Tech Support Forum - View Single Post - [SOLVED] Trojan.vundo, Constant Popups and slowed system.

frantheonlyter · 12-06-2007, 11:24 AM

Hello again. I'm very sorry for not replying sooner!! But I got home as soon as I could and here is my new logs. The computer seems o.k. The popups are a lot less. Maybe once everytime I browse or twice and Norton is not giving any warnings. Here is my new logs. From now on I'll be replying everyday!

Here is my logs:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:14 PM, on 2007/12/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\DOCUME~1\Francois\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\Francois.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salestronics.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dsl-cache.saix.net:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35A2EE48-9FA3-4C88-A66C-AB897F224865} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196164825156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12923 bytes

ComboFix:

ComboFix 07-12-02.7 - Francois 2007-12-05 15:21:48.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.477 [GMT 2:00]
Running from: C:\Documents and Settings\Francois\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Francois\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\gvphmpdh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\oxafrykn.dll
C:\WINDOWS\system32\sbfwqlhf.ini
C:\WINDOWS\system32\vtstq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Francois\Application Data\LimeWire
C:\Documents and Settings\Francois\Application Data\LimeWire\414splashfree.png
C:\Documents and Settings\Francois\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Francois\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Francois\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Francois\Application Data\LimeWire\filters.props
C:\Documents and Settings\Francois\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Francois\Application Data\LimeWire\installation.props
C:\Documents and Settings\Francois\Application Data\LimeWire\library.dat
C:\Documents and Settings\Francois\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Francois\Application Data\LimeWire\mojito.props
C:\Documents and Settings\Francois\Application Data\LimeWire\questions.props
C:\Documents and Settings\Francois\Application Data\LimeWire\responses.cache
C:\Documents and Settings\Francois\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Francois\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Francois\Application Data\LimeWire\tables.props
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\notsearching.png
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\splashpro.png
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Francois\Application Data\LimeWire\version.xml
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\video.xsd
C:\Documents and Settings\Francois\Incomplete
C:\Documents and Settings\Francois\Incomplete\downloads.bak
C:\Documents and Settings\Francois\Incomplete\downloads.dat
C:\Documents and Settings\Francois\Shared
C:\VundoFix Backups
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\gvphmpdh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\oxafrykn.dll
C:\WINDOWS\system32\sbfwqlhf.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))
.

2007-12-04 23:40 . 2007-12-05 15:21 6,751 --ahs---- C:\WINDOWS\system32\nqtwa.ini2
2007-11-30 15:56 . 2007-11-30 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Program Files\RegistrySmart
2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\RegistrySmart
2007-11-29 19:49 . 2007-11-29 19:49 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-29 19:47 . 2007-11-29 19:48 <DIR> d-------- C:\Deckard
2007-11-29 19:33 . 2007-11-29 19:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-29 19:32 . 2007-11-29 19:46 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-29 18:51 . 2007-11-29 18:51 164 --a------ C:\install.dat
2007-11-28 21:24 . 2007-11-28 21:24 <DIR> d--hs---- C:\FOUND.000
2007-11-28 20:27 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-28 20:27 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-28 20:27 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Acer
2007-11-27 23:04 . 2007-11-27 23:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 21:10 . 2007-11-27 21:11 38 --a------ C:\WINDOWS\avisplitter.INI
2007-11-27 21:00 . 2007-11-27 21:00 46,360 --a------ C:\WINDOWS\FontData.fdb
2007-11-27 20:58 . 2007-11-27 20:58 56 -r-hs---- C:\WINDOWS\system32\3557BE4C83.sys
2007-11-27 15:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-27 15:35 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Corel
2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Common Files\Corel
2007-11-27 15:07 . 2007-11-27 15:07 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Corel
2007-11-27 15:06 . 2007-11-27 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-27 14:53 . 2007-11-27 20:58 3,610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-11-27 14:29 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-11-27 14:29 . 2007-11-27 14:41 376 --a------ C:\WINDOWS\ODBC.INI
2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-11-27 14:14 . 2007-11-27 14:14 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-27 12:56 . 2007-11-27 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-27 12:48 . 2007-11-27 12:48 <DIR> d-------- C:\Program Files\Bonjour
2007-11-27 12:40 . 2007-11-27 12:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-26 21:59 . 2007-11-26 21:59 <DIR> d-------- C:\Program Files\EwisoftWeb
2007-11-23 15:36 . 2007-11-23 15:36 <DIR> d-------- C:\Program Files\Atari
2007-11-22 22:31 . 2007-11-22 22:31 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Media Player Classic
2007-11-22 22:30 . 2007-11-22 22:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-22 18:56 . 2007-11-22 18:56 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-11-22 18:45 . 2007-11-22 18:45 <DIR> d-------- C:\Program Files\Codemasters
2007-11-22 18:44 . 2007-11-22 18:44 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\InstallShield
2007-11-22 18:33 . 2007-11-22 18:33 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\AdobeUM
2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys
2007-11-21 10:10 . 2007-11-21 10:10 <DIR> d-------- C:\Program Files\The Witcher
2007-11-20 09:35 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-11-20 09:35 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-11-20 09:35 . 2007-11-21 10:20 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-20 09:35 . 2007-11-20 09:35 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-20 09:31 . 2007-11-20 09:31 <DIR> d-------- C:\Program Files\Ubisoft
2007-11-20 09:27 . 2007-11-20 09:27 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\DAEMON Tools Pro
2007-11-20 09:26 . 2007-11-20 09:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2007-11-20 09:24 . 2007-11-20 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2007-11-20 09:22 . 2007-11-20 09:22 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-11-20 09:18 . 2004-08-04 05:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-20 09:08 . 2007-11-20 09:08 <DIR> d--hs---- C:\Recycled
2007-11-20 08:57 . 2007-08-20 12:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-20 08:57 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-20 08:57 . 2007-03-08 07:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-20 08:57 . 2007-08-20 12:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-20 08:57 . 2007-08-20 12:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-20 08:57 . 2007-08-20 12:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-20 08:57 . 2007-08-20 12:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-20 08:57 . 2007-08-20 12:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-20 08:57 . 2007-08-17 12:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-20 05:53 . 2007-12-05 15:07 343 --a------ C:\WINDOWS\system32\eRLog.ini
2007-11-20 05:52 . 2007-11-20 05:52 92 --a------ C:\WINDOWS\GridV.UNI
2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Acer
2007-11-20 05:46 . 2007-11-20 05:46 <DIR> d-------- C:\Program Files\WinPCap
2007-11-20 05:46 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys
2007-11-20 05:46 . 2007-11-20 05:46 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-11-20 05:46 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys
2007-11-20 05:45 . 2007-11-20 05:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Program Files\Launch Manager
2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-11-20 05:45 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll
2007-11-20 05:45 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll
2007-11-20 05:45 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2007-11-20 05:45 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2007-11-20 05:45 . 2007-11-20 05:45 83 --a------ C:\WINDOWS\QtZgAcer.UNI
2007-11-20 05:45 . 2007-11-20 05:45 0 --a------ C:\WINDOWS\NT.INI
2007-11-20 05:43 . 2007-11-20 05:43 <DIR> d-------- C:\Documents and Settings\Francois\Bluetooth Software
2007-11-20 05:43 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2007-11-20 05:43 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Program Files\WIDCOMM
2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\ATI
2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\WINDOWS\Acer
2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\Program Files\ATI Technologies
2007-11-20 05:30 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Symantec
2007-11-20 05:30 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\CyberLink
2007-11-20 05:30 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Acer
2007-11-20 05:29 . 2003-09-03 15:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-11-20 05:29 . 2003-09-03 15:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink
2007-11-20 05:29 . 2003-09-03 15:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
2007-11-20 00:20 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\SET89.tmp
2007-11-20 00:20 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\SET87.tmp
2007-11-20 00:20 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\SET8A.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-19 20:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-11-19 20:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-01 12:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-10-01 12:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-09-28 15:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 15:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 15:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35A2EE48-9FA3-4C88-A66C-AB897F224865}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" []
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 C:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-27 14:47:48]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtqn.dll

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys
R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys
R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys
S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-26 16:57:10 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Francois.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2007-11-29 18:09:58 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 15:27:43
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 15:29:08 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-04 23:41
.
--- E O F ---

Panda Online Scan:

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Francois\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Francois\Desktop\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Francois\Cookies\francois@hotlog[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Francois\Cookies\francois@serving-sys[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Francois\Cookies\francois@advertising[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Francois\Cookies\francois@overture[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Francois\Cookies\francois@adserver.easyad[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Francois\Cookies\francois@adtech[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Francois\Cookies\francois@anm.co[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Francois\Cookies\francois@fortunecity[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Francois\Cookies\francois@com[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Francois\Cookies\francois@atdmt[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Francois\Cookies\francois@ads.pointroll[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Francois\Cookies\francois@questionmarket[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Francois\Cookies\francois@server.iad.liveperson[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Francois\Cookies\francois@statcounter[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Francois\Cookies\francois@bs.serving-sys[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Francois\Cookies\francois@tribalfusion[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Francois\Cookies\francois@doubleclick[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\LNPVKJXE.EXE
Virus:Trj/Downloader.PJT Disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\DUUWRCWE.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\PSFEKLDI.EXE
Virus:Trj/Downloader.PJT Disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\VRTXQOGA.EXE
Spyware:Spyware/Virtumonde Not disinfected C:\QOOBOX\Quarantine\C\WINDOWS\SYSTEM32\mkifttmc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QOOBOX\Quarantine\catchme2007-12-04_233808.82.zip[xxyvvvv.dll]

12-06-2007, 11:24 AM	#7 (permalink)
frantheonlyter Registered User Join Date: Nov 2007 Posts: 12 OS: Windows XP Home Service Pack 2	Re: Trojan.vundo, Constant Popups and slowed system. Hello again. I'm very sorry for not replying sooner!! But I got home as soon as I could and here is my new logs. The computer seems o.k. The popups are a lot less. Maybe once everytime I browse or twice and Norton is not giving any warnings. Here is my new logs. From now on I'll be replying everyday! Here is my logs: HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:04:14 PM, on 2007/12/06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\Program Files\Bonjour\mDNSResponder.exe c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\DOCUME~1\Francois\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\Francois.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.salestronics.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aceradvantage.com/stdreg R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = dsl-cache.saix.net:8080 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {35A2EE48-9FA3-4C88-A66C-AB897F224865} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" O4 - HKLM\..\Run: [ntiMUI] "C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\SymProbe.exe -r "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Acer\OrbiCam\InstallHelper.exe" /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] "C:\WINDOWS\system32\ElkCtrl.exe" /automation O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196164825156 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12923 bytes ComboFix: ComboFix 07-12-02.7 - Francois 2007-12-05 15:21:48.2 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.477 [GMT 2:00] Running from: C:\Documents and Settings\Francois\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Francois\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\gvphmpdh.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nqtwa.ini C:\WINDOWS\system32\oxafrykn.dll C:\WINDOWS\system32\sbfwqlhf.ini C:\WINDOWS\system32\vtstq.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Francois\Application Data\LimeWire C:\Documents and Settings\Francois\Application Data\LimeWire\414splashfree.png C:\Documents and Settings\Francois\Application Data\LimeWire\createtimes.cache C:\Documents and Settings\Francois\Application Data\LimeWire\fileurns.bak C:\Documents and Settings\Francois\Application Data\LimeWire\fileurns.cache C:\Documents and Settings\Francois\Application Data\LimeWire\filters.props C:\Documents and Settings\Francois\Application Data\LimeWire\gnutella.net C:\Documents and Settings\Francois\Application Data\LimeWire\installation.props C:\Documents and Settings\Francois\Application Data\LimeWire\library.dat C:\Documents and Settings\Francois\Application Data\LimeWire\limewire.props C:\Documents and Settings\Francois\Application Data\LimeWire\mojito.props C:\Documents and Settings\Francois\Application Data\LimeWire\questions.props C:\Documents and Settings\Francois\Application Data\LimeWire\responses.cache C:\Documents and Settings\Francois\Application Data\LimeWire\simpp.xml C:\Documents and Settings\Francois\Application Data\LimeWire\spam.dat C:\Documents and Settings\Francois\Application Data\LimeWire\tables.props C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme.lwtp C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\01_star.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\02_star.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\03_star.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\04_star.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\05_star.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\chat.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\forward_dn.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\forward_up.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\kill.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\kill_on.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\logo.png C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\notsearching.png C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\pause_dn.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\pause_up.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\play_dn.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\play_up.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\question.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\rewind_up.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\searching.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\splash.png C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\splashpro.png C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\stop_dn.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\stop_up.gif C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\theme.txt C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\version.txt C:\Documents and Settings\Francois\Application Data\LimeWire\themes\windows_theme\warning.gif C:\Documents and Settings\Francois\Application Data\LimeWire\ttree.cache C:\Documents and Settings\Francois\Application Data\LimeWire\version.xml C:\Documents and Settings\Francois\Application Data\LimeWire\xml\data\delete_me C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\application.gif C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\audio.gif C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\document.gif C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\image.gif C:\Documents and Settings\Francois\Application Data\LimeWire\xml\misc\video.gif C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\application.xsd C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\audio.xsd C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\document.xsd C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\image.xsd C:\Documents and Settings\Francois\Application Data\LimeWire\xml\schemas\video.xsd C:\Documents and Settings\Francois\Incomplete C:\Documents and Settings\Francois\Incomplete\downloads.bak C:\Documents and Settings\Francois\Incomplete\downloads.dat C:\Documents and Settings\Francois\Shared C:\VundoFix Backups C:\WINDOWS\system32\awtqn.dll C:\WINDOWS\system32\gvphmpdh.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nqtwa.ini C:\WINDOWS\system32\oxafrykn.dll C:\WINDOWS\system32\sbfwqlhf.ini . ((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))) . 2007-12-04 23:40 . 2007-12-05 15:21 6,751 --ahs---- C:\WINDOWS\system32\nqtwa.ini2 2007-11-30 15:56 . 2007-11-30 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Program Files\RegistrySmart 2007-11-29 20:09 . 2007-11-29 20:09 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\RegistrySmart 2007-11-29 19:49 . 2007-11-29 19:49 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-29 19:47 . 2007-11-29 19:48 <DIR> d-------- C:\Deckard 2007-11-29 19:33 . 2007-11-29 19:46 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-29 19:32 . 2007-11-29 19:46 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-29 18:51 . 2007-11-29 18:51 164 --a------ C:\install.dat 2007-11-28 21:24 . 2007-11-28 21:24 <DIR> d--hs---- C:\FOUND.000 2007-11-28 20:27 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2007-11-28 20:27 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink 2007-11-28 20:27 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Acer 2007-11-27 23:04 . 2007-11-27 23:04 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-27 21:10 . 2007-11-27 21:11 38 --a------ C:\WINDOWS\avisplitter.INI 2007-11-27 21:00 . 2007-11-27 21:00 46,360 --a------ C:\WINDOWS\FontData.fdb 2007-11-27 20:58 . 2007-11-27 20:58 56 -r-hs---- C:\WINDOWS\system32\3557BE4C83.sys 2007-11-27 15:35 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-11-27 15:35 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Corel 2007-11-27 15:18 . 2007-11-27 15:18 <DIR> d-------- C:\Program Files\Common Files\Corel 2007-11-27 15:07 . 2007-11-27 15:07 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Corel 2007-11-27 15:06 . 2007-11-27 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-27 14:53 . 2007-11-27 20:58 3,610 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-11-27 14:29 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-27 14:29 . 2007-11-27 14:41 376 --a------ C:\WINDOWS\ODBC.INI 2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-11-27 14:15 . 2007-11-27 14:15 <DIR> d-------- C:\Program Files\Common Files\L&H 2007-11-27 14:14 . 2007-11-27 14:14 <DIR> d-------- C:\Program Files\Microsoft Works 2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-11-27 14:13 . 2007-11-27 14:13 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-11-27 12:56 . 2007-11-27 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-27 12:48 . 2007-11-27 12:48 <DIR> d-------- C:\Program Files\Bonjour 2007-11-27 12:40 . 2007-11-27 12:40 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2007-11-26 21:59 . 2007-11-26 21:59 <DIR> d-------- C:\Program Files\EwisoftWeb 2007-11-23 15:36 . 2007-11-23 15:36 <DIR> d-------- C:\Program Files\Atari 2007-11-22 22:31 . 2007-11-22 22:31 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Media Player Classic 2007-11-22 22:30 . 2007-11-22 22:30 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-11-22 18:56 . 2007-11-22 18:56 <DIR> d-------- C:\Program Files\Common Files\DirectX 2007-11-22 18:45 . 2007-11-22 18:45 <DIR> d-------- C:\Program Files\Codemasters 2007-11-22 18:44 . 2007-11-22 18:44 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\InstallShield 2007-11-22 18:33 . 2007-11-22 18:33 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\AdobeUM 2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2007-11-21 15:13 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys 2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2007-11-21 15:13 . 2004-08-04 05:00 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys 2007-11-21 10:10 . 2007-11-21 10:10 <DIR> d-------- C:\Program Files\The Witcher 2007-11-20 09:35 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-20 09:35 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-11-20 09:35 . 2007-11-21 10:20 278,984 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-11-20 09:35 . 2007-11-20 09:35 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-11-20 09:31 . 2007-11-20 09:31 <DIR> d-------- C:\Program Files\Ubisoft 2007-11-20 09:27 . 2007-11-20 09:27 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\DAEMON Tools Pro 2007-11-20 09:26 . 2007-11-20 09:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro 2007-11-20 09:24 . 2007-11-20 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Pro 2007-11-20 09:22 . 2007-11-20 09:22 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-20 09:18 . 2004-08-04 05:00 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys 2007-11-20 09:08 . 2007-11-20 09:08 <DIR> d--hs---- C:\Recycled 2007-11-20 08:57 . 2007-08-20 12:04 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-11-20 08:57 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-11-20 08:57 . 2007-03-08 07:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-11-20 08:57 . 2007-08-20 12:04 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-11-20 08:57 . 2007-08-20 12:04 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-11-20 08:57 . 2007-08-20 12:04 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-11-20 08:57 . 2007-08-20 12:04 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-11-20 08:57 . 2007-08-20 12:04 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-11-20 08:57 . 2007-08-17 12:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-11-20 05:53 . 2007-12-05 15:07 343 --a------ C:\WINDOWS\system32\eRLog.ini 2007-11-20 05:52 . 2007-11-20 05:52 92 --a------ C:\WINDOWS\GridV.UNI 2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-11-20 05:48 . 2007-11-20 05:48 <DIR> d-------- C:\Program Files\Common Files\Acer 2007-11-20 05:46 . 2007-11-20 05:46 <DIR> d-------- C:\Program Files\WinPCap 2007-11-20 05:46 . 2006-01-23 12:41 78,208 --a------ C:\WINDOWS\system32\drivers\epm-shd.sys 2007-11-20 05:46 . 2007-11-20 05:46 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-20 05:46 . 2006-01-23 12:41 4,096 --a------ C:\WINDOWS\system32\drivers\epm-psd.sys 2007-11-20 05:45 . 2007-11-20 05:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel 2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Program Files\Launch Manager 2007-11-20 05:45 . 2007-11-20 05:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel 2007-11-20 05:45 . 2006-04-10 10:09 61,440 --a------ C:\WINDOWS\system32\acerGina.dll 2007-11-20 05:45 . 2002-12-19 15:58 49,152 --a------ C:\WINDOWS\system32\QtBtLib.dll 2007-11-20 05:45 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS 2007-11-20 05:45 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL 2007-11-20 05:45 . 2007-11-20 05:45 83 --a------ C:\WINDOWS\QtZgAcer.UNI 2007-11-20 05:45 . 2007-11-20 05:45 0 --a------ C:\WINDOWS\NT.INI 2007-11-20 05:43 . 2007-11-20 05:43 <DIR> d-------- C:\Documents and Settings\Francois\Bluetooth Software 2007-11-20 05:43 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll 2007-11-20 05:43 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll 2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Program Files\WIDCOMM 2007-11-20 05:38 . 2007-11-20 05:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\ATI 2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\WINDOWS\Acer 2007-11-20 05:31 . 2007-11-20 05:31 <DIR> d-------- C:\Program Files\ATI Technologies 2007-11-20 05:30 . 2003-09-03 15:57 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Symantec 2007-11-20 05:30 . 2003-09-03 15:59 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\CyberLink 2007-11-20 05:30 . 2003-09-03 15:38 <DIR> d-------- C:\Documents and Settings\Francois\Application Data\Acer 2007-11-20 05:29 . 2003-09-03 15:57 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec 2007-11-20 05:29 . 2003-09-03 15:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\CyberLink 2007-11-20 05:29 . 2003-09-03 15:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer 2007-11-20 00:20 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\dllcache\SET89.tmp 2007-11-20 00:20 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\SET87.tmp 2007-11-20 00:20 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\dllcache\SET8A.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-19 20:21 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-11-19 20:21 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-01 12:49 542,088 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-10-01 12:49 161,160 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-09-28 15:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 15:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 15:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35A2EE48-9FA3-4C88-A66C-AB897F224865}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24] "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 00:11] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 00:11] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2005-12-13 21:31] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-03 00:25] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-03 00:22] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-03 00:26] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19] "NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\SymProbe.exe" [] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 02:44 C:\WINDOWS\RTHDCPL.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-24 23:21] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-09 11:54] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-08 18:41] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-04-03 17:03] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-03-31 10:47] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-03-31 10:24] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-03-31 10:32] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32] Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-27 14:47:48] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtqn.dll R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 OsaFsLoc;OsaFsLoc;\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys R3 SMCB000;SMSC CIR HID Miniport Device Driver;C:\WINDOWS\system32\DRIVERS\hidsmsc.sys S3 AVerE506;AVerE506 service;C:\WINDOWS\system32\DRIVERS\AVerE506.sys S3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys . Contents of the 'Scheduled Tasks' folder "2007-11-26 16:57:10 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Francois.job" - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK: "2007-11-29 18:09:58 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 15:27:43 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-05 15:29:08 - machine was rebooted C:\ComboFix2.txt ... 2007-12-04 23:41 . --- E O F --- Panda Online Scan: Incident Status Location Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Francois\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Francois\Desktop\ComboFix.exe[nircmd.cfexe] Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Francois\Cookies\francois@hotlog[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Francois\Cookies\francois@serving-sys[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Francois\Cookies\francois@advertising[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Francois\Cookies\francois@overture[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Francois\Cookies\francois@adserver.easyad[1].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Francois\Cookies\francois@adtech[2].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Francois\Cookies\francois@anm.co[1].txt Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Francois\Cookies\francois@fortunecity[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Francois\Cookies\francois@com[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Francois\Cookies\francois@atdmt[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Francois\Cookies\francois@ads.pointroll[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Francois\Cookies\francois@questionmarket[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Francois\Cookies\francois@server.iad.liveperson[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Francois\Cookies\francois@statcounter[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Francois\Cookies\francois@bs.serving-sys[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Francois\Cookies\francois@tribalfusion[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Francois\Cookies\francois@doubleclick[1].txt Spyware:Spyware/Virtumonde Not disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\LNPVKJXE.EXE Virus:Trj/Downloader.PJT Disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\DUUWRCWE.EXE Spyware:Spyware/Virtumonde Not disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\PSFEKLDI.EXE Virus:Trj/Downloader.PJT Disinfected C:\Deckard\System Scanner\20071130133204\BACKUP\DOCUME~1\Francois\LOCALS~1\Temp\VRTXQOGA.EXE Spyware:Spyware/Virtumonde Not disinfected C:\QOOBOX\Quarantine\C\WINDOWS\SYSTEM32\mkifttmc.dll.vir Spyware:Spyware/Virtumonde Not disinfected C:\QOOBOX\Quarantine\catchme2007-12-04_233808.82.zip[xxyvvvv.dll] Last edited by tetonbob; 12-06-2007 at 11:37 AM. Reason: removed quote tags; makes logs harder to read