Javageddon
2008-09-14, 17:53
Hi,
I have managed to remove virtumonde from my clients laptop with AVG but am still not able to browse to AntiVirus websites or Windows update, just get the standard 'cannot display website' message. Also get popups to entice the user to download other stuff.
SpyBot, AVG and AdAware do not report any problems! :sad:
Thanks in advance for your help!
P.S. the McAfee Pro that was installed prior to AVG didn't spot that there were any problems!!!!!!
Here is the HJT log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:46, on 14/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\WLKeeper.exe
C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe
C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\GCardSrvNT.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\GCardSrv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\WINDOWS\\system32\\oodag.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatch9.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
C:\\Program Files\\Spyware Terminator\\sp_rsser.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\OEM02Mon.exe
C:\\WINDOWS\\stsystra.exe
C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe
C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe
C:\\Program Files\\Dell\\QuickSet\\quickset.exe
C:\\WINDOWS\\system32\\KADxMain.exe
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe
C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe
C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe
C:\\WINDOWS\\system32\\oodtray.exe
C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe
C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\RegTool.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe
C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe
C:\\Program Files\\Digital Line Detect\\DLG.exe
C:\\Program Files\\Lexmark X125\\LEX125SU.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe
C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\PROGRA~1\\AVG\\AVG8\\aAvgApi.exe
C:\\Documents and Settings\\alan@\\Desktop\\HiJackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=5080127
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: (no name) - {3F08E245-2364-4432-A521-2E778DCA9C80} - (no file)
O2 - BHO: {b440303d-b776-784a-6ff4-309f0c9c4707} - {7074c9c0-f903-4ff6-a487-677bd303044b} - C:\\WINDOWS\\system32\\beejxi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\\Program Files\\ZoneAlarmSB\\bar\\1.bin\\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\\Program Files\\ZoneAlarmSB\\bar\\1.bin\\SPYBLOCK.DLL
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [OEM02Mon.exe] C:\\WINDOWS\\OEM02Mon.exe
O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\\..\\Run: [IntelZeroConfig] \"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"
O4 - HKLM\\..\\Run: [IntelWireless] \"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless
O4 - HKLM\\..\\Run: [DELL Webcam Manager] \"C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe\" /s
O4 - HKLM\\..\\Run: [Dell QuickSet] C:\\Program Files\\Dell\\QuickSet\\quickset.exe
O4 - HKLM\\..\\Run: [KADxMain] C:\\WINDOWS\\system32\\KADxMain.exe
O4 - HKLM\\..\\Run: [ISUSPM Startup] C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup
O4 - HKLM\\..\\Run: [ISUSScheduler] \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start
O4 - HKLM\\..\\Run: [RoxWatchTray] \"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\"
O4 - HKLM\\..\\Run: [RoxioDragToDisc] \"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\"
O4 - HKLM\\..\\Run: [dscactivate] \"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\"
O4 - HKLM\\..\\Run: [PCMService] \"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\"
O4 - HKLM\\..\\Run: [OODefragTray] C:\\WINDOWS\\system32\\oodtray.exe
O4 - HKLM\\..\\Run: [LMPDPSRV] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [DellSupportCenter] \"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter
O4 - HKLM\\..\\Run: [RegTool] C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\RegTool.exe
O4 - HKLM\\..\\Run: [gemstrmw] C:\\WINDOWS\\system32\\gemstrmw.exe /r
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe
O4 - HKLM\\..\\Run: [ZoneAlarm Client] \"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"
O4 - HKCU\\..\\Run: [DellSupportCenter] \"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\\Program Files\\Digital Line Detect\\DLG.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\\Program Files\\Lexmark X125\\LEX125SU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\nwprovau.dll
O12 - Plugin for .csd: C:\\Program Files\\Gemplus\\GemSafe eSigner\\plugin\\Npcsig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202985884625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202986058171
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - AppInit_DLLs: beejxi.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
O23 - Service: GemSAFE Card Server - Gemplus - C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\GCardSrvNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\\WINDOWS\\system32\\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\\Program Files\\Spyware Terminator\\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\\Program Files\\Common Files\\SureThing Shared\\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\WLKeeper.exe
--
End of file - 10860 bytes
I have managed to remove virtumonde from my clients laptop with AVG but am still not able to browse to AntiVirus websites or Windows update, just get the standard 'cannot display website' message. Also get popups to entice the user to download other stuff.
SpyBot, AVG and AdAware do not report any problems! :sad:
Thanks in advance for your help!
P.S. the McAfee Pro that was installed prior to AVG didn't spot that there were any problems!!!!!!
Here is the HJT log....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:24:46, on 14/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\WLKeeper.exe
C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe
C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\GCardSrvNT.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE
C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\GCardSrv.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\WINDOWS\\system32\\oodag.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatch9.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
C:\\Program Files\\Spyware Terminator\\sp_rsser.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\WINDOWS\\system32\\igfxpers.exe
C:\\WINDOWS\\OEM02Mon.exe
C:\\WINDOWS\\stsystra.exe
C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe
C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe
C:\\Program Files\\Dell\\QuickSet\\quickset.exe
C:\\WINDOWS\\system32\\KADxMain.exe
C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe
C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe
C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe
C:\\WINDOWS\\system32\\oodtray.exe
C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe
C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\RegTool.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe
C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe
C:\\WINDOWS\\system32\\igfxsrvc.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTTray.exe
C:\\Program Files\\Digital Line Detect\\DLG.exe
C:\\Program Files\\Lexmark X125\\LEX125SU.exe
C:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe
C:\\PROGRA~1\\WIDCOMM\\BLUETO~1\\BTSTAC~1.EXE
C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\CPSHelpRunner.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\PROGRA~1\\AVG\\AVG8\\aAvgApi.exe
C:\\Documents and Settings\\alan@\\Desktop\\HiJackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_uk?hl=en&client=dell-usuk&channel=uk-smb&ibd=5080127
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\\Program Files\\AVG\\AVG8\\avgssie.dll
O2 - BHO: (no name) - {3F08E245-2364-4432-A521-2E778DCA9C80} - (no file)
O2 - BHO: {b440303d-b776-784a-6ff4-309f0c9c4707} - {7074c9c0-f903-4ff6-a487-677bd303044b} - C:\\WINDOWS\\system32\\beejxi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\\Program Files\\ZoneAlarmSB\\bar\\1.bin\\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\\PROGRA~1\\AVG\\AVG8\\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\\Program Files\\ZoneAlarmSB\\bar\\1.bin\\SPYBLOCK.DLL
O4 - HKLM\\..\\Run: [SynTPEnh] C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe
O4 - HKLM\\..\\Run: [IgfxTray] C:\\WINDOWS\\system32\\igfxtray.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [Persistence] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [OEM02Mon.exe] C:\\WINDOWS\\OEM02Mon.exe
O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\\..\\Run: [IntelZeroConfig] \"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"
O4 - HKLM\\..\\Run: [IntelWireless] \"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless
O4 - HKLM\\..\\Run: [DELL Webcam Manager] \"C:\\Program Files\\Dell\\Dell Webcam Manager\\DellWMgr.exe\" /s
O4 - HKLM\\..\\Run: [Dell QuickSet] C:\\Program Files\\Dell\\QuickSet\\quickset.exe
O4 - HKLM\\..\\Run: [KADxMain] C:\\WINDOWS\\system32\\KADxMain.exe
O4 - HKLM\\..\\Run: [ISUSPM Startup] C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup
O4 - HKLM\\..\\Run: [ISUSScheduler] \"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start
O4 - HKLM\\..\\Run: [RoxWatchTray] \"C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\"
O4 - HKLM\\..\\Run: [RoxioDragToDisc] \"C:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe\"
O4 - HKLM\\..\\Run: [dscactivate] \"C:\\Program Files\\Dell Support Center\\gs_agent\\custom\\dsca.exe\"
O4 - HKLM\\..\\Run: [PCMService] \"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe\"
O4 - HKLM\\..\\Run: [OODefragTray] C:\\WINDOWS\\system32\\oodtray.exe
O4 - HKLM\\..\\Run: [LMPDPSRV] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] \"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
O4 - HKLM\\..\\Run: [TkBellExe] \"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot
O4 - HKLM\\..\\Run: [DellSupportCenter] \"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter
O4 - HKLM\\..\\Run: [RegTool] C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\RegTool.exe
O4 - HKLM\\..\\Run: [gemstrmw] C:\\WINDOWS\\system32\\gemstrmw.exe /r
O4 - HKLM\\..\\Run: [AVG8_TRAY] C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe
O4 - HKLM\\..\\Run: [ZoneAlarm Client] \"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"
O4 - HKCU\\..\\Run: [DellSupportCenter] \"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [MSMSGS] \"C:\\Program Files\\Messenger\\msmsgs.exe\" /background
O4 - HKUS\\S-1-5-18\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [CTFMON.EXE] C:\\WINDOWS\\system32\\CTFMON.EXE (User \'Default user\')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\\Program Files\\Digital Line Detect\\DLG.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\\Program Files\\Lexmark X125\\LEX125SU.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\OFFICE11\\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_05\\bin\\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\\windows\\system32\\nwprovau.dll
O12 - Plugin for .csd: C:\\Program Files\\Gemplus\\GemSafe eSigner\\plugin\\Npcsig.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202985884625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202986058171
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\\Program Files\\AVG\\AVG8\\avgpp.dll
O20 - AppInit_DLLs: beejxi.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe
O23 - Service: GemSAFE Card Server - Gemplus - C:\\Program Files\\Gemplus\\GemSafe Libraries\\BIN\\GCardSrvNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\1050\\Intel 32\\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\\WINDOWS\\system32\\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\\Program Files\\Common Files\\Roxio Shared\\9.0\\SharedCOM\\RoxWatch9.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\\Program Files\\Spyware Terminator\\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\\Program Files\\Common Files\\SureThing Shared\\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\\Program Files\\Intel\\Wireless\\Bin\\WLKeeper.exe
--
End of file - 10860 bytes