Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91736 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Vundo.DVS


  • This topic is locked This topic is locked
2 replies to this topic

#1 leta

leta

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 16 April 2008 - 06:19 PM

Here is my HJT Log... The virus is Vundo.DVS.. I was dumb and allowed a process...
Just in case you will get me to run combofix for some reason it says I do not have permission to run it even though I am on the computer administrator account (the only account)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\WhatPulse\Nolag.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\iPhoneRingToneMaker\iPhoneRingToneMaker.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Xfire\xfire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhatPulse] F:\Program Files\WhatPulse\Nolag.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205716670390
O18 - Protocol: bw+0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {20923E2A-6327-49E5-9E5F-1D30A3386E55} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

Edited by leta, 16 April 2008 - 06:57 PM.

    Advertisements

Register to Remove


#2 leta

leta

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 17 April 2008 - 07:38 AM

Here is my combo fix log...

ComboFix 08-04-16.2 - John 2008-04-17 0:08:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1550 [GMT -5:00]
Running from: C:\Documents and Settings\John\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ddcBRhIb.dll
C:\WINDOWS\system32\ddcCTnMc.dll
C:\WINDOWS\system32\opnlKCvw.dll
C:\WINDOWS\system32\pmnoMcAS.dll
C:\WINDOWS\system32\SAcMonmp.ini
C:\WINDOWS\system32\SAcMonmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-16 23:08 . 2008-04-16 23:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-16 22:02 . 2008-04-16 22:02 <DIR> d-------- C:\VundoFix Backups
2008-04-16 21:18 . 2008-04-16 21:58 153 --a------ C:\WINDOWS\wininit.ini
2008-04-16 20:29 . 2008-04-16 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-15 23:12 . 2004-08-17 22:14 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-04-14 21:06 . 2008-04-14 21:06 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-09 21:50 . 2008-04-16 18:25 <DIR> d-------- C:\Documents and Settings\John\Application Data\iPhoneRingToneMaker
2008-04-09 01:13 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-04-09 01:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-09 01:13 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-09 01:13 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-04-07 12:52 . 2008-04-07 12:52 <DIR> d-------- C:\Program Files\Safari
2008-04-07 12:47 . 2008-04-07 12:47 <DIR> d-------- C:\Program Files\iPod
2008-04-06 12:34 . 2008-04-06 12:35 <DIR> d-------- C:\Program Files\QuickTime
2008-04-02 18:26 . 2008-04-02 18:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-31 16:25 . 2008-03-31 16:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 16:25 . 2008-03-31 16:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 16:25 . 2008-03-31 16:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 16:25 . 2008-03-31 16:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 16:25 . 2008-03-31 16:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-27 19:48 . 2008-03-27 19:48 <DIR> d-------- C:\Documents and Settings\John\Application Data\InterVideo
2008-03-24 15:37 . 2008-03-24 15:37 <DIR> d-------- C:\Documents and Settings\John\Application Data\Leadertech
2008-03-24 15:26 . 2008-03-24 15:26 <DIR> d-------- C:\Documents and Settings\John\Application Data\Atari
2008-03-24 15:23 . 2008-03-24 15:23 <DIR> d-------- C:\RCT3
2008-03-24 15:16 . 2008-03-24 15:16 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-03-24 15:16 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-03-24 14:55 . 2008-04-07 08:11 <DIR> d-------- C:\Documents and Settings\John\Application Data\U3
2008-03-21 20:03 . 2008-03-21 20:03 <DIR> d-------- C:\Documents and Settings\John\Application Data\InstallShield
2008-03-21 15:30 . 2008-03-21 15:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-03-21 15:30 . 2008-03-21 15:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-03-21 15:30 . 2008-03-21 15:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-03-21 00:27 . 2008-03-21 00:27 <DIR> d-------- C:\Documents and Settings\John\Application Data\Microsoft Games
2008-03-21 00:24 . 2008-03-21 00:24 <DIR> d-------- C:\Documents and Settings\John\Application Data\DivX
2008-03-20 23:58 . 2008-03-20 23:58 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-03-20 23:58 . 2008-03-20 23:58 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-03-20 23:12 . 2007-07-19 20:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-03-20 23:12 . 2007-07-19 20:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-03-20 23:12 . 2007-07-19 20:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-03-20 21:19 . 2008-03-20 22:23 285 --a------ C:\WINDOWS\EReg072.dat
2008-03-20 21:18 . 1998-09-02 03:02 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2008-03-20 21:18 . 1998-08-26 23:51 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2008-03-20 21:18 . 1998-09-02 03:28 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2008-03-20 21:18 . 1998-09-02 03:28 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2008-03-20 21:18 . 1998-08-17 04:21 11,776 --a------ C:\WINDOWS\system32\mciqtz.drv
2008-03-20 21:18 . 1998-08-17 04:21 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2008-03-20 21:18 . 1998-08-17 04:21 5,672 --a------ C:\WINDOWS\system32\quartz.vxd
2008-03-20 21:18 . 2008-03-20 21:18 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2008-03-20 21:18 . 2008-03-20 21:18 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2008-03-20 20:58 . 2008-03-20 20:58 <DIR> dr-h----- C:\Documents and Settings\John\Application Data\SecuROM
2008-03-20 20:32 . 2008-03-20 20:32 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-03-18 23:32 . 2008-04-16 23:10 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-17 20:08 . 2008-03-17 20:08 <DIR> d-------- C:\Documents and Settings\John\WINDOWS
2008-03-17 20:08 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-17 20:08 . 1998-08-20 06:02 140,800 --a------ C:\WINDOWS\system32\tm20dec.ax
2008-03-17 18:19 . 2004-03-13 00:41 156,800 --a------ C:\WINDOWS\system32\drivers\d346bus.sys
2008-03-17 18:19 . 2004-03-13 00:41 5,248 --a------ C:\WINDOWS\system32\drivers\d346prt.sys
2008-03-17 15:32 . 2003-07-20 22:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-03-17 15:32 . 2005-01-04 13:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-03-17 14:46 . 2008-03-17 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-17 14:41 . 2005-08-11 17:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-03-17 10:59 . 2007-07-30 21:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-17 10:59 . 2007-07-30 21:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-17 10:30 . 2008-04-13 15:22 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-17 01:25 . 2008-03-17 01:25 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-03-17 01:08 . 2008-03-17 01:08 <DIR> d-------- C:\Documents and Settings\John\.netbeans-registration
2008-03-17 00:54 . 2004-08-04 01:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-17 00:39 . 2008-03-17 00:39 <DIR> d-------- C:\Program Files\Sun
2008-03-17 00:38 . 2008-02-22 04:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-17 00:16 . 2008-03-17 01:09 <DIR> d-------- C:\Documents and Settings\John\.nbi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 04:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-17 02:40 --------- d-----w C:\Documents and Settings\John\Application Data\Xfire
2008-04-16 23:22 --------- d-----w C:\Documents and Settings\John\Application Data\Azureus
2008-04-10 03:45 --------- d-----w C:\Documents and Settings\John\Application Data\Apple Computer
2008-04-08 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-31 12:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-18 03:29 --------- d-----w C:\Documents and Settings\John\Application Data\Ventrilo
2008-03-17 19:41 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 05:38 --------- d-----w C:\Program Files\Java
2008-03-17 04:30 22,328 ----a-w C:\Documents and Settings\John\Application Data\PnkBstrK.sys
2008-03-17 03:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-17 03:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-17 02:41 --------- d-----w C:\Program Files\Electronic Arts
2008-03-17 02:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-17 01:30 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-17 01:29 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-17 00:50 --------- d-----w C:\Program Files\MSBuild
2008-03-17 00:50 --------- d-----w C:\Program Files\Microsoft Works
2008-03-17 00:49 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-17 00:47 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-03-17 00:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2008-03-17 00:01 --------- d-----w C:\Program Files\AIRFLO
2008-03-16 23:53 --------- d-----w C:\Program Files\Steel Sound 5H USB
2008-03-16 23:43 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-03-16 23:41 --------- d-----w C:\Program Files\Creative
2008-03-16 23:35 --------- d-----w C:\Program Files\Logitech
2008-03-16 23:35 --------- d-----w C:\Program Files\Common Files\FotoWire
2008-03-16 23:35 --------- d-----w C:\Documents and Settings\John\Application Data\FotoWire
2008-03-16 23:33 --------- d-----w C:\Program Files\Common Files\Logitech
2008-03-16 23:29 --------- d-----w C:\Documents and Settings\John\Application Data\Logitech
2008-03-16 22:58 --------- d-----w C:\Program Files\Common Files\Java
2008-03-16 22:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-03-16 21:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-16 21:55 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-03-16 21:48 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-16 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-16 21:39 --------- d-----w C:\Program Files\Windows Live
2008-03-16 21:21 --------- d-----w C:\Documents and Settings\John\Application Data\acccore
2008-03-16 21:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-03-16 21:19 --------- d-----w C:\Program Files\Viewpoint
2008-03-16 21:19 --------- d-----w C:\Program Files\AIM6
2008-03-16 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-16 21:18 --------- d-----w C:\Program Files\Common Files\AOL
2008-03-16 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-16 21:16 --------- d-----w C:\Program Files\Bonjour
2008-03-16 21:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-16 21:15 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-16 21:15 --------- d-----w C:\Program Files\Apple Software Update
2008-03-16 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-16 18:58 --------- d-----w C:\Program Files\AC3Filter
2008-03-16 18:45 --------- d-----w C:\Documents and Settings\John\Application Data\BitDefender
2008-03-16 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-03-16 18:44 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-03-16 18:44 --------- d-----w C:\Program Files\BitDefender
2008-03-16 18:34 --------- d-----w C:\Documents and Settings\John\Application Data\ATI
2008-03-16 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-03-16 18:16 --------- d-----w C:\Program Files\ATI Technologies
2008-03-14 16:27 --------- d-----w C:\Program Files\Intel
2008-03-14 16:20 --------- d-----w C:\Program Files\Analog Devices
2008-03-12 03:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-21 02:05 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-21 02:05 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-21 02:05 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-18 18:16 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{131628AB-3A1F-440A-B1A7-56584C732792}]
C:\WINDOWS\system32\pmnmjHax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BB1E273-3B66-4464-B302-8DCCA2D01A2F}]
C:\WINDOWS\system32\hgGxUKBQ.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-03-16 18:27 32768]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 19:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:56 15360]
"WhatPulse"="F:\Program Files\WhatPulse\Nolag.exe" [2006-08-21 12:57 668160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 12:42 585728]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 13:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 19:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 19:37 217088]
"CmUsbSound"="cmcnfgu.cpl" []
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 09:00 33648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 06:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 00:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-03-16 18:42:13 184320]
Logitech Desktop Messenger.lnk - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-16 18:27:11 450560]
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-16 18:25:43 434176]

[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^iPhoneRingToneMaker.lnk]
path=C:\Documents and Settings\John\Start Menu\Programs\Startup\iPhoneRingToneMaker.lnk
backup=C:\WINDOWS\pss\iPhoneRingToneMaker.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 17:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"F:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"F:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"F:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"F:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"F:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"F:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"F:\\Program Files\\iTunes\\iTunes.exe"=

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys [2004-03-13 00:41]
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys [2004-03-13 00:41]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-01-25 17:40]
R3 cmudaxu;C-Media USB Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2005-11-03 01:50]
S3 samhid;samhid;C:\WINDOWS\system32\drivers\samhid.sys [2004-07-14 14:51]
S3 XDva134;XDva134;C:\WINDOWS\system32\XDva134.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3318b68-f7b7-11dc-878c-00112fb9eef3}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 21:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> F:\Program Files\Logitech\SetPoint\GameHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-17 0:25:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 05:25:45

Pre-Run: 67,288,883,200 bytes free
Post-Run: 70,224,965,632 bytes free
.
2008-04-08 22:49:24 --- E O F ---

#3 leta

leta

    New Member

  • Authentic Member
  • Pip
  • 15 posts

Posted 17 April 2008 - 05:57 PM

If someone could just tell me what to write in the script to remove what combofix found I would appreciate it.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users