055710.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055722.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055725.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055725.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055725.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055735.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055740.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055740.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055740.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055748.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055751.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055751.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055751.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055764.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055770.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055770.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055770.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055775.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055782.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055782.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055782.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055789.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055792.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055792.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP245\A0055792.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055796.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055803.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055803.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055803.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055809.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055817.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055817.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055817.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055821.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055827.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055827.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055827.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055832.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055837.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055837.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0055837.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056831.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056833.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056833.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056833.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056841.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056844.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056844.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056844.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056854.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056861.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056861.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056861.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056879.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056884.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056884.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP246\A0056884.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057879.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057937.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057937.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057937.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057947.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057951.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057951.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0057951.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058009.exe/data.rar/svchests.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058009.exe/data.rar Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058009.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP247\A0058011.exe Infected: Trojan-Downloader.Win32.Delf.bfu skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP248\A0059115.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP250\A0059215.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{E410D398-7CFE-49ED-AAB2-692F12398DE5}\RP251\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{152BCB18-E5C4-4CEC-94EA-DB78CF3089EF}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{7C939661-EE2E-4A1B-AC17-3672D9087C83}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\system32\config\sam Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\security Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\spool\PRINTERS\00005.SPL Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

thanks again all your assistance

#20 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 19 June 2007 - 03:32 PM

Hi again,

Scan with HiJackThis and put a check in the box next to the following items;

O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O23 - Service: Active HelpAssistants - Unknown owner - C:\WINDOWS\IIS\iissets (file missing)


Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#21 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 22 June 2007 - 03:46 PM

Hello,

here is the logfile

Logfile of HijackThis v1.99.1
Scan saved at 15:44, on 2007-06-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

thanks

#22 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 23 June 2007 - 01:40 PM

Hi,

Download Avenger from here:
http://swandog46.geekstogo.com/

Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:

Files to delete:
C:\WINDOWS\system32\xydzyh.exe
c:\windows\system32\dnrpitxk.exe



and click 'Done'

Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.

Post the Avenger output log, which you can find at C:\Avenger\.txt

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#23 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 24 June 2007 - 09:38 PM

Good Evening.

Damn these are nasty

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not open Run key to register cleanup batch.
Error code: 1813


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ginbqeat

*******************

Script file located at: \??\C:\WINDOWS\system32\vbbjebwe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\system32\xydzyh.exe not found!
Deletion of file C:\WINDOWS\system32\xydzyh.exe failed!

Could not process line:
C:\WINDOWS\system32\xydzyh.exe
Status: 0xc0000034



File c:\windows\system32\dnrpitxk.exe not found!
Deletion of file c:\windows\system32\dnrpitxk.exe failed!

Could not process line:
c:\windows\system32\dnrpitxk.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

Thanks

#24 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 25 June 2007 - 01:49 AM

Hi again,

Hmm, well according to Avenger they don't even exist. I wonder if they still show in a HiJackThis log? Please post a fresh one for me.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#25 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 25 June 2007 - 06:58 AM

Good Morning.

new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 06:56, on 2007-06-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

thanks

#26 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 25 June 2007 - 12:58 PM

Hi again,

That's slightly odd. Ok, I need you to try to run ComboFix again. It's possible it didn't run before because you didn't have Administrator privileges, so make sure you are logged in as Administrator, here is the download again,

1. Download this file - ComboFix
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Do not do anything on the PC while it is running. If it doesn't run we'll try it in safe mode.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#27 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 26 June 2007 - 11:26 AM

Good Morning.

Not able to run except in Safe Mode. Ran under Administrator and here is the log.


ComboFix 07-06-11.3 - C:\Documents and Settings\Owner\My Documents\My Downloads\ComboFix.exe
"Administrator" - 2007-06-26 11:01:53 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))


2007-06-25 23:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-24 21:30 60,416 --a------ C:\WINDOWS\system32\drivers\pnbgkpju.sys
2007-06-24 21:30 126,976 --a------ C:\zip.exe
2007-06-24 21:30 1,080 --a------ C:\hjsltmdn.bat
2007-06-17 10:27 <DIR> d-------- C:\!KillBox
2007-06-14 08:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 12:15 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-06-11 13:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-03 19:05 4,415,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-03 19:05 170,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-03 19:05 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-03 18:06 <DIR> d-------- C:\KAV
2007-06-01 19:56 <DIR> d-------- C:\WINDOWS\IIS


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 05:57:22 -------- d-----w C:\Program Files\iTunes
2007-06-04 00:01:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 23:59:10 -------- d-----w C:\Program Files\Symantec
2007-06-03 23:36:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-19 16:21:29 -------- d-----w C:\Program Files\Messenger
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 00:47]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 01:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" []
"GWMDMMSG"="GWMDMMSG.exe" [2003-09-13 20:02 C:\WINDOWS\GWMDMMSG.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
"xydzyh"="C:\WINDOWS\system32\xydzyh.exe" []
"dnrpitxk"="c:\windows\system32\dnrpitxk.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c Combobatch.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]


Contents of the 'Scheduled Tasks' folder
2007-06-17 18:45:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-25 14:00:00 C:\WINDOWS\tasks\wnaspi32.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 11:06:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NMSCFG]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS"

Completion time: 2007-06-26 11:07:20
C:\ComboFix-quarantined-files.txt ... 2007-06-26 11:06

--- E O F ---

Thanks again

#28 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 June 2007 - 03:55 AM

Hi again,

OK, there they are, under the run key.

* Download Killbox.
Do not run it yet.

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"xydzyh"=-
"dnrpitxk"=-



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".

Do not use it yet.

Next:

Restart your computer, and begin tapping the F8 key on your keyboard. Continue to do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Using the arrow keys on the keyboard, scroll to and select the Safe mode menu item, and then press Enter.


Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Next:

Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\tasks\wnaspi32.job
C:\WINDOWS\system32\xydzyh.exe
c:\windows\system32\dnrpitxk.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Please now post a fresh HiJackThis log.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#29 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 28 June 2007 - 08:35 AM

Good Morning

Logfile of HijackThis v1.99.1
Scan saved at 08:23, on 2007-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

thanks.

#30 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 28 June 2007 - 01:03 PM

Hi,

Open a new notepad document, and paste in this:

File::
C:\WINDOWS\system32\xydzyh.exe
c:\windows\system32\dnrpitxk.exe


Save it as ComboFix-Do.txt, save as type 'All Files' then drag and drop the file into ComboFix.exe.

Now run ComboFix again and post the results.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#31 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 30 June 2007 - 03:23 PM

Hello,

Again, I had to run in Safe Mode under Administrator


ComboFix 07-06-18.2 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Administrator" - 2007-06-30 14:58:02 - Service Pack 2 NTFS [SAFE MODE]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-30 10:00 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-06-30 10:00 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-06-30 10:00 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-06-28 08:01 108 --a------ C:\fix.reg
2007-06-25 23:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-24 21:30 60,416 --a------ C:\WINDOWS\system32\drivers\pnbgkpju.sys
2007-06-24 21:30 126,976 --a------ C:\zip.exe
2007-06-24 21:30 1,080 --a------ C:\hjsltmdn.bat
2007-06-17 10:27 <DIR> d-------- C:\!KillBox
2007-06-14 08:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 12:15 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-06-11 13:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-03 19:05 4,628,768 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-03 19:05 181,792 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-03 19:05 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-03 18:06 <DIR> d-------- C:\KAV
2007-06-01 19:56 <DIR> d-------- C:\WINDOWS\IIS
2007-05-15 16:16 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-15 16:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-13 11:45 <DIR> d-------- C:\WINDOWS\system32\SBO
2007-05-13 11:45 <DIR> d-------- C:\Temp


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 05:57:22 -------- d-----w C:\Program Files\iTunes
2007-06-04 00:01:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 23:59:10 -------- d-----w C:\Program Files\Symantec
2007-06-03 23:36:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-19 16:21:29 -------- d-----w C:\Program Files\Messenger
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 00:47]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 01:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" []
"GWMDMMSG"="GWMDMMSG.exe" [2003-09-13 20:02 C:\WINDOWS\GWMDMMSG.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
"xydzyh"="C:\WINDOWS\system32\xydzyh.exe" []
"dnrpitxk"="c:\windows\system32\dnrpitxk.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]


Contents of the 'Scheduled Tasks' folder
2007-06-17 18:45:04 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-30 15:02:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-30 15:03:48
C:\ComboFix-quarantined-files.txt ... 2007-06-30 15:03
C:\ComboFix2.txt ... 2007-06-26 11:07

--- E O F ---

Thanks

#32 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 01 July 2007 - 06:14 AM

Hi,

That didn't seem to go quite right, let's try it again:

Open notepad and copy/paste the text in the quotebox below into it:
(Do not include the word 'Quote')

File::
C:\WINDOWS\system32\xydzyh.exe
c:\windows\system32\dnrpitxk.exe
C:\zip.exe

Folder::
C:\WINDOWS\system32\SBO
C:\Temp

Driver::
C:\WINDOWS\system32\drivers\pnbgkpju.sys


Save this as ComboFix-Do.txt

Now boot into safe mode, and run as Admin.

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#33 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 01 July 2007 - 02:59 PM

Hello,


ComboFix 07-06-18.2 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Administrator" - 2007-07-01 14:33:00 - Service Pack 2 NTFS [SAFE MODE]
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Temp
C:\WINDOWS\system32\SBO
C:\zip.exe


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-06-30 10:00 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-06-30 10:00 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-06-30 10:00 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-06-28 08:01 108 --a------ C:\fix.reg
2007-06-25 23:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-24 21:30 60,416 --a------ C:\WINDOWS\system32\drivers\pnbgkpju.sys
2007-06-24 21:30 1,080 --a------ C:\hjsltmdn.bat
2007-06-17 10:27 <DIR> d-------- C:\!KillBox
2007-06-14 08:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 12:15 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-06-11 13:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-03 19:05 4,680,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-03 19:05 184,352 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-03 19:05 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-03 18:06 <DIR> d-------- C:\KAV
2007-06-01 19:56 <DIR> d-------- C:\WINDOWS\IIS


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 05:57:22 -------- d-----w C:\Program Files\iTunes
2007-06-04 00:01:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 23:59:10 -------- d-----w C:\Program Files\Symantec
2007-06-03 23:36:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-19 16:21:29 -------- d-----w C:\Program Files\Messenger
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 00:47]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 01:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" []
"GWMDMMSG"="GWMDMMSG.exe" [2003-09-13 20:02 C:\WINDOWS\GWMDMMSG.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
"xydzyh"="C:\WINDOWS\system32\xydzyh.exe" []
"dnrpitxk"="c:\windows\system32\dnrpitxk.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]


Contents of the 'Scheduled Tasks' folder
2007-07-01 18:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 14:37:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-01 14:38:46
C:\ComboFix-quarantined-files.txt ... 2007-07-01 14:38
C:\ComboFix2.txt ... 2007-06-30 15:03
C:\ComboFix3.txt ... 2007-06-26 11:07

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 14:58, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

thanks again

#34 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 July 2007 - 04:12 AM

Hi again,

Ok, once again those two files don't seem to exist, so let's try removing the registry entries by the same method:

Open notepad and copy/paste the text in the quotebox below into it:
(Do not include the word 'Quote')

File::
C:\WINDOWS\system32\drivers\pnbgkpju.sys
C:\hjsltmdn.bat
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xydzyh"=-
"dnrpitxk"=-



Save this as ComboFix-Do.txt

Now boot into safe mode, and run as Admin.

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#35 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 03 July 2007 - 09:40 AM

Good Morning.

Logfile of HijackThis v1.99.1
Scan saved at 09:35, on 2007-07-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS


ComboFix 07-06-18.2 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Administrator" - 2007-07-03 9:22:48 - Service Pack 2 NTFS [SAFE MODE]
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\hjsltmdn.bat
C:\WINDOWS\system32\drivers\pnbgkpju.sys


((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 )))))))))))))))))))))))))))))))


2007-06-30 10:00 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-06-30 10:00 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-06-30 10:00 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-06-28 08:01 108 --a------ C:\fix.reg
2007-06-25 23:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-17 10:27 <DIR> d-------- C:\!KillBox
2007-06-14 08:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 12:15 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-06-11 13:58 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-06-03 19:06 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-06-03 19:05 4,766,752 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-03 19:05 189,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-03 19:05 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-06-03 18:06 <DIR> d-------- C:\KAV


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-11 05:57:22 -------- d-----w C:\Program Files\iTunes
2007-06-04 00:01:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 23:59:10 -------- d-----w C:\Program Files\Symantec
2007-06-03 23:36:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-19 16:21:29 -------- d-----w C:\Program Files\Messenger
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-12 00:47]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-12 01:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" []
"GWMDMMSG"="GWMDMMSG.exe" [2003-09-13 20:02 C:\WINDOWS\GWMDMMSG.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]
"xydzyh"="C:\WINDOWS\system32\xydzyh.exe" []
"dnrpitxk"="c:\windows\system32\dnrpitxk.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]


Contents of the 'Scheduled Tasks' folder
2007-07-01 18:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-03 09:27:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-03 9:28:33
C:\ComboFix-quarantined-files.txt ... 2007-07-03 09:27
C:\ComboFix2.txt ... 2007-07-01 14:38
C:\ComboFix3.txt ... 2007-06-30 15:03

--- E O F ---

Thanks for your continued efforts

#36 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 03 July 2007 - 04:39 PM

Hi again,

Please download F-Secure BlackLight
  • Save BlackLight to your desktop.
  • Double-click blbeta.exe then accept the agreement.
  • Click > Scan then > Next
  • After the scan you'll see a list of all items found. Please click Next and exit. Don't choose to rename anything yet! I want to see the log first, because legitimate items can also be present there.
  • There will be a log on your desktop with the name fsbl.xxxxxxx.log (where the xxxxxxx are numbers)
    Please post the contents of this log in your next reply.
jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#37 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 04 July 2007 - 10:21 AM

Good Morning.

07/04/07 09:48:31 [Info]: BlackLight Engine 1.0.64 initialized
07/04/07 09:48:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/04/07 09:48:31 [Note]: 7019 4
07/04/07 09:48:31 [Note]: 7005 0
07/04/07 09:48:40 [Note]: 7006 0
07/04/07 09:48:40 [Note]: 7011 2360
07/04/07 09:48:41 [Note]: 7026 0
07/04/07 09:48:42 [Note]: 7026 0
07/04/07 09:48:47 [Note]: FSRAW library version 1.7.1022
07/04/07 10:20:02 [Note]: 7007 0

thanks

#38 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 04 July 2007 - 03:10 PM

Hi again,

I need to know if your normal account has Admin privileges. If you don't know, at the taskbar, click Start|Control Panel.
In the Control Panel window, click 'User Accounts'. Your normal log-in will be listed and a description of the account type under the account name. Let me know what it says.

Next, delete your version of ComboFix. Then download this version:
http://download.blee...ta/ComboFix.exe
Do not use it yet.

Next:

Scan with HiJackThis and put a check in the box next to the following items;

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe


Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

Restart.

Next:

Navigate to this folder:

C:\WINDOWS\IIS

Open the folder, and list the contents for me. If there are files inside don't open them, just give me the file names.

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#39 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 06 July 2007 - 10:30 AM

Good Morning

1. computer administrator

2. deleted COmbiFix and then downloaded new copy

3. checked files

4. Windows/IIS is empty

5. new log

Logfile of HijackThis v1.99.1
Scan saved at 10:27, on 2007-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 9 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [xydzyh] C:\WINDOWS\system32\xydzyh.exe
O4 - HKLM\..\Run: [dnrpitxk] c:\windows\system32\dnrpitxk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: OESH (Office Source Engine Help) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

Thanks

#40 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 06 July 2007 - 01:03 PM

Hi again,

Go to Start > Run and type in Services.msc then click OK

Click the Extended tab.

Scroll down until you find OESH

Click once on the service to highlight it.

Click Stop

Right-Click on the service.

Click on 'Properties'

Select the 'General' tab

Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box

From the drop-down menu, click on 'Disabled'

Click the 'Apply' tab, then click 'OK'

Please run HijackThis and click Config -> Misc Tools -> Delete an NT service. In the Delete window, type Office Source Engine Help and press OK. OK any prompts, close HijackThis, and restart your computer.

Next:

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum.

Next;

Run the new version of Combofix and post the report.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#41 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 07 July 2007 - 02:07 PM

Hello

getting new error message. "Windows has recovered from a serious problem and had to reboot."

SDFix: Version 1.90

Run by Administrator on 2007-07-07 at 13:30

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\sam.tmp.LOG
C:\WINDOWS\system32\config\security.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

"Administrator" - 2007-07-07 13:52:52 - ComboFix 07-07-06 - Service Pack 2 [SAFE MODE]


((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-07 )))))))))))))))))))))))))))))))


2007-07-07 13:29 <DIR> d-------- C:\WINDOWS\ERUNT
2007-06-30 10:00 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-06-30 10:00 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-06-30 10:00 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-06-30 10:00 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-06-28 08:01 108 --a------ C:\fix.reg
2007-06-25 23:07 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-17 10:27 <DIR> d-------- C:\!KillBox
2007-06-14 08:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-06-13 12:15 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-06-11 13:58 51,200 --a------ C:\WINDOWS\nircmd.exe


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-03 19:18:27 -------- d-----w C:\Program Files\HP
2007-06-11 05:57:22 -------- d-----w C:\Program Files\iTunes
2007-06-04 00:05:47 -------- d-----w C:\Program Files\Kaspersky Lab
2007-06-04 00:01:10 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-03 23:59:10 -------- d-----w C:\Program Files\Symantec
2007-06-03 23:36:45 -------- d-----w C:\Program Files\Norton AntiVirus
2007-05-19 16:21:29 -------- d-----w C:\Program Files\Messenger
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2003-05-12 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
2003-05-12 01:03 147456 --a------ C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" []
"GWMDMMSG"="GWMDMMSG.exe" [2003-09-13 20:02 C:\WINDOWS\GWMDMMSG.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 C:\WINDOWS\KHALMNPR.Exe]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"UserFaultCheck"="%systemroot%\system32\dumprep 0 -u" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]


Contents of the 'Scheduled Tasks' folder
2007-07-01 18:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-07 13:57:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-07 13:58:27
C:\ComboFix-quarantined-files.txt ... 2007-07-07 13:57

--- E O F ---

Thanks again.

#42 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 07 July 2007 - 02:27 PM

Hi again,

Well, it looks like those file entries are gone, I assume the service we removed was supporting them. This message:

"Windows has recovered from a serious problem and had to reboot."

Is it regularly happening or did it happen just after you performed the above procedures?

Please post a fresh HiJackThis log also.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#43 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 08 July 2007 - 01:56 PM

Hello,

only received that error message once. still receive 'oscheck has encountered a problem and had to shut down'. get this message every time I reboot. used to get a similar message for msmsg.exe but that occurs only infrequently now.

here is the log file

Logfile of HijackThis v1.99.1
Scan saved at 13:50, on 2007-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Startup: Product Registration.lnk = D:\ATR1.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0 CE\Distillr\acrotray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.dudes.org
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.c...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner....leanerstart.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - https://vapwdb.ops.p...quicksilver.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.h...ctDetection.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...p/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigne...p/view22rte.cab
O18 - Protocol: bw+0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {09EF3CE1-4347-4FA3-952D-11C17912250F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

thanks.

#44 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 08 July 2007 - 05:50 PM

Hi,

This should take care of that:

Please run Notepad and paste the following text into a new file, do not include the word ‘quote’:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"osCheck"=-



Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Let me know if the message stops.

jedi
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#45 Allikat

Allikat

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 10 July 2007 - 12:44 PM

Hello.

The error message is gone. Guess we're finally done? Thanks for all your efforts, you were terrific.

Regards

#46 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 10 July 2007 - 12:46 PM

You're welcome. :D

In order to be better protected in the future, I recommend the following programs:

SpywareBlaster protects against bad ActiveX.
http://www.javacools...areblaster.html

SpywareGuard stops Spyware from being installed.
http://www.javacools...ywareguard.html

Also install the MVPS hosts file:
http://www.mvps.org/...p2002/hosts.htm
which blocks innocent looking sites that are not so innocent.

All three are very small free programs that you run once, and then just occasionally to check for updates.

Also see
How did I get Infected?

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking
here http://v4.windowsupdate.microsoft.com/
and following the prompts.

Take care.

jedi :wave:
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#47 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Emeritus
  • PipPipPipPipPip
  • 15,830 posts

Posted 14 July 2007 - 12:39 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button