Results 1 to 4 of 4

Thread: PleaseHelp.... Vundo trojan...

  1. #1
    Junior Member
    Join Date
    Dec 2007
    Posts
    4

    Default PleaseHelp.... Vundo trojan...

    Here is the HJT log... I've been able to run the Spybot but this keeps coming back. Also, I'm not able to run the Kaspersky Scan. It locks up around the 75% complete mark.

    Thanks in advance. (I've been battling this for 3 weeks now)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:30:10 PM, on 12/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html?lid...mersComcastNet
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
    O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
    O4 - HKLM\..\Run: [mmtray2k] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
    O4 - HKLM\..\Run: [mmtraylsi] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [a074caae] rundll32.exe "C:\WINDOWS\system32\qxnxrsyt.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A3DB53C-DBE7-4B51-8EEB-E810F607BB3E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2CFBDC9-AE2B-409C-AFA9-BACFC2DA4EF8}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1A3DB53C-DBE7-4B51-8EEB-E810F607BB3E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10018 bytes

  2. #2
    Junior Member
    Join Date
    Dec 2007
    Posts
    4

    Default

    I also ran the Vundofix.eve on the computer...

    VundoFix V6.7.0

    Checking Java version...

    Java version is 1.4.2.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Scan started at 1:42:52 AM 12/2/2007

    Listing files found while scanning....

    C:\windows\system32\byxvuvt.dll
    C:\windows\system32\qomkhih.dll
    C:\WINDOWS\system32\vtustss.dll
    C:\windows\system32\yvkihaxb.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\byxvuvt.dll
    C:\windows\system32\byxvuvt.dll Has been deleted!

    Attempting to delete C:\windows\system32\qomkhih.dll
    C:\windows\system32\qomkhih.dll Has been deleted!

    Attempting to delete C:\windows\system32\yvkihaxb.dll
    C:\windows\system32\yvkihaxb.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

  3. #3
    Junior Member
    Join Date
    Dec 2007
    Posts
    4

    Default

    I also ran ComboFix on the system as well....


    ComboFix 07-12-02.5 - DEBORAH DEBORD 2007-12-02 2:16:17.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.405 [GMT -5:00]
    Running from: C:\Documents and Settings\DEBORAH DEBORD\Local Settings\Temporary Internet Files\Content.IE5\74WZDE3M\ComboFix[2].exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\DEBORAH DEBORD\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\DEBORAH DEBORD\iexplorer.exe
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Fonts\a.zip
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\system32\avfcjmjh.dll
    C:\WINDOWS\system32\awtsr.dll
    C:\WINDOWS\system32\cxdjxfiq.dll
    C:\WINDOWS\system32\gjtpgbru.ini
    C:\WINDOWS\system32\gkejtyqs.dll
    C:\WINDOWS\system32\gwpojsch.dll
    C:\WINDOWS\system32\hcsjopwg.ini
    C:\WINDOWS\system32\hjmjcfva.ini
    C:\WINDOWS\system32\ibytghsv.dll
    C:\WINDOWS\system32\ijllm.bak1
    C:\WINDOWS\system32\ijllm.ini
    C:\WINDOWS\system32\kbwstegt.ini
    C:\WINDOWS\system32\kjllm.ini
    C:\WINDOWS\system32\kjllm.ini2
    C:\WINDOWS\system32\ljjhggg.dll
    C:\WINDOWS\system32\nsu236.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\qxnxrsyt.dll
    C:\WINDOWS\system32\rjkpvlcx.dll
    C:\WINDOWS\system32\rstwa.bak1
    C:\WINDOWS\system32\rstwa.ini
    C:\WINDOWS\system32\rstwa.ini2
    C:\WINDOWS\system32\ssqopmn.dll
    C:\WINDOWS\system32\tgetswbk.dll
    C:\WINDOWS\system32\tysrxnxq.ini
    C:\WINDOWS\system32\urbgptjg.dll
    C:\WINDOWS\system32\urqpnmk.dll
    C:\WINDOWS\system32\wvuusrq.dll
    C:\WINDOWS\system32\xclvpkjr.ini
    C:\WINDOWS\system32\xxyawtr.dll
    C:\WINDOWS\system32\yayvtuu.dll
    C:\WINDOWS\Fonts\'

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
    .

    2007-12-02 02:07 . 2007-12-02 02:07 37,376 --a------ C:\WINDOWS\system32\khffddc.dll
    2007-12-02 01:42 . 2007-12-02 01:42 <DIR> d-------- C:\VundoFix Backups
    2007-12-01 15:01 . 2007-12-01 15:01 <DIR> d-------- C:\Program Files\Trend Micro
    2007-12-01 14:53 . 2007-12-01 14:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-01 14:53 . 2007-12-01 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-01 14:46 . 2007-12-01 16:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-01 12:50 . 2007-12-01 12:49 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2007-12-01 12:49 . 2007-12-01 12:50 <DIR> d-------- C:\Documents and Settings\DEBORAH DEBORD\.housecall6.6
    2007-12-01 02:04 . 2006-06-16 13:11 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2007-12-01 02:00 . 2006-02-09 21:05 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
    2007-12-01 01:49 . 2007-12-01 01:49 <DIR> d-------- C:\Program Files\Creative
    2007-12-01 01:12 . 2007-12-01 13:36 69 --a------ C:\WINDOWS\NeroDigital.ini
    2007-12-01 01:07 . 2007-12-01 01:07 37,376 --a------ C:\WINDOWS\system32\khfecyv.dll
    2007-12-01 01:00 . 2007-12-01 01:00 <DIR> d-------- C:\Documents and Settings\DEBORAH DEBORD\Application Data\Nero
    2007-12-01 00:50 . 2007-12-01 00:50 <DIR> d-------- C:\Program Files\Nero
    2007-12-01 00:50 . 2007-12-01 00:52 <DIR> d-------- C:\Program Files\Common Files\Nero
    2007-12-01 00:50 . 2007-12-01 00:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2007-11-30 20:13 . 2007-11-30 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-11-30 18:34 . 2007-11-30 18:34 37,376 --a------ C:\WINDOWS\system32\wvutrqp.dll
    2007-11-30 18:27 . 2007-11-30 18:28 <DIR> d-------- C:\Program Files\ACE Mega CoDecS Pack
    2007-11-30 18:27 . 2004-10-30 15:39 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-11-30 18:27 . 2004-05-25 16:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.cpl
    2007-11-30 18:27 . 2003-03-25 05:49 152,064 --a------ C:\WINDOWS\system32\unrar.dll
    2007-11-30 10:54 . 2007-12-01 02:16 778,781 --ahs---- C:\WINDOWS\system32\hejriyfu.ini
    2007-11-29 10:53 . 2007-11-30 10:54 794,582 --ahs---- C:\WINDOWS\system32\xagoewpg.ini
    2007-11-29 01:58 . 2007-11-29 01:58 37,376 --a------ C:\WINDOWS\system32\hgghfdc.dll
    2007-11-28 20:20 . 2007-11-28 20:20 37,376 --a------ C:\WINDOWS\system32\fccccaa.dll
    2007-11-28 10:47 . 2007-11-29 10:47 790,104 --ahs---- C:\WINDOWS\system32\kkitkvtt.ini
    2007-11-26 10:56 . 2007-11-26 10:56 780,968 --ahs---- C:\WINDOWS\system32\iccgjymq.ini
    2007-11-25 10:48 . 2007-11-26 10:48 780,908 --ahs---- C:\WINDOWS\system32\sxhdwyft.ini
    2007-11-25 05:02 . 2007-11-25 05:02 <DIR> d-------- C:\Program Files\TheSimsResource
    2007-11-24 16:53 . 2007-11-30 18:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
    2007-11-23 10:53 . 2007-11-24 05:00 900,614 --ahs---- C:\WINDOWS\system32\wiatfgdu.ini
    2007-11-22 10:53 . 2007-11-22 20:35 703,412 --ahs---- C:\WINDOWS\system32\kjeqvhih.ini
    2007-11-21 10:52 . 2007-11-22 10:52 790,651 --ahs---- C:\WINDOWS\system32\pyuuvtjk.ini
    2007-11-20 10:54 . 2007-11-20 21:56 702,588 --ahs---- C:\WINDOWS\system32\xbcdhufr.ini
    2007-11-19 10:52 . 2007-11-20 10:52 702,489 --ahs---- C:\WINDOWS\system32\wfpyldsx.ini
    2007-11-17 10:47 . 2007-11-17 23:31 677,956 --ahs---- C:\WINDOWS\system32\aqwcxoya.ini
    2007-11-16 08:50 . 2007-11-16 08:50 675,560 --ahs---- C:\WINDOWS\system32\wabqpmmv.ini
    2007-11-15 08:49 . 2007-11-16 08:49 675,500 --ahs---- C:\WINDOWS\system32\vjofkmaw.ini
    2007-11-14 16:50 . 2007-11-14 16:50 <DIR> d-------- C:\Documents and Settings\DEBORAH DEBORD\Application Data\Viewpoint
    2007-11-14 14:05 . 2007-11-14 14:05 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
    2007-11-11 23:47 . 2007-11-11 23:47 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2007-11-11 23:46 . 2007-11-11 23:46 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2007-11-11 23:45 . 2006-11-13 15:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2007-11-11 23:45 . 2007-04-02 22:13 21,632 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
    2007-11-11 23:43 . 2007-11-11 23:43 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
    2007-11-05 18:28 . 2007-11-05 18:29 <DIR> d-------- C:\Program Files\Xfire
    2007-11-05 18:28 . 2007-11-05 20:45 <DIR> d-------- C:\Documents and Settings\DEBORAH DEBORD\Application Data\Xfire
    2007-11-05 18:24 . 2007-11-05 18:24 <DIR> d-------- C:\WINDOWS\system32\Mz18r
    2007-11-04 14:56 . 2003-07-20 22:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
    2007-11-04 14:56 . 2005-01-04 13:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2007-11-04 14:01 . 2007-11-04 14:01 27 --a------ C:\WINDOWS\9DSetup.ini
    2007-11-04 13:18 . 2007-11-04 13:18 <DIR> d-------- C:\WINDOWS\system32\SolidStateNetworks
    2007-11-02 17:18 . 2007-11-02 17:18 <DIR> d-------- C:\Program Files\MSBuild
    2007-11-02 17:12 . 2007-11-11 23:51 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-11-02 17:11 . 2007-11-02 17:11 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-11-02 17:10 . 2006-06-29 12:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
    2007-11-02 17:08 . 2007-11-02 17:08 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-11-02 16:56 . 2006-11-13 01:02 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
    2007-11-02 16:56 . 2006-11-13 01:02 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
    2007-11-02 16:56 . 2006-11-13 01:02 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
    2007-11-02 15:15 . 2007-11-05 18:25 82 --a------ C:\n.bat

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-02 07:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-01 19:35 --------- d-----w C:\Program Files\Dl_cats
    2007-12-01 06:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-01 06:59 --------- d-----w C:\Program Files\ATI Technologies
    2007-12-01 06:47 --------- d-----w C:\Program Files\Roxio
    2007-11-25 02:57 --------- d-----w C:\Documents and Settings\DEBORAH DEBORD\Application Data\U3
    2007-11-21 22:16 --------- d-----w C:\Program Files\McAfee
    2007-11-21 05:46 3,558 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-11-16 23:57 --------- d-----w C:\Program Files\Macromedia
    2007-11-16 23:55 --------- d-----w C:\Program Files\Common Files\Macromedia
    2007-11-14 17:58 --------- d-----w C:\Documents and Settings\DEBORAH DEBORD\Application Data\SiteAdvisor
    2007-11-08 00:09 --------- d-----w C:\Program Files\EA GAMES
    2007-11-01 18:34 --------- d-----w C:\Program Files\J. A. Associates
    2007-11-01 02:35 --------- d-----w C:\Documents and Settings\DEBORAH DEBORD\Application Data\DeepBurner
    2007-11-01 02:34 --------- d-----w C:\Program Files\Astonsoft
    2007-11-01 00:31 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-01 00:31 --------- d--h--r C:\Documents and Settings\DEBORAH DEBORD\Application Data\SecuROM
    2007-11-01 00:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
    2007-10-31 18:36 --------- d-----w C:\Documents and Settings\DEBORAH DEBORD\Application Data\muvee Technologies
    2007-10-31 17:01 --------- d-----w C:\Program Files\muvee Technologies
    2007-10-31 17:01 --------- d-----w C:\Program Files\Common Files\muvee Technologies
    2007-10-31 16:57 --------- d-----w C:\Documents and Settings\DEBORAH DEBORD\Application Data\InstallShield
    2007-10-31 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
    2007-10-31 15:56 --------- d-----w C:\Program Files\Viewpoint
    2007-10-31 15:56 --------- d-----w C:\Program Files\AIM6
    2007-10-31 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-10-31 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-10-31 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-10-30 21:29 --------- d-----w C:\Program Files\Java
    2007-10-30 21:25 --------- d-----w C:\Program Files\Common Files\aolshare
    2007-10-30 21:21 --------- d-----w C:\Program Files\Google
    2007-10-30 21:21 --------- d-----w C:\Program Files\Common Files\AOL
    2007-10-30 21:20 --------- d-----w C:\Program Files\Acoustica Mixcraft
    2007-10-27 14:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-23 19:20 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-10-22 13:51 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2007-09-30 05:09 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2007-09-20 13:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{640692F9-1882-41C5-ACFF-48F94CAA248D}]
    C:\WINDOWS\system32\mlljk.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC730A29-A729-452E-AD8C-ADAA17E20C10}]
    C:\WINDOWS\system32\mllji.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe" [2005-05-09 18:16]
    "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
    "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-23 14:18]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 21:05]
    "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 17:30]
    "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 21:39]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 12:55]
    "MMTray"="C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe" [2003-03-25 05:49]
    "mmtray2k"="C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe" [2003-03-25 05:49]
    "mmtraylsi"="C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe" [2003-03-25 05:49]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
    "CTSVolFE"="C:\Program Files\Creative\Mixer\CTSVolFE.exe" [2005-02-23 15:57]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 17:20 C:\WINDOWS\stsystra.exe]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtustss]
    vtustss.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R1 vcdrom;Virtual CD-ROM Device Driver;\??\C:\Documents and Settings\DEBORAH DEBORD\My Documents\1\VCdRom.sys
    R2 FreezeScreenSaver;FreezeScreenSaver;C:\WINDOWS\system32\FreezeScreenSaver.exe
    R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
    S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\639563.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
    \Shell\AutoRun\command - Z:\Setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01498717-6c5e-11dc-b8eb-00038a000015}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-02 02:26:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-02 2:28:11 - machine was rebooted
    .
    --- E O F ---

  4. #4
    Junior Member
    Join Date
    Dec 2007
    Posts
    4

    Default

    The new HJT log after the above 2 programs were run...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:32:10 AM, on 12/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\FreezeScreenSaver.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\SiteAdvisor\6172\SAService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
    C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
    C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
    C:\Program Files\Creative\Mixer\CTSVolFE.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\MySpace\IM\MySpaceIM.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\program files\mcafee\msc\mcuimgr.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html?lid...mersComcastNet
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {640692F9-1882-41C5-ACFF-48F94CAA248D} - C:\WINDOWS\system32\mlljk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {BC730A29-A729-452E-AD8C-ADAA17E20C10} - C:\WINDOWS\system32\mllji.dll (file missing)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll (file missing)
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
    O4 - HKLM\..\Run: [mmtray2k] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
    O4 - HKLM\..\Run: [mmtraylsi] "C:\Program Files\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [CTSVolFE] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
    O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A3DB53C-DBE7-4B51-8EEB-E810F607BB3E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2CFBDC9-AE2B-409C-AFA9-BACFC2DA4EF8}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{1A3DB53C-DBE7-4B51-8EEB-E810F607BB3E}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - Winlogon Notify: vtustss - vtustss.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 12349 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •