Thread: [SOLVED] Trojan.vundo, Constant Popups and slowed system.
View Single Post
Old 11-30-2007, 04:39 AM   #1 (permalink)
frantheonlyter
Registered User
 
Join Date: Nov 2007
Posts: 12
OS: Windows XP Home Service Pack 2


[SOLVED] Trojan.vundo, Constant Popups and slowed system.
Hey guys, i've seen on the forum that many people has problems with the trojan.vundo. So hopefully you can help me too. I basically tried everything from Symantec to remove it but nothing successfull. Here is my Highjack this log:

Deckard's System Scanner v20071014.68
Run by Francois on 2007-11-30 13:32:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Francois.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:32:25 PM, on 2007/11/30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\DOCUME~1\Francois\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Francois\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
O2 - BHO: {5cd6cf60-ea93-ecc9-9064-933f34863d00} - {00d36843-f339-4609-9cce-39ae06fc6dc5} - C:\WINDOWS\system32\wjbwruie.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE} - C:\WINDOWS\system32\xxyvvvv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {76EF7DAF-F999-478B-8EC2-B793BC9158F3} - C:\WINDOWS\system32\vtstq.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\fhlqwfbs.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196164825156
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4363C401-3C0E-448C-9EF5-259A8C63E052}: NameServer = 196.25.1.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E4952CD-4C1D-4E45-B3AF-613959D41D0C}: NameServer = 196.43.50.190 196.43.53.190
O17 - HKLM\System\CS1\Services\Tcpip\..\{4363C401-3C0E-448C-9EF5-259A8C63E052}: NameServer = 196.25.1.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{4363C401-3C0E-448C-9EF5-259A8C63E052}: NameServer = 196.25.1.11
O20 - Winlogon Notify: xxyvvvv - C:\WINDOWS\SYSTEM32\xxyvvvv.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13275 bytes

-- Files created between 2007-10-30 and 2007-11-30 -----------------------------

2007-11-30 13:15:27 78912 --a------ C:\WINDOWS\system32\wjbwruie.dll
2007-11-30 13:12:23 84545 --a------ C:\WINDOWS\system32\fhlqwfbs.dll
2007-11-29 20:09:52 0 d-------- C:\Documents and Settings\Francois\Application Data\RegistrySmart
2007-11-29 20:09:45 0 d-------- C:\Program Files\RegistrySmart
2007-11-29 19:49:55 0 d-------- C:\Program Files\Trend Micro
2007-11-29 18:51:10 164 --a------ C:\install.dat
2007-11-29 18:02:28 0 d-------- C:\Program Files\NoAdware5.0
2007-11-29 13:18:29 84545 --a------ C:\WINDOWS\system32\xopdvbvb.dll
2007-11-29 13:17:47 77888 --a------ C:\WINDOWS\system32\mkifttmc.dll
2007-11-29 13:08:11 31900 --a------ C:\WINDOWS\system32\oxafrykn.dll
2007-11-28 21:24:06 0 d--hs---- C:\FOUND.000
2007-11-28 20:27:42 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-11-28 20:27:42 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-11-28 20:27:42 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-11-28 20:27:42 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-28 20:27:42 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-11-28 20:27:42 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-11-28 20:27:42 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-11-28 20:27:42 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-11-28 20:27:42 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-11-28 20:27:42 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-11-28 20:27:42 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-11-28 20:27:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-11-28 20:27:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-28 20:27:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-11-28 20:27:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-11-28 20:27:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-28 20:27:42 0 d-------- C:\Documents and Settings\Administrator\Application Data\Acer
2007-11-28 20:27:41 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-11-28 19:22:12 0 d-------- C:\WINDOWS\pss
2007-11-28 13:09:37 81984 --a------ C:\WINDOWS\system32\uocxxpws.dll
2007-11-27 23:04:52 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 20:58:28 56 -r-hs---- C:\WINDOWS\system32\3557BE4C83.sys
2007-11-27 15:18:24 0 d-------- C:\Program Files\Corel
2007-11-27 15:18:24 0 d-------- C:\Program Files\Common Files\Corel
2007-11-27 15:07:20 0 d-------- C:\Documents and Settings\Francois\Application Data\Corel
2007-11-27 1504 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-27 14:53:10 3610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-27 14:15:32 0 d-------- C:\Program Files\Common Files\L&H
2007-11-27 14:15:04 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-11-27 14:14:18 0 d-------- C:\Program Files\Microsoft Works
2007-11-27 14:13:23 0 d-------- C:\WINDOWS\SHELLNEW
2007-11-27 14:13:15 0 d-------- C:\Program Files\Microsoft.NET
2007-11-27 12:56:09 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-27 12:51:08 104425 --ahs---- C:\WINDOWS\system32\qtstv.ini2
2007-11-27 12:50:45 333408 --a------ C:\WINDOWS\system32\vtstq.dll
2007-11-27 12:48:31 0 d-------- C:\Program Files\Bonjour
2007-11-27 12:45:38 36864 --a------ C:\WINDOWS\system32\xxyvvvv.dll
2007-11-27 12:40:28 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-26 21:59:27 0 d-------- C:\Program Files\EwisoftWeb
2007-11-26 18:54:54 0 d-------- C:\Documents and Settings\Francois\Shared
2007-11-26 18:54:52 0 d-------- C:\Documents and Settings\Francois\Incomplete
2007-11-26 18:54:27 0 d-------- C:\Documents and Settings\Francois\Application Data\LimeWire
2007-11-26 18:54:16 0 d-------- C:\Program Files\LimeWire
2007-11-23 15:36:19 0 d-------- C:\Program Files\Atari
2007-11-22 22:31:37 0 d-------- C:\Documents and Settings\Francois\Application Data\Media Player Classic
2007-11-22 22:30:43 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-11-22 22:30:40 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-11-22 22:30:40 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-22 22:30:40 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-22 22:30:39 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-22 22:30:39 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-22 22:30:39 739840 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-22 22:30:38 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-22 22:30:36 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-11-22 18:56:03 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-22 18:45:19 0 d-------- C:\Program Files\Codemasters
2007-11-22 18:44:56 0 d-------- C:\Documents and Settings\Francois\Application Data\InstallShield
2007-11-22 18:33:41 0 d-------- C:\Documents and Settings\Francois\Application Data\AdobeUM
2007-11-22 18:32:55 0 d-------- C:\Documents and Settings\Francois\Application Data\Adobe
2007-11-21 10:10:34 0 d-------- C:\Program Files\The Witcher
2007-11-20 09:42:38 0 d-------- C:\Documents and Settings\Francois\Application Data\WinRAR
2007-11-20 09:31:55 0 d-------- C:\Program Files\Ubisoft
2007-11-20 09:27:37 0 d-------- C:\Documents and Settings\Francois\Application Data\DAEMON Tools Pro
2007-11-20 09:26:53 0 d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-20 09:24:46 0 d-------- C:\Program Files\DAEMON Tools Pro
2007-11-20 09:22:19 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 09:08:27 0 d--hs---- C:\Recycled
2007-11-20 05:48:49 245824 -ra------ C:\WINDOWS\Instexec.exe <Not Verified; Logitech; Logitech>
2007-11-20 05:48:48 245824 -ra------ C:\WINDOWS\system32\InstExec.exe <Not Verified; Logitech; Logitech>
2007-11-20 05:48:45 0 d-------- C:\Program Files\Common Files\Logitech
2007-11-20 05:48:42 0 d-------- C:\Program Files\Common Files\Acer
2007-11-20 05:48:39 262144 --a------ C:\WINDOWS\system32\ElkCtrl.exe <Not Verified; Logitech Inc.; Logitech Camera Software>
2007-11-20 05:48:39 57344 --a------ C:\WINDOWS\system32\ElkCtlPS.dll <Not Verified; Logitech Inc.; Logitech Camera Software>
2007-11-20 05:48:39 319488 --a------ C:\WINDOWS\system32\CamCplRes.dll <Not Verified; Acer; Acer OrbiCam>
2007-11-20 05:48:37 167936 --a------ C:\WINDOWS\system32\VxLib.dll <Not Verified; Acer; Acer OrbiCam>
2007-11-20 05:48:37 151552 --a------ C:\WINDOWS\system32\VLib.dll <Not Verified; Acer; Acer OrbiCam>
2007-11-20 05:48:35 39424 --a------ C:\WINDOWS\system32\VxLibRes.dll <Not Verified; Acer; Acer OrbiCam>
2007-11-20 05:48:01 258048 --a------ C:\WINDOWS\system32\Uninstall_eRecovery.exe <Not Verified; Acer Inc.; Uninstall_eRecovery.exe>
2007-11-20 05:46:11 61440 --a------ C:\WINDOWS\system32\WanPacket.dll <Not Verified; CACE Technologies; WinPcap low level NetMon wrapper library>
2007-11-20 05:46:11 53299 --a------ C:\WINDOWS\system32\pthreadVC.dll
2007-11-20 05:46:11 78208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
2007-11-20 05:46:11 4096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
2007-11-20 05:46:11 0 d-------- C:\Program Files\WinPCap
2007-11-20 05:46:01 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
2007-11-20 05:45:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-20 05:45:36 61440 --a------ C:\WINDOWS\system32\acerGina.dll <Not Verified; acer; acer eNet Management>
2007-11-20 05:45:09 0 d-------- C:\Program Files\Launch Manager
2007-11-20 05:45:07 49152 --a------ C:\WINDOWS\system32\QtBtLib.dll <Not Verified; Dritek System Inc.; Dritek System Inc. QtBtLib.DLL>
2007-11-20 05:43:55 225350 --a------ C:\WINDOWS\system32\Epm-Po.dll <Not Verified; Acer Labs USA; EPM-PO Dynamic Link Library>
2007-11-20 05:43:55 53248 --a------ C:\WINDOWS\system32\acpimof.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-20 05:43:14 0 d-------- C:\Documents and Settings\Francois\Bluetooth Software
2007-11-20 05:38:16 0 d-------- C:\Program Files\WIDCOMM
2007-11-20 05:38:03 0 d-------- C:\Documents and Settings\Francois\Application Data\ATI
2007-11-20 05:31:37 0 d-------- C:\Program Files\ATI Technologies
2007-11-20 05:31:21 0 d-------- C:\WINDOWS\Acer
2007-11-20 05:31:21 0 d-------- C:\Documents and Settings\Francois\Application Data\Macromedia
2007-11-20 05:30:55 0 d-------- C:\Documents and Settings\Francois\Application Data\Symantec
2007-11-20 05:30:55 0 d-------- C:\Documents and Settings\Francois\Application Data\CyberLink
2007-11-20 05:30:54 0 d--h----- C:\Documents and Settings\Francois\Templates
2007-11-20 05:30:54 0 dr------- C:\Documents and Settings\Francois\Start Menu
2007-11-20 05:30:54 0 dr-h----- C:\Documents and Settings\Francois\SendTo
2007-11-20 05:30:54 0 dr-h----- C:\Documents and Settings\Francois\Recent
2007-11-20 05:30:54 0 d--h----- C:\Documents and Settings\Francois\PrintHood
2007-11-20 05:30:54 0 d--h----- C:\Documents and Settings\Francois\NetHood
2007-11-20 05:30:54 0 dr------- C:\Documents and Settings\Francois\My Documents
2007-11-20 05:30:54 0 d--h----- C:\Documents and Settings\Francois\Local Settings
2007-11-20 05:30:54 0 dr------- C:\Documents and Settings\Francois\Favorites
2007-11-20 05:30:54 0 d-------- C:\Documents and Settings\Francois\Desktop
2007-11-20 05:30:54 0 d--hs---- C:\Documents and Settings\Francois\Cookies
2007-11-20 05:30:54 0 d--h----- C:\Documents and Settings\Francois\Application Data
2007-11-20 05:30:54 0 d-------- C:\Documents and Settings\Francois\Application Data\Identities
2007-11-20 05:30:54 0 d-------- C:\Documents and Settings\Francois\Application Data\Acer
2007-11-20 05:30:53 2883584 --ah----- C:\Documents and Settings\Francois\NTUSER.DAT
2007-11-20 05:29:58 0 d--hs---- C:\System Volume Information
2007-11-20 05:29:56 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-11-19 23:40:44 0 d-------- C:\99e9811aee5d7c19ce39
2007-11-19 23:40:13 0 d-------- C:\dd431b120bd64c79a82fe77c2854
2007-11-19 23:39:24 0 d-------- C:\WINDOWS\network diagnostic
2007-11-19 23:32:12 0 d-------- C:\Program Files\MSBuild
2007-11-19 23:28:46 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-11-19 23:28:11 0 d-------- C:\Program Files\Reference Assemblies
2007-11-19 23:26:55 0 d-------- C:\00c459a3d6372ad244
2007-11-19 23:24:01 0 d-------- C:\Program Files\MSXML 4.0
2007-11-19 23:21:40 0 d-------- C:\Program Files\MSXML 6.0
2007-11-19 23:20:33 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-19 23:20:04 0 d-------- C:\0855391250bcf20f7b
2007-11-19 23:19:23 0 d-------- C:\61e3285527d42833fdac
2007-11-19 23:19:21 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-19 23:19:21 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-19 23:13:57 0 d-------- C:\WINDOWS\RegisteredPackages
2007-11-19 21:42:16 0 d-------- C:\WINDOWS\Sun
2007-11-19 21:42:16 0 d-------- C:\Documents and Settings\Francois\Application Data\Sun
2007-11-19 21:41:14 0 d-------- C:\Program Files\Java
2007-11-19 21:33:23 0 d-------- C:\Program Files\Common Files\Java
2007-11-19 21:12:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-11-19 21:11:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-11-19 2133 0 d-------- C:\Documents and Settings\NetworkService\Start Menu
2007-11-19 2118 0 d--hs---- C:\Documents and Settings\Francois\UserData
2007-11-19 2112 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-11-19 20:23:15 159821 --a------ C:\WINDOWS\EMEAPAGE.EXE
2007-11-19 20:23:15 180224 --a------ C:\WINDOWS\ADDITEM.EXE <Not Verified; Acer Inc.; AddItem.exe>
2007-11-19 19:29:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-11-19 19:29:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-11-19 19:29:52 0 d-------- C:\Documents and Settings\Default User\Application Data\CyberLink
2007-11-19 19:29:52 0 d-------- C:\Documents and Settings\Default User\Application Data\Acer


-- Find3M Report ---------------------------------------------------------------

2007-11-19 20:23:16 1123 --a------ C:\WINDOWS\HotFix.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00d36843-f339-4609-9cce-39ae06fc6dc5}]
2007/11/30 01:15 PM 78912 --a------ C:\WINDOWS\system32\wjbwruie.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE}]
2007/11/27 12:45 PM 36864 --a------ C:\WINDOWS\system32\xxyvvvv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76EF7DAF-F999-478B-8EC2-B793BC9158F3}]
2007/11/27 12:51 PM 333408 --a------ C:\WINDOWS\system32\vtstq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005/11/02 12:11 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005/11/02 12:11 AM]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005/12/13 09:31 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004/08/04 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004/08/04 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/04 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004/08/04 05:00 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005/11/03 12:25 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005/11/03 12:22 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005/11/03 12:26 AM]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005/10/24 04:45 PM]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005/12/27 03:50 PM]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005/05/11 05:15 PM]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007/01/22 10:19 PM]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" []
"RTHDCPL"="RTHDCPL.EXE" [2006/04/04 02:44 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005/05/03 03:43 AM C:\WINDOWS\Alcmtr.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005/08/24 11:21 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006/01/02 05:41 PM]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006/05/09 11:54 AM]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006/05/08 06:41 PM]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006/04/03 05:03 PM]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006/01/24 06:00 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006/03/31 10:47 AM]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006/03/31 10:24 AM]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006/03/31 10:32 AM]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004/11/01 05:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007/09/25 01:11 AM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007/03/12 06:30 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005/08/11 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005/08/11 04:30 PM]
"320d18a1"="C:\WINDOWS\system32\fhlqwfbs.dll" [2007/11/30 01:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004/10/13 06:24 PM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007/09/06 03:08 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/04 05:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004/12/14 04:44:06 AM]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006/01/17 10:45:32 AM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007/11/27 02:47:48 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1A589AA6-EDDD-4552-AB9A-4EDFF5CDD7DE}"= C:\WINDOWS\system32\xxyvvvv.dll [2007/11/27 12:45 PM 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyvvvv]
xxyvvvv.dll 2007/11/27 12:45 PM 36864 C:\WINDOWS\system32\xxyvvvv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstq.dll

*Newly Created Service* - INT15.SYS



-- End of Deckard's System Scanner: finished at 2007-11-30 13:33:44 ------------
Attached Files
File Type: txt extra.txt (19.1 KB, 2 views)
frantheonlyter is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here