VirtuMonde Suspected [Archive] - Safer-Networking Forums

View Full Version : VirtuMonde Suspected

navydog

2007-09-21, 05:09

I think that I have been infected. Below are the logs requested. (In two posts) Can anyone help?

I replaced skipped with skpnd object is locked with objlckd.

Thanks,
NavyDog

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, September 20, 2007 5:43:17 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 20/09/2007
Kaspersky Anti-Virus database records: 420994
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 77365
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 06:23:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{E119B691-7464-437C-B218-93A5C70738DF}.log objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFRC.tmp objlckd skp
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log objlckd skp
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat objlckd skp
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare objlckd skp
C:\Documents and Settings\All Users\Documents\3 day diet\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\3 day diet\Untitled-Scanned-09.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\3 day diet\Untitled-Scanned-10.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\aaaaaaaa..jpg objlckd skp
C:\Documents and Settings\All Users\Documents\aaaaaaaa..pdf objlckd skp
C:\Documents and Settings\All Users\Documents\desktop.ini objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\5x7\aaaaaaa.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\5x7\aaa.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\5x7\ssss.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\5x7\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\5x7\qqqqq.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\aaaa.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\xxxxx.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\qqqqq.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\wwwwww.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\qqqqq.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\ddddd.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\2-14-05\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Christmas2005\ssssss.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Digital Camera Card 24Nov04 to 08Jul05\IM000488.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Digital Camera Card 24Nov04 to 08Jul05\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Dixie stampede 2005\ssssss.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Dixie stampede 2005\ssssss.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Dixie stampede 2005\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\ssssss.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\gggggg.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\tttttt.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\wweeee.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\jjjjjjj.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\New Folder (2)\ddddd.JPG objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\New Folder (2)\sssss.JPG objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\New Folder (2)\gggggg.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\New Folder (2)\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\sdsds.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\ffffff.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Old Pictures from kkkkkk\lllll.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Old Pictures from kkkkkk\llllll.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Old Pictures from kkkkkk\llllll.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Old Pictures from kkkkkk\lllllll.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Old Pictures from kkkkkk\kllllll.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Old Pictures from kkkkkk\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Sea World 2005\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Sea World 2005\jjjjj.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\jjjjjj.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\jjjjjjj.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\Valentines2005.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\WalMart Photos\IM000620.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\WalMart Photos\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Family Photos\ooooooo.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute.htm objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\art_signature.gif objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\blank.gif objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\hd_guest_info.gif objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\hd_redemption.gif objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\hd_terms.gif objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\htth_voucher.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\txt_noadmission.gif objlckd skp
C:\Documents and Settings\All Users\Documents\Hero Salute_files\xt_GetBarCode.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\list.xls objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Love Songs\From Internet\06%20Message%20WMA%2006-25 - Jul 04, 2006 23.53.30.wma objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Love Songs\From Internet\06%20Message%20WMA%2006-25 - Jul 05, 2006 00.03.44.wma objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Love Songs\Musicmatch - It's Way Better With Plus!.mp3 objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Love Songs\Remember When.mp3 objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini objlckd skp
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini objlckd skp
C:\Documents and Settings\All Users\Documents\paytable2005-rev1.pdf objlckd skp
C:\Documents and Settings\All Users\Documents\Peggy Pictures\picture6.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\Peggy Pictures\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\pics of friends\Thumbs.db objlckd skp
C:\Documents and Settings\All Users\Documents\pics of friends\Untitled-Scanned-08.jpg objlckd skp
C:\Documents and Settings\All Users\Documents\PWD\PuppyOwnerApplication.doc objlckd skp
C:\Documents and Settings\All Users\Documents\Sermons\Rejection.wpd objlckd skp
C:\Documents and Settings\All Users\Documents\Thumbs.db objlckd skp
C:\Documents and Settings\LocalService\Cookies\index.dat objlckd skp
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat objlckd skp
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG objlckd skp
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat objlckd skp
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat objlckd skp
C:\Documents and Settings\LocalService\NTUSER.DAT objlckd skp
C:\Documents and Settings\LocalService\ntuser.dat.LOG objlckd skp
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat objlckd skp
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG objlckd skp
C:\Documents and Settings\NetworkService\NTUSER.DAT objlckd skp
C:\Documents and Settings\NetworkService\ntuser.dat.LOG objlckd skp
C:\Documents and Settings\mmmmmm\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt objlckd skp
C:\Documents and Settings\mmmmmm\Cookies\index.dat objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\History\History.IE5\index.dat objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temp\sqlite_he0Mxykvwe1LDd3 objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temp\sqlite_S4sioeHYIn2PGnJ objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temp\sqlite_S78a2Zk95aRvfzD objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temp\sqlite_w3RWa8vIFhMFI9G objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temp\sqlite_WijRkXay6QJ93j3 objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat objlckd skp
C:\Documents and Settings\mmmmmm\Local Settings\Temporary Internet Files\Content.IE5\index.dat objlckd skp
C:\Documents and Settings\mmmmmm\ntuser.dat objlckd skp
C:\Documents and Settings\mmmmmm\ntuser.dat.LOG objlckd skp
C:\Program Files\PC Tools AntiVirus\PCTAVService.txt objlckd skp
C:\Program Files\PC Tools AntiVirus\~ulo objlckd skp
C:\System Volume Information\MountPointManagerRemoteDatabase objlckd skp
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP559\change.log objlckd skp
C:\WINDOWS\Debug\PASSWD.LOG objlckd skp
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log objlckd skp
C:\WINDOWS\Sti_Trace.log objlckd skp
C:\WINDOWS\system32\CatRoot2\edb.log objlckd skp
C:\WINDOWS\system32\CatRoot2\tmp.edb objlckd skp
C:\WINDOWS\system32\config\AppEvent.Evt objlckd skp
C:\WINDOWS\system32\config\DEFAULT objlckd skp
C:\WINDOWS\system32\config\default.LOG objlckd skp
C:\WINDOWS\system32\config\Internet.evt objlckd skp
C:\WINDOWS\system32\config\ODiag.evt objlckd skp
C:\WINDOWS\system32\config\OSession.evt objlckd skp
C:\WINDOWS\system32\config\SAM objlckd skp
C:\WINDOWS\system32\config\SAM.LOG objlckd skp
C:\WINDOWS\system32\config\SecEvent.Evt objlckd skp
C:\WINDOWS\system32\config\SECURITY objlckd skp
C:\WINDOWS\system32\config\SECURITY.LOG objlckd skp
C:\WINDOWS\system32\config\SOFTWARE objlckd skp
C:\WINDOWS\system32\config\software.LOG objlckd skp
C:\WINDOWS\system32\config\SysEvent.Evt objlckd skp
C:\WINDOWS\system32\config\SYSTEM objlckd skp
C:\WINDOWS\system32\config\system.LOG objlckd skp
C:\WINDOWS\system32\empayi.dll Infected: Backdoor.Win32.Agent.bfd skp
C:\WINDOWS\system32\h323log.txt objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA objlckd skp
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP objlckd skp
C:\WINDOWS\Tasks\SCHEDLGU.TXT objlckd skp
C:\WINDOWS\Temp\mcmsc_dq0p7q7Z7ZHoym8 objlckd skp
C:\WINDOWS\Temp\mcmsc_G7EPDgIexoMxDul objlckd skp
C:\WINDOWS\Temp\mcmsc_lHzrccGHRjMzb0W objlckd skp
C:\WINDOWS\Temp\sqlite_fT4LBiYefZc7nUE objlckd skp
C:\WINDOWS\Temp\sqlite_lhAZVbtZbg1k9yD objlckd skp
C:\WINDOWS\wiadebug.log objlckd skp
C:\WINDOWS\wiaservc.log objlckd skp
C:\WINDOWS\WindowsUpdate.log objlckd skp

Scan process completed.

navydog

2007-09-21, 05:10

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:26 PM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Dell\QuickSet\quickset.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\program files\microsoft office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {44218730-94E0-4b24-BBF0-C3D8B2BCE2C3} - C:\WINDOWS\system32\tmp22.tmp.dll (file missing)
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell QuickSet] C:\PROGRA~1\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TempRemove] "C:\Program Files\Crystal Ball\CB Predictor\terminator.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\program files\microsoft office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: empayi - C:\WINDOWS\SYSTEM32\empayi.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10742 bytes

navydog

2007-09-23, 07:02

Thank you.