Computing.Net > Forums > Security and Virus > Virus DOWNLOADER keeps coming bac

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Virus DOWNLOADER keeps coming bac

Reply to Message Icon
Original Message
Name: topo416
Date: January 15, 2007 at 21:37:09 Pacific
Subject: Virus DOWNLOADER keeps coming bac
OS: Win Xp sp2
CPU/Ram: P4 2.8Ghz 2G
Model/Manufacturer: Asus P5P800-VM
Comment:

hello

The other day i downloaded a couple of .mp4 files. The next time i started my computer Norton notified me that my computer had been infected with the virus DOWNLOADER in "c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\GH0ABCME\count[1].htm" the message said the access to the file was denied. I clicked OK then Norton windows pops up again with the same message but this time it read that the file was deleted. this has happened every time i turn on the computer. I tried scanning in safe mode but it found nothing. I have checked the Event Viewer and have seen under Application folder
two entries labeled Information with the source crypt32. Also under the security folder various entries of "policy change" and
Privilege use. If anyone can help me before this virus gets outofhand please post

Thank you


Report Offensive Message For Removal

Response Number 1
Name: jabuck
Date: January 16, 2007 at 14:35:46 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by "Create a desktop icon" then click "Next" again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click "Finish" and it will launch Hijack This.
Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.


Report Offensive Follow Up For Removal

Response Number 2
Name: topo416
Date: January 16, 2007 at 15:36:26 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

here we go

Logfile of HijackThis v1.99.1
Scan saved at 6:31:48 PM, on 16/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CmWatch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\hffext\hffsrv.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AWC\AWC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LowLight.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
J:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Ulead Quick-Drop] "C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 5 Plus\Ulead DVD MovieFactory 5\Quick-Drop.exe" WINDOWCALL
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hffsrv] c:\windows\hffext\hffsrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: AWC (2).lnk = C:\Program Files\AWC\AWC.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O18 - Protocol: bw+0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E47200CA-6CAC-49F4-84A4-F5F562C6FE58} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



Report Offensive Follow Up For Removal

Response Number 3
Name: jabuck
Date: January 16, 2007 at 16:21:54 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

I don't see any thing in the HJT log, run these two scans.

Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.


!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!


Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please download ComboFix to the desktop from this link:

http://download.bleepingcomputer.com/sUBs/combofix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

Please post the combofix.txt log.


Report Offensive Follow Up For Removal

Response Number 4
Name: topo416
Date: January 16, 2007 at 18:20:42 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

This is the smitFraudFix log Jabuck

SmitFraudFix v2.132

Scan done at 21:17:54.95, 16/01/2007
Run from J:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svchost.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Javier


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Javier\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Javier\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Report Offensive Follow Up For Removal

Response Number 5
Name: topo416
Date: January 16, 2007 at 18:38:12 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

Here is the combo fix log


"" - 07-01-16 21:24:21 Service Pack 2
ComboFix 07-01-16.2 - Running from: "J:\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\svchost.exe


((((((((((((((((((((((((((((((( Files Created from 2006-12-16 to 2007-01-16 ))))))))))))))))))))))))))))))))))


2007-01-16 21:17 3,674 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-16 18:41 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-14 22:05 <DIR> d-------- C:\Program Files\ImTOO
2007-01-12 06:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 10:34 <DIR> d-------- C:\DOCUME~1\Javier\Application Data\Autodesk
2007-01-10 10:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Autodesk
2007-01-10 10:32 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-01-10 10:32 <DIR> d-------- C:\Program Files\Autodesk
2006-12-28 03:49 <DIR> d-------- C:\Program Files\Guitar Pro 5
2006-12-25 21:12 <DIR> d-------- C:\Program Files\Overland
2006-12-25 21:03 <DIR> d-------- C:\WINDOWS\Hewlett-Packard
2006-12-23 15:32 <DIR> d-------- C:\DOCUME~1\Javier\Application Data\Corel
2006-12-23 15:28 <DIR> d-------- C:\Program Files\Corel
2006-12-23 15:28 <DIR> d-------- C:\Program Files\Common Files\Corel
2006-12-23 11:17 <DIR> d-------- C:\Program Files\ratDVD
2006-12-23 10:07 <DIR> d-------- C:\Program Files\RegScrubXP
2006-12-21 15:34 <DIR> d-------- C:\Program Files\Java
2006-12-21 15:33 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-21 02:35 <DIR> d-------- C:\Program Files\DVDMenu
2006-12-21 02:32 <DIR> d-------- C:\Program Files\DVDlabPro
2006-12-19 03:36 <DIR> d-------- C:\DOCUME~1\Javier\Application Data\InstallShield
2006-12-19 03:34 <DIR> d-------- C:\Program Files\DAEMON Tools
2006-12-19 03:20 <DIR> d-------- C:\Program Files\mIRC
2006-12-19 03:17 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-18 00:16 <DIR> d-------- C:\Program Files\Lula 3D
2006-12-17 23:58 <DIR> d-------- C:\Program Files\Playboy - The Mansion
2006-12-17 23:41 <DIR> dr-h----- C:\DOCUME~1\Javier\Application Data\SecuROM
2006-12-17 23:36 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2006-12-17 23:36 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-12-17 23:36 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2006-12-17 23:36 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-12-17 23:36 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2006-12-17 23:36 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-16 21:11 -------- d-------- C:\Program Files\mozilla firefox
2007-01-15 23:53 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-15 23:19 -------- d-------- C:\Program Files\norton internet security
2007-01-14 22:23 -------- d-------- C:\Program Files\peerguardian2
2007-01-14 22:23 -------- d-------- C:\Documents and Settings\Javier\Application Data\utorrent
2007-01-12 09:46 -------- d-------- C:\Program Files\ipod
2007-01-10 10:34 -------- d-------- C:\Documents and Settings\Javier\Application Data\autodesk
2006-12-29 02:43 83 ---hs---- C:\Documents and Settings\Javier\Application Data\.zreglib
2006-12-26 15:37 -------- d--h----- C:\Program Files\installshield installation information
2006-12-26 15:37 -------- d-------- C:\Program Files\electronic arts
2006-12-25 21:09 -------- d-------- C:\Program Files\hp
2006-12-23 15:32 -------- d-------- C:\Documents and Settings\Javier\Application Data\corel
2006-12-22 00:48 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2006-12-22 00:48 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-22 00:48 -------- d-------- C:\Program Files\symantec
2006-12-20 22:34 -------- d-------- C:\Documents and Settings\Javier\Application Data\dvdcss
2006-12-19 03:36 -------- d-------- C:\Documents and Settings\Javier\Application Data\installshield
2006-12-17 23:41 -------- dr-h----- C:\Documents and Settings\Javier\Application Data\securom
2006-12-17 23:31 -------- d-------- C:\Program Files\ubisoft
2006-12-14 15:28 -------- d-------- C:\Documents and Settings\Javier\Application Data\ahead
2006-12-12 11:52 -------- d-------- C:\Program Files\vugames
2006-12-12 11:40 -------- d-------- C:\Program Files\hffolders
2006-12-09 10:46 -------- d-------- C:\Program Files\sierra
2006-12-09 10:17 -------- d-------- C:\Program Files\winuha
2006-12-07 17:33 152448 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2006-12-07 01:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-04 22:54 -------- d-------- C:\Program Files\itunes
2006-12-03 01:54 -------- d-------- C:\Documents and Settings\Javier\Application Data\pegasys inc
2006-12-03 01:53 -------- d-------- C:\Program Files\pegasys inc
2006-12-03 01:49 20576 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-03 01:49 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-03 01:49 10752 --------- C:\WINDOWS\system32\pxwma.dll
2006-12-03 01:49 103936 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-02 04:22 118784 -r------- C:\WINDOWS\bwunin-7.2.0.157-8876480sl.exe
2006-12-02 04:19 -------- d-------- C:\Program Files\bethesda softworks
2006-12-02 04:08 -------- d-------- C:\Program Files\poweriso
2006-12-02 01:20 -------- d-------- C:\Program Files\smartftp client 2.0 setup files
2006-12-02 01:20 -------- d-------- C:\Program Files\smartftp client 2.0
2006-12-02 01:20 -------- d-------- C:\Documents and Settings\Javier\Application Data\smartftp
2006-11-29 12:28 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-11-29 12:21 -------- d-------- C:\Program Files\human head studios
2006-11-28 16:27 -------- d-------- C:\Program Files\submagic
2006-11-28 14:31 -------- d-------- C:\Program Files\custom technology
2006-11-27 10:16 -------- d-------- C:\Program Files\slysoft
2006-11-26 12:59 20096 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-11-26 07:20 -------- d-------- C:\Program Files\Common Files\ahead
2006-11-26 07:18 -------- d-------- C:\Program Files\nero
2006-11-25 10:18 -------- d-------- C:\Program Files\Common Files\logitech
2006-11-25 10:17 -------- d-------- C:\Program Files\logitech
2006-11-24 00:13 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-23 16:06 -------- d-------- C:\Program Files\keyscrambler
2006-11-23 05:54 -------- d---s---- C:\Documents and Settings\Javier\Application Data\microsoft
2006-11-23 05:30 -------- d-------- C:\Program Files\foxit software
2006-11-23 03:59 -------- d-------- C:\Program Files\directx
2006-11-23 03:58 -------- d-------- C:\Documents and Settings\Javier\Application Data\fotowire
2006-11-23 03:57 -------- d-------- C:\Program Files\Common Files\fotowire
2006-11-23 03:56 81920 -r------- C:\WINDOWS\bwunin-6.1.4.36-8876480l.exe
2006-11-23 00:47 -------- d-------- C:\Program Files\msxml 4.0
2006-11-22 23:45 -------- d-------- C:\Program Files\Common Files\hp
2006-11-22 23:44 -------- d-------- C:\Program Files\hewlett-packard
2006-11-22 23:43 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2006-11-22 02:58 -------- d-------- C:\Documents and Settings\Javier\Application Data\vso_hwe
2006-11-21 01:19 503808 --a------ C:\WINDOWS\system32\lg screen saver.scr
2006-11-20 11:45 -------- d-------- C:\Program Files\winavivideoconverter
2006-11-19 23:43 47616 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-11-19 23:43 -------- d-------- C:\Program Files\vso
2006-11-19 21:15 -------- d-------- C:\Documents and Settings\Javier\Application Data\elaborate bytes
2006-11-18 21:59 -------- d-------- C:\Program Files\msn messenger
2006-11-18 21:57 -------- d-------- C:\Program Files\online services
2006-11-18 19:33 -------- d-------- C:\Program Files\red storm entertainment
2006-11-18 19:20 -------- d-------- C:\Documents and Settings\Javier\Application Data\macromedia
2006-11-18 19:15 -------- d-------- C:\Program Files\gameshadow
2006-11-18 04:26 -------- d-------- C:\Program Files\thq
2006-11-18 04:12 -------- d-------- C:\Program Files\activision
2006-11-18 03:56 -------- d-------- C:\Program Files\intervideo
2006-11-18 03:56 -------- d-------- C:\Program Files\Common Files\installshield
2006-11-18 03:55 -------- d-------- C:\Program Files\Common Files\ulead systems
2006-11-18 03:55 -------- d-------- C:\Documents and Settings\Javier\Application Data\ulead systems
2006-11-18 03:53 -------- d-------- C:\Program Files\windows media components
2006-11-18 03:52 -------- d-------- C:\Program Files\ulead systems
2006-11-18 03:31 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-11-18 03:30 -------- d-------- C:\Program Files\gtr2
2006-11-18 03:19 -------- d-------- C:\Program Files\microsoft works
2006-11-18 03:05 -------- d-------- C:\Program Files\microsoft activesync
2006-11-18 03:05 -------- d-------- C:\Program Files\Common Files\l&h
2006-11-18 03:04 -------- d-------- C:\Program Files\microsoft.net
2006-11-18 02:48 -------- d-------- C:\Program Files\ea sports
2006-11-18 02:10 -------- d-------- C:\Documents and Settings\Javier\Application Data\slysoft
2006-11-18 02:05 -------- d-------- C:\Program Files\elaborate bytes
2006-11-18 01:57 -------- d-------- C:\Documents and Settings\Javier\Application Data\atitray
2006-11-18 01:44 -------- d-------- C:\Program Files\utorrent
2006-11-18 01:34 -------- d-------- C:\Documents and Settings\Javier\Application Data\mozilla
2006-11-18 01:30 -------- d-------- C:\Program Files\awc
2006-11-17 23:49 -------- d-------- C:\Program Files\quicktime
2006-11-17 23:48 -------- d-------- C:\Program Files\apple software update
2006-11-17 23:37 -------- d-------- C:\Documents and Settings\Javier\Application Data\apple computer
2006-11-17 05:41 -------- d-------- C:\Program Files\imgburn
2006-11-17 05:41 -------- d-------- C:\Documents and Settings\Javier\Application Data\imgburn
2006-11-17 05:39 -------- d-------- C:\Documents and Settings\Javier\Application Data\vlc
2006-11-17 05:38 -------- d-------- C:\Program Files\videolan
2006-11-17 04:58 -------- d-------- C:\Documents and Settings\Javier\Application Data\symantec
2006-11-17 04:55 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-11-17 04:40 -------- d-------- C:\Program Files\ati technologies
2006-11-17 04:27 -------- d-------- C:\Documents and Settings\Javier\Application Data\ati
2006-11-17 04:25 -------- d-------- C:\Program Files\Common Files\ati technologies
2006-11-17 03:46 -------- d-------- C:\Program Files\microsoft hardware
2006-11-17 03:12 -------- d-------- C:\Program Files\asus
2006-11-17 03:09 -------- d-------- C:\Program Files\realtek ac97
2006-11-17 03:08 -------- d-------- C:\Program Files\intel
2006-11-17 02:33 -------- d-------- C:\Program Files\messenger
2006-11-17 02:18 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2006-11-17 02:09 -------- d-------- C:\Documents and Settings\Javier\Application Data\identities
2006-11-17 02:03 0 -rahs---- C:\MSDOS.SYS
2006-11-17 02:03 0 -rahs---- C:\IO.SYS
2006-11-17 02:03 0 --a------ C:\CONFIG.SYS
2006-11-17 02:03 0 --a------ C:\AUTOEXEC.BAT
2006-11-17 02:03 -------- d-------- C:\Program Files\microsoft frontpage
2006-11-17 02:02 -------- d--h----- C:\Program Files\windowsupdate
2006-11-17 02:01 -------- d-------- C:\Program Files\movie maker
2006-11-17 02:01 -------- d-------- C:\Program Files\Common Files\mssoap
2006-11-17 02:00 -------- d-------- C:\Program Files\msn gaming zone
2006-11-17 01:59 -------- d-------- C:\Program Files\windows nt
2006-11-16 17:47 62 --ahs---- C:\Documents and Settings\Javier\Application Data\desktop.ini
2006-11-16 17:12 -------- d-------- C:\Program Files\Common Files\speechengines
2006-11-16 17:12 -------- d-------- C:\Program Files\Common Files\odbc
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 17:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 07:40 81920 --a------ C:\WINDOWS\system32\elbycdio.dll
2006-10-27 18:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 18:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 18:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 18:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 18:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 18:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 18:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 05:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 05:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 05:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 05:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 05:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 05:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 05:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 05:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 05:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 05:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 16:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 16:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 16:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 16:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 16:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 15:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 15:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 15:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 15:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 15:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 15:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 15:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Start WingMan Profiler"="\"C:\\Program Files\\Logitech\\Profiler\\lwemon.exe\" /noui"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"CmCardRun"="C:\\WINDOWS\\system32\\CmWatch.exe"
"POINTER"="point32.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"VirtualCloneDrive"="\"C:\\Program Files\\Elaborate Bytes\\VirtualCloneDrive\\VCDDaemon.exe\" /s"
"Ulead Quick-Drop"="\"C:\\Program Files\\Ulead Systems\\Ulead DVD MovieFactory 5 Plus\\Ulead DVD MovieFactory 5\\Quick-Drop.exe\" WINDOWCALL"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ASUS Probe"="C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hffsrv"="c:\\windows\\hffext\\hffsrv.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\FDCENT.SYS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\HideFilesAndFolders_S

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Javier.job

Completion time: 07-01-16 21:29:05


Report Offensive Follow Up For Removal


Response Number 6
Name: jabuck
Date: January 16, 2007 at 18:55:03 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

Now for some clean-up.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download and install AVG Anti-Spyware We will need this later in safe mode

Be sure to update AVG Anti- Spyware

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

In Safe Mode, run AVG Anti-spyware and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.

Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Post the AVG-AntiSpyware log please.


Report Offensive Follow Up For Removal

Response Number 7
Name: topo416
Date: January 17, 2007 at 18:56:29 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)


AVG Anti-Spyware - Scan Report


+ Created at: 8:15:51 PM 17/01/2007

+ Scan result:

C:\Program Files\DVDlabPro\DVDLabPro1.x.Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
K:\Computer programs\DVD lab pro\DVD-lab PRO v1.53 and DVD Menu Studio v1.1 - Incl. Patch and Keygen.rar/DVDLabPro1.x.Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
K:\Computer programs\DVD lab pro\DVDLabPro1.x.Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wp2yo1os.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wp2yo1os.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wp2yo1os.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
J:\WinXMedia.DVD.AVI.MP3.MP4.MPEGiPod\WOWclient.exe -> Trojan.Agent.wl : Cleaned.
K:\Computer programs\Windows AvitoDVD\3DSexVilla 2.017.001\3DSexVilla-017-001-AMD-hotfix.zip/3DSexVilla-017-001-start.exe -> Trojan.QQPass.ly : Cleaned.
K:\Computer programs\Windows AvitoDVD\3DSexVilla 2.017.001\Hentai II 3D 2.017.004\HentaII3D-017-004-AMD-hotfix.zip/HentaII3D-017.004-start.exe -> Trojan.QQPass.ly : Cleaned.


::Report end



Report Offensive Follow Up For Removal

Response Number 8
Name: jabuck
Date: January 17, 2007 at 19:20:34 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

Is the computer running better?

Download the latest version of http://java.sun.com/javase/downloads/index.jsp

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".

Click the "Download" button to the right.

Check the box that says: "Accept License Agreement". The page will refresh.

Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.

Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed

. Then from your desktop double-click on jre-1_6_0-windowsi586-p.exe to install the newest version.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, just do a google search for spywareblaster, download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report Offensive Follow Up For Removal

Response Number 9
Name: topo416
Date: January 18, 2007 at 19:50:55 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

thank you for your help

yes the computer seems to be running better. Just one question what would be the best protection for my computer Kaspersky or Norton and for firewall zone alarm or Norton's firewall. Any suggestions?


Report Offensive Follow Up For Removal

Response Number 10
Name: jabuck
Date: January 18, 2007 at 20:46:32 Pacific
Subject: Virus DOWNLOADER keeps coming bac
Reply: (edit)

I use AVG 7.5 fee for an antivirus, zonealarm free for a firewall and spyware blaster as an antispyware.

Glad we could help.


Report Offensive Follow Up For Removal






Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Virus DOWNLOADER keeps coming bac

Comments:
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Security patches from Microsoft

Problems with NR2003/Rfactor/LFS

Irql not less or equal

laptop to tv s video

bat progress bar not working correc

All Posts Awaiting Replies