boyeltsin
2008-07-15, 15:20
Hi,
I've been trying to remove the Virtumonde.Trojan with no success...
As per other threads I've run
- Malwarebytes' Anti-Malware (and removed all threats)
- HijackThis
- Deckards
Thanks for any help!
Here are the logs for each:
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.20
Database version: 951
Windows 6.0.6001 Service Pack 1
5:44:46 AM 7/15/2008
mbam-log-7-15-2008 (05-44-46).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 227636
Time elapsed: 40 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\awtsPihg.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{36953122-9f7c-4461-af35-e23242461fd7} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{36953122-9f7c-4461-af35-e23242461fd7} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\awtsPihg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Deckard\System Scanner\backup\Users\me\AppData\Local\Temp\tmp000143e2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\awtsPihg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ljJcaaYs.dll (Trojan.Vundo) -> Delete on reboot.
HiJack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:14 AM, on 7/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {90EBAB75-3438-4981-A62F-2F3286FAE47C} - C:\Windows\SysWow64\urqPiGvS.dll (file missing)
O2 - BHO: {51fcb13a-4751-b59b-8bb4-20541a87e17e} - {e71e78a1-4502-4bb8-b95b-1574a31bcf15} - C:\Windows\SysWow64\fxbtjn.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\pn4fx7z1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtsPihg.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk.disabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10277 bytes
Deckards
Deckard's System Scanner v20071014.68
Run by me on 2008-07-15 05:50:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as me.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:24 AM, on 7/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\me\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\me.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {90EBAB75-3438-4981-A62F-2F3286FAE47C} - C:\Windows\SysWow64\urqPiGvS.dll (file missing)
O2 - BHO: {51fcb13a-4751-b59b-8bb4-20541a87e17e} - {e71e78a1-4502-4bb8-b95b-1574a31bcf15} - C:\Windows\SysWow64\fxbtjn.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\pn4fx7z1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccdcAsT.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk.disabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10037 bytes
-- Files created between 2008-06-15 and 2008-07-15 -----------------------------
2008-07-15 05:47:58 25600 --a------ C:\Windows\system32\fccdcAsT.dll
2008-07-15 04:51:31 0 d-------- C:\Users\me\Desktop
2008-07-15 04:51:31 0 d-------- C:\Program Files (x86)\Trend Micro
2008-07-15 00:09:49 0 d-------- C:\ThunderStor
2008-07-15 00:09:34 0 d-------- C:\Program Files (x86)\ThunderStor
2008-07-14 23:49:41 0 d-------- C:\eml_files
2008-07-14 23:36:50 0 d-------- C:\mbx2eml
2008-07-14 23:36:14 0 d-------- C:\mbox_files
2008-07-14 22:18:07 0 d-------- C:\Users\me\.housecall6.6
2008-07-14 19:01:37 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-07-14 18:56:45 0 dr-h----- C:\MSOCache
2008-07-14 01:01:35 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-14 01:01:34 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-07-13 02:09:44 103424 --a------ C:\Windows\system32\fxbtjn.dll
2008-07-13 02:09:43 103424 --a------ C:\Windows\system32\ryeunogf.dll
2008-07-13 02:08:47 726780 --ahs---- C:\Windows\system32\cJjRCJlm.ini2
2008-07-13 02:08:42 345 --ahs---- C:\Windows\system32\stsBIhQr.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\OnXbJjlm.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\HgOXaccf.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\eKRAaccf.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\BddgjQru.ini2
2008-07-13 02:08:40 345 --ahs---- C:\Windows\system32\GjQrCJlm.ini2
2008-07-12 10:27:28 0 d-------- C:\Windows\system32\QuickTime
2008-07-12 10:26:47 0 d-------- C:\Program Files (x86)\Common Files\TechSmith Shared
2008-07-12 10:26:46 0 d-------- C:\Program Files (x86)\TechSmith
2008-07-11 09:22:23 0 d-------- C:\Program Files (x86)\visualboo timer
2008-07-11 06:34:23 0 d-------- C:\Program Files (x86)\Winamp
2008-07-11 06:29:49 345 --ahs---- C:\Windows\system32\wFMppqru.ini2
2008-07-10 23:31:58 771678 --ahs---- C:\Windows\system32\KSutsBeg.ini2
2008-07-10 23:31:58 401 --ahs---- C:\Windows\system32\bIRsAJlm.ini2
2008-07-10 23:31:57 345 --ahs---- C:\Windows\system32\ihjPonmp.ini2
2008-07-10 14:01:05 0 d-------- C:\Users\me\personal
2008-07-10 08:23:15 0 d-------- C:\Users\All Users\Extensis
2008-07-10 08:17:09 0 d-------- C:\Program Files (x86)\Extensis
2008-07-10 07:59:24 0 d-------- C:\Users\me\fonts
2008-07-10 07:54:02 712974 --ahs---- C:\Windows\system32\SvGiPqru.ini2
2008-07-10 07:54:01 345 --ahs---- C:\Windows\system32\XIjknXyb.ini2
2008-07-10 07:54:01 345 --ahs---- C:\Windows\system32\xGjlkUtv.ini2
2008-07-10 02:08:50 0 d-a------ C:\Users\me\invoice
2008-07-09 16:34:30 0 d-------- C:\Users\me\to do
2008-07-09 15:39:16 0 d-------- C:\Program Files (x86)\Eudora
2008-07-09 06:09:06 0 d-------- C:\Users\All Users\Findley Designs
2008-07-09 06:03:44 0 d-------- C:\Program Files (x86)\iPod Access for Windows
2008-07-09 04:50:33 0 d-------- C:\Program Files (x86)\FLV Player
2008-07-08 07:34:37 0 d-------- C:\Users\me\myspace
2008-07-08 00:26:31 0 d-------- C:\Windows\Sun
2008-07-07 23:42:03 0 d-------- C:\Program Files (x86)\iPod
2008-07-07 23:41:59 0 d-------- C:\Program Files (x86)\iTunes
2008-07-07 23:39:25 0 d-------- C:\Program Files (x86)\QuickTime
2008-07-07 23:39:24 0 d-------- C:\Users\All Users\Apple Computer
2008-07-07 23:37:53 0 d-------- C:\Program Files (x86)\Common Files\Apple
2008-07-07 23:07:08 0 d-------- C:\Temp
2008-07-07 17:58:44 0 d-------- C:\Program Files (x86)\Opera
2008-07-07 17:56:24 0 d-------- C:\Program Files (x86)\Netscape
2008-07-07 15:40:34 0 d-------- C:\Users\me\projects
2008-07-07 15:40:32 0 d-------- C:\Users\me\wallpaper
2008-07-07 14:57:10 0 d-------- C:\Program Files (x86)\Safari
2008-07-07 14:56:19 0 d-------- C:\Users\All Users\Apple
2008-07-07 14:56:19 0 d-------- C:\Program Files (x86)\Apple Software Update
2008-07-07 03:47:11 0 d-------- C:\Users\me\websites
2008-07-07 01:45:58 0 d-------- C:\Program Files (x86)\Common Files\PX Storage Engine
2008-07-07 01:45:49 0 d-------- C:\Program Files (x86)\DivX
2008-07-07 00:22:06 0 d-------- C:\Windows\$regcmp$
2008-07-07 00:22:01 0 d-------- C:\Program Files (x86)\Registry Clean Expert
2008-07-06 23:58:09 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-06 22:29:47 0 d-------- C:\Windows\WinRAR
2008-07-06 21:52:21 0 d-------- C:\Program Files (x86)\PowerISO
2008-07-06 18:46:53 0 d-------- C:\Users\All Users\FLEXnet
2008-07-06 18:40:31 0 d-------- C:\Program Files (x86)\Bonjour
2008-07-06 18:38:01 0 d-------- C:\Windows\system32\spool
2008-07-06 18:35:46 0 d-------- C:\Program Files (x86)\Common Files\Macrovision Shared
2008-07-06 18:09:27 0 --a------ C:\Windows\nsreg.dat
2008-07-06 18:09:21 0 d-------- C:\Program Files (x86)\Mozilla Thunderbird
2008-07-06 17:06:57 47104 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-06 17:06:32 47104 --a------ C:\Windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-06 14:29:30 0 d-------- C:\Users\All Users\Pure Networks
2008-07-04 18:27:38 0 d-------- C:\Users\me\Program Files (x86)
2008-07-04 13:48:41 0 d-------- C:\Program Files (x86)\DNA
2008-07-04 13:48:41 0 d-------- C:\Program Files (x86)\BitTorrent
2008-07-04 13:09:01 0 d-------- C:\Users\me\dwhelper
2008-07-04 11:39:37 0 d-------- C:\Users\me\Bluetooth Software
2008-07-04 11:39:33 0 d-------- C:\Users\All Users\NVIDIA
2008-07-04 11:38:58 0 dr------- C:\Users\me\Searches
2008-07-04 11:38:47 0 dr------- C:\Users\me\Contacts
2008-07-04 11:38:23 0 dr------- C:\Users\me\Videos
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Templates
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Start Menu
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\SendTo
2008-07-04 11:38:23 0 dr------- C:\Users\me\Saved Games
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Recent
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\PrintHood
2008-07-04 11:38:23 0 dr------- C:\Users\me\Pictures
2008-07-04 11:38:23 3932160 --a------ C:\Users\me\NTUSER.DAT
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\NetHood
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\My Documents
2008-07-04 11:38:23 0 dr------- C:\Users\me\Music
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Local Settings
2008-07-04 11:38:23 0 dr------- C:\Users\me\Links
2008-07-04 11:38:23 0 dr------- C:\Users\me\Favorites
2008-07-04 11:38:23 0 dr------- C:\Users\me\Downloads
2008-07-04 11:38:23 0 dr------- C:\Users\me\Documents
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Cookies
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Application Data
2008-07-04 11:38:23 0 d--h----- C:\Users\me\AppData
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Templates
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Start Menu
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\SendTo
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Recent
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\PrintHood
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\NetHood
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\My Documents
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Local Settings
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Cookies
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Application Data
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Templates
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Start Menu
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Favorites
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Documents
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Desktop
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Application Data
2008-07-04 11:34:40 0 d--hs---- C:\Documents and Settings
-- Find3M Report ---------------------------------------------------------------
2008-07-15 05:48:00 27554 --a------ C:\Users\me\AppData\Roaming\nvModes.001
2008-07-15 05:47:15 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-07-15 05:47:09 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-07-15 05:45:33 12 --a------ C:\Windows\bthservsdp.dat
2008-07-14 19:02:09 0 d-------- C:\Program Files (x86)\Common Files
2008-07-14 09:28:57 0 d-------- C:\Users\me\AppData\Roaming\Adobe
2008-07-14 01:50:26 0 d-------- C:\Users\me\AppData\Roaming\DNA
2008-07-14 01:01:40 0 d-------- C:\Users\me\AppData\Roaming\Malwarebytes
2008-07-13 07:58:04 0 d-------- C:\Users\me\AppData\Roaming\BitTorrent
2008-07-11 17:48:02 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-11 07:37:41 0 d-------- C:\Users\me\AppData\Roaming\Winamp
2008-07-10 22:25:42 0 d-------- C:\Users\me\AppData\Roaming\FireShot
2008-07-10 08:25:21 0 d-------- C:\Users\me\AppData\Roaming\Extensis
2008-07-10 07:56:14 0 d-------- C:\Users\me\AppData\Roaming\Symantec
2008-07-09 15:39:22 0 d-------- C:\Users\me\AppData\Roaming\Thunderbird
2008-07-09 06:11:10 258 --a------ C:\Users\me\AppData\Roaming\iPod Access v4 Prefs
2008-07-09 06:07:49 38 --ah----- C:\Users\me\AppData\Roaming\iPodAccessv4_OwnerName
2008-07-09 06:05:09 11 --ah----- C:\Users\me\AppData\Roaming\iPodAccess_Time
2008-07-07 23:42:58 0 d-------- C:\Users\me\AppData\Roaming\Apple Computer
2008-07-07 18:22:58 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-07-07 17:59:00 0 d-------- C:\Users\me\AppData\Roaming\Opera
2008-07-07 17:56:39 0 d-------- C:\Users\me\AppData\Roaming\Netscape
2008-07-07 02:01:53 0 d-------- C:\Users\me\AppData\Roaming\DivX
2008-07-06 21:21:05 24226 --a------ C:\Users\me\AppData\Roaming\UserTile.png
2008-07-06 21:21:04 0 d-------- C:\Users\me\AppData\Roaming\PeerNetworking
2008-07-06 18:09:34 0 d-------- C:\Users\me\AppData\Roaming\Talkback
2008-07-06 18:09:27 0 d-------- C:\Users\me\AppData\Roaming\Mozilla
2008-07-06 17:57:51 0 d-------- C:\Users\me\AppData\Roaming\WinRAR
2008-07-06 12:56:22 27554 --a------ C:\Users\me\AppData\Roaming\nvModes.dat
2008-07-04 13:29:25 0 d-------- C:\Program Files (x86)\Norton Internet Security
2008-07-04 13:29:24 0 d-------- C:\Program Files (x86)\Common Files\Symantec Shared
2008-07-04 12:01:37 0 d-------- C:\Users\me\AppData\Roaming\Macromedia
2008-07-04 11:38:49 0 d-------- C:\Users\me\AppData\Roaming\Identities
2008-06-10 17:07:20 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:18 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 15:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
-- End of Deckard's System Scanner: finished at 2008-07-15 05:50:39 ------------
I've been trying to remove the Virtumonde.Trojan with no success...
As per other threads I've run
- Malwarebytes' Anti-Malware (and removed all threats)
- HijackThis
- Deckards
Thanks for any help!
Here are the logs for each:
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware 1.20
Database version: 951
Windows 6.0.6001 Service Pack 1
5:44:46 AM 7/15/2008
mbam-log-7-15-2008 (05-44-46).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 227636
Time elapsed: 40 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Windows\System32\awtsPihg.dll (Trojan.Vundo) -> Unloaded module successfully.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{36953122-9f7c-4461-af35-e23242461fd7} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{36953122-9f7c-4461-af35-e23242461fd7} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\System32\awtsPihg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Deckard\System Scanner\backup\Users\me\AppData\Local\Temp\tmp000143e2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\awtsPihg.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\ljJcaaYs.dll (Trojan.Vundo) -> Delete on reboot.
HiJack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:14 AM, on 7/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {90EBAB75-3438-4981-A62F-2F3286FAE47C} - C:\Windows\SysWow64\urqPiGvS.dll (file missing)
O2 - BHO: {51fcb13a-4751-b59b-8bb4-20541a87e17e} - {e71e78a1-4502-4bb8-b95b-1574a31bcf15} - C:\Windows\SysWow64\fxbtjn.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\pn4fx7z1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtsPihg.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk.disabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10277 bytes
Deckards
Deckard's System Scanner v20071014.68
Run by me on 2008-07-15 05:50:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as me.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:24 AM, on 7/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\me\Downloads\dss.exe
C:\PROGRA~2\TRENDM~1\HIJACK~1\me.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {90EBAB75-3438-4981-A62F-2F3286FAE47C} - C:\Windows\SysWow64\urqPiGvS.dll (file missing)
O2 - BHO: {51fcb13a-4751-b59b-8bb4-20541a87e17e} - {e71e78a1-4502-4bb8-b95b-1574a31bcf15} - C:\Windows\SysWow64\fxbtjn.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\pn4fx7z1.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.55.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccdcAsT.dll,#1
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Suitcase 11.0.lnk.disabled
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files (x86)\Extensis\Extensis Suitcase 11\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files (x86)\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\system32\STacSV64.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10037 bytes
-- Files created between 2008-06-15 and 2008-07-15 -----------------------------
2008-07-15 05:47:58 25600 --a------ C:\Windows\system32\fccdcAsT.dll
2008-07-15 04:51:31 0 d-------- C:\Users\me\Desktop
2008-07-15 04:51:31 0 d-------- C:\Program Files (x86)\Trend Micro
2008-07-15 00:09:49 0 d-------- C:\ThunderStor
2008-07-15 00:09:34 0 d-------- C:\Program Files (x86)\ThunderStor
2008-07-14 23:49:41 0 d-------- C:\eml_files
2008-07-14 23:36:50 0 d-------- C:\mbx2eml
2008-07-14 23:36:14 0 d-------- C:\mbox_files
2008-07-14 22:18:07 0 d-------- C:\Users\me\.housecall6.6
2008-07-14 19:01:37 0 d-------- C:\Program Files (x86)\Microsoft.NET
2008-07-14 18:56:45 0 dr-h----- C:\MSOCache
2008-07-14 01:01:35 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-14 01:01:34 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2008-07-13 02:09:44 103424 --a------ C:\Windows\system32\fxbtjn.dll
2008-07-13 02:09:43 103424 --a------ C:\Windows\system32\ryeunogf.dll
2008-07-13 02:08:47 726780 --ahs---- C:\Windows\system32\cJjRCJlm.ini2
2008-07-13 02:08:42 345 --ahs---- C:\Windows\system32\stsBIhQr.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\OnXbJjlm.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\HgOXaccf.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\eKRAaccf.ini2
2008-07-13 02:08:41 345 --ahs---- C:\Windows\system32\BddgjQru.ini2
2008-07-13 02:08:40 345 --ahs---- C:\Windows\system32\GjQrCJlm.ini2
2008-07-12 10:27:28 0 d-------- C:\Windows\system32\QuickTime
2008-07-12 10:26:47 0 d-------- C:\Program Files (x86)\Common Files\TechSmith Shared
2008-07-12 10:26:46 0 d-------- C:\Program Files (x86)\TechSmith
2008-07-11 09:22:23 0 d-------- C:\Program Files (x86)\visualboo timer
2008-07-11 06:34:23 0 d-------- C:\Program Files (x86)\Winamp
2008-07-11 06:29:49 345 --ahs---- C:\Windows\system32\wFMppqru.ini2
2008-07-10 23:31:58 771678 --ahs---- C:\Windows\system32\KSutsBeg.ini2
2008-07-10 23:31:58 401 --ahs---- C:\Windows\system32\bIRsAJlm.ini2
2008-07-10 23:31:57 345 --ahs---- C:\Windows\system32\ihjPonmp.ini2
2008-07-10 14:01:05 0 d-------- C:\Users\me\personal
2008-07-10 08:23:15 0 d-------- C:\Users\All Users\Extensis
2008-07-10 08:17:09 0 d-------- C:\Program Files (x86)\Extensis
2008-07-10 07:59:24 0 d-------- C:\Users\me\fonts
2008-07-10 07:54:02 712974 --ahs---- C:\Windows\system32\SvGiPqru.ini2
2008-07-10 07:54:01 345 --ahs---- C:\Windows\system32\XIjknXyb.ini2
2008-07-10 07:54:01 345 --ahs---- C:\Windows\system32\xGjlkUtv.ini2
2008-07-10 02:08:50 0 d-a------ C:\Users\me\invoice
2008-07-09 16:34:30 0 d-------- C:\Users\me\to do
2008-07-09 15:39:16 0 d-------- C:\Program Files (x86)\Eudora
2008-07-09 06:09:06 0 d-------- C:\Users\All Users\Findley Designs
2008-07-09 06:03:44 0 d-------- C:\Program Files (x86)\iPod Access for Windows
2008-07-09 04:50:33 0 d-------- C:\Program Files (x86)\FLV Player
2008-07-08 07:34:37 0 d-------- C:\Users\me\myspace
2008-07-08 00:26:31 0 d-------- C:\Windows\Sun
2008-07-07 23:42:03 0 d-------- C:\Program Files (x86)\iPod
2008-07-07 23:41:59 0 d-------- C:\Program Files (x86)\iTunes
2008-07-07 23:39:25 0 d-------- C:\Program Files (x86)\QuickTime
2008-07-07 23:39:24 0 d-------- C:\Users\All Users\Apple Computer
2008-07-07 23:37:53 0 d-------- C:\Program Files (x86)\Common Files\Apple
2008-07-07 23:07:08 0 d-------- C:\Temp
2008-07-07 17:58:44 0 d-------- C:\Program Files (x86)\Opera
2008-07-07 17:56:24 0 d-------- C:\Program Files (x86)\Netscape
2008-07-07 15:40:34 0 d-------- C:\Users\me\projects
2008-07-07 15:40:32 0 d-------- C:\Users\me\wallpaper
2008-07-07 14:57:10 0 d-------- C:\Program Files (x86)\Safari
2008-07-07 14:56:19 0 d-------- C:\Users\All Users\Apple
2008-07-07 14:56:19 0 d-------- C:\Program Files (x86)\Apple Software Update
2008-07-07 03:47:11 0 d-------- C:\Users\me\websites
2008-07-07 01:45:58 0 d-------- C:\Program Files (x86)\Common Files\PX Storage Engine
2008-07-07 01:45:49 0 d-------- C:\Program Files (x86)\DivX
2008-07-07 00:22:06 0 d-------- C:\Windows\$regcmp$
2008-07-07 00:22:01 0 d-------- C:\Program Files (x86)\Registry Clean Expert
2008-07-06 23:58:09 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-06 22:29:47 0 d-------- C:\Windows\WinRAR
2008-07-06 21:52:21 0 d-------- C:\Program Files (x86)\PowerISO
2008-07-06 18:46:53 0 d-------- C:\Users\All Users\FLEXnet
2008-07-06 18:40:31 0 d-------- C:\Program Files (x86)\Bonjour
2008-07-06 18:38:01 0 d-------- C:\Windows\system32\spool
2008-07-06 18:35:46 0 d-------- C:\Program Files (x86)\Common Files\Macrovision Shared
2008-07-06 18:09:27 0 --a------ C:\Windows\nsreg.dat
2008-07-06 18:09:21 0 d-------- C:\Program Files (x86)\Mozilla Thunderbird
2008-07-06 17:06:57 47104 --a------ C:\Windows\system32\rpcnet.dll <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-06 17:06:32 47104 --a------ C:\Windows\system32\rpcnet.exe <Not Verified; Absolute Software Corp.; Installation/Management Application>
2008-07-06 14:29:30 0 d-------- C:\Users\All Users\Pure Networks
2008-07-04 18:27:38 0 d-------- C:\Users\me\Program Files (x86)
2008-07-04 13:48:41 0 d-------- C:\Program Files (x86)\DNA
2008-07-04 13:48:41 0 d-------- C:\Program Files (x86)\BitTorrent
2008-07-04 13:09:01 0 d-------- C:\Users\me\dwhelper
2008-07-04 11:39:37 0 d-------- C:\Users\me\Bluetooth Software
2008-07-04 11:39:33 0 d-------- C:\Users\All Users\NVIDIA
2008-07-04 11:38:58 0 dr------- C:\Users\me\Searches
2008-07-04 11:38:47 0 dr------- C:\Users\me\Contacts
2008-07-04 11:38:23 0 dr------- C:\Users\me\Videos
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Templates
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Start Menu
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\SendTo
2008-07-04 11:38:23 0 dr------- C:\Users\me\Saved Games
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Recent
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\PrintHood
2008-07-04 11:38:23 0 dr------- C:\Users\me\Pictures
2008-07-04 11:38:23 3932160 --a------ C:\Users\me\NTUSER.DAT
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\NetHood
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\My Documents
2008-07-04 11:38:23 0 dr------- C:\Users\me\Music
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Local Settings
2008-07-04 11:38:23 0 dr------- C:\Users\me\Links
2008-07-04 11:38:23 0 dr------- C:\Users\me\Favorites
2008-07-04 11:38:23 0 dr------- C:\Users\me\Downloads
2008-07-04 11:38:23 0 dr------- C:\Users\me\Documents
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Cookies
2008-07-04 11:38:23 0 d--hs---- C:\Users\me\Application Data
2008-07-04 11:38:23 0 d--h----- C:\Users\me\AppData
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Templates
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Start Menu
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\SendTo
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Recent
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\PrintHood
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\NetHood
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\My Documents
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Local Settings
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Cookies
2008-07-04 11:34:40 0 d--hs---- C:\Users\Default\Application Data
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Templates
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Start Menu
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Favorites
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Documents
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Desktop
2008-07-04 11:34:40 0 d--hs---- C:\Users\All Users\Application Data
2008-07-04 11:34:40 0 d--hs---- C:\Documents and Settings
-- Find3M Report ---------------------------------------------------------------
2008-07-15 05:48:00 27554 --a------ C:\Users\me\AppData\Roaming\nvModes.001
2008-07-15 05:47:15 17408 --a------ C:\Windows\system32\rpcnetp.exe
2008-07-15 05:47:09 17408 --a------ C:\Windows\system32\rpcnetp.dll
2008-07-15 05:45:33 12 --a------ C:\Windows\bthservsdp.dat
2008-07-14 19:02:09 0 d-------- C:\Program Files (x86)\Common Files
2008-07-14 09:28:57 0 d-------- C:\Users\me\AppData\Roaming\Adobe
2008-07-14 01:50:26 0 d-------- C:\Users\me\AppData\Roaming\DNA
2008-07-14 01:01:40 0 d-------- C:\Users\me\AppData\Roaming\Malwarebytes
2008-07-13 07:58:04 0 d-------- C:\Users\me\AppData\Roaming\BitTorrent
2008-07-11 17:48:02 0 d-------- C:\Program Files (x86)\Windows Mail
2008-07-11 07:37:41 0 d-------- C:\Users\me\AppData\Roaming\Winamp
2008-07-10 22:25:42 0 d-------- C:\Users\me\AppData\Roaming\FireShot
2008-07-10 08:25:21 0 d-------- C:\Users\me\AppData\Roaming\Extensis
2008-07-10 07:56:14 0 d-------- C:\Users\me\AppData\Roaming\Symantec
2008-07-09 15:39:22 0 d-------- C:\Users\me\AppData\Roaming\Thunderbird
2008-07-09 06:11:10 258 --a------ C:\Users\me\AppData\Roaming\iPod Access v4 Prefs
2008-07-09 06:07:49 38 --ah----- C:\Users\me\AppData\Roaming\iPodAccessv4_OwnerName
2008-07-09 06:05:09 11 --ah----- C:\Users\me\AppData\Roaming\iPodAccess_Time
2008-07-07 23:42:58 0 d-------- C:\Users\me\AppData\Roaming\Apple Computer
2008-07-07 18:22:58 0 d-------- C:\Program Files (x86)\Common Files\Adobe
2008-07-07 17:59:00 0 d-------- C:\Users\me\AppData\Roaming\Opera
2008-07-07 17:56:39 0 d-------- C:\Users\me\AppData\Roaming\Netscape
2008-07-07 02:01:53 0 d-------- C:\Users\me\AppData\Roaming\DivX
2008-07-06 21:21:05 24226 --a------ C:\Users\me\AppData\Roaming\UserTile.png
2008-07-06 21:21:04 0 d-------- C:\Users\me\AppData\Roaming\PeerNetworking
2008-07-06 18:09:34 0 d-------- C:\Users\me\AppData\Roaming\Talkback
2008-07-06 18:09:27 0 d-------- C:\Users\me\AppData\Roaming\Mozilla
2008-07-06 17:57:51 0 d-------- C:\Users\me\AppData\Roaming\WinRAR
2008-07-06 12:56:22 27554 --a------ C:\Users\me\AppData\Roaming\nvModes.dat
2008-07-04 13:29:25 0 d-------- C:\Program Files (x86)\Norton Internet Security
2008-07-04 13:29:24 0 d-------- C:\Program Files (x86)\Common Files\Symantec Shared
2008-07-04 12:01:37 0 d-------- C:\Users\me\AppData\Roaming\Macromedia
2008-07-04 11:38:49 0 d-------- C:\Users\me\AppData\Roaming\Identities
2008-06-10 17:07:20 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-06-10 17:03:26 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-10 17:03:26 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-10 17:03:20 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-10 17:03:20 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:20 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-10 17:03:18 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 15:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
-- Registry Dump ---------------------------------------------------------------
-- End of Deckard's System Scanner: finished at 2008-07-15 05:50:39 ------------