Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: HELP Mislead.app

  1. #1
    Junior Member
    Join Date
    May 2008
    Posts
    9

    Default HELP Mislead.app

    Hey, norton keeps popping up saying that my computer is infected with mislead.app virus. I cannot delete it. Its infected the file
    C:\WINDOWS\system32\hgGaYSiI.dll
    My Hijackthis log file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:30:27 PM, on 5/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    F:\IDM\Internet Download Manager\IDMan.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    F:\IDM\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\explorer.exe
    F:\HIJAK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\IDM\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1C218BC1-B339-40DF-8346-792D2DBAFFB5} - C:\WINDOWS\system32\hgGaYSiI.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Daemon\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IDMan] F:\IDM\Internet Download Manager\IDMan.exe /onboot
    O4 - Startup: AccessRunner DSL.lnk = ?
    O4 - Startup: Stardock ObjectDock.lnk = E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = E:\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Download all links with IDM - F:\IDM\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - F:\IDM\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - F:\IDM\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ssn\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D47B126-95DF-4B89-A432-FF7A0DC85473}: NameServer = 203.115.0.46 203.115.0.47
    O20 - Winlogon Notify: hgGaYSiI - C:\WINDOWS\SYSTEM32\hgGaYSiI.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

    --
    End of file - 7589 bytes




    MY COMBOFIX LOG


    ComboFix 08-05-07.1 - ssn 2008-05-09 20:09:42.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.129 [GMT 5.5:30]
    Running from: C:\Documents and Settings\ssn\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\codmnrrx.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pmnliICu.dll
    C:\WINDOWS\system32\uCIilnmp.ini
    C:\WINDOWS\system32\uCIilnmp.ini2
    C:\WINDOWS\system32\UpMedia
    C:\WINDOWS\system32\wdcpvuhu.dll
    C:\WINDOWS\system32\wpcap.dll
    C:\WINDOWS\system32\xrrnmdoc.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
    .

    2008-05-09 09:16 . 2008-05-09 09:16 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-05-09 09:16 . 2008-05-09 20:09 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
    2008-05-09 09:11 . 2008-05-09 09:20 3,954 --a------ C:\WINDOWS\system32\tmp.reg
    2008-05-09 08:07 . 2008-05-09 14:07 109,825 --a------ C:\WINDOWS\BMb78d4c23.xml
    2008-05-08 17:44 . 2008-05-08 17:44 44,032 --a------ C:\WINDOWS\system32\hgGaYSiI.dll
    2008-05-08 13:35 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
    2008-05-08 13:34 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
    2008-05-08 13:34 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
    2008-05-08 13:34 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
    2008-05-08 13:34 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
    2008-05-08 13:34 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
    2008-05-08 13:34 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
    2008-05-08 13:34 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
    2008-05-08 13:34 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
    2008-05-08 10:51 . 2008-05-08 10:54 1,681 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-05-06 20:01 . 2008-05-06 20:18 <DIR> d-------- C:\TimHO_Rec
    2008-05-06 19:57 . 2008-05-06 19:57 <DIR> d-------- C:\Program Files\TimHillOne
    2008-05-06 19:52 . 2008-05-06 19:52 <DIR> d-------- C:\WINDOWS\MyInstall
    2008-05-06 19:52 . 2005-01-31 09:30 286,720 -ra------ C:\WINDOWS\878RMT.exe
    2008-05-06 19:52 . 2005-01-31 09:30 122,880 -ra------ C:\WINDOWS\878RMTMon.exe
    2008-05-06 19:51 . 2008-05-06 19:51 <DIR> d-------- C:\Program Files\honestech
    2008-05-06 19:51 . 2001-05-16 16:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
    2008-05-06 19:51 . 2005-01-28 09:30 9,216 -ra------ C:\WINDOWS\system32\drivers\BtTuner.sys
    2008-05-06 19:50 . 2005-01-28 09:30 196,736 -ra------ C:\WINDOWS\system32\drivers\Bt878.sys
    2008-05-06 19:50 . 2005-01-28 09:30 8,448 -ra------ C:\WINDOWS\system32\drivers\BtXbar.sys
    2008-05-03 18:41 . 2008-05-03 18:41 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2008-05-01 13:48 . 2008-05-01 13:50 131,584 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
    2008-04-28 09:50 . 1999-12-17 08:13 86,016 --a------ C:\WINDOWS\unvise32.exe
    2008-04-27 11:23 . 2008-04-27 11:23 <DIR> d-------- C:\Program Files\ZyDAS Technology Corporation
    2008-04-25 14:27 . 2008-04-25 15:53 292 --a------ C:\WINDOWS\system\cmicnfg.ini
    2008-04-25 14:06 . 2008-04-25 16:02 <DIR> d-------- C:\Documents and Settings\ssn\Application Data\IDM
    2008-04-09 20:26 . 2008-04-09 20:40 <DIR> d-------- C:\Program Files\Windows Live Safety Center

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-09 14:54 --------- d-----w C:\Documents and Settings\ssn\Application Data\Skype
    2008-05-09 14:53 --------- d-----w C:\Documents and Settings\ssn\Application Data\DMCache
    2008-05-09 04:28 --------- d-----w C:\Program Files\NavNT
    2008-05-09 04:04 --------- d-----w C:\Program Files\Mixed In Key
    2008-05-08 11:20 --------- d-----w C:\Documents and Settings\ssn\Application Data\uTorrent
    2008-05-08 05:24 41,622 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
    2008-05-06 14:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-02 04:26 --------- d-----w C:\Program Files\Java
    2008-04-19 06:42 83,776 ----a-w C:\Documents and Settings\ssn\Application Data\GDIPFONTCACHEV1.DAT
    2008-04-08 16:39 --------- d-----w C:\Program Files\Xara
    2008-04-08 16:39 --------- d-----w C:\Documents and Settings\ssn\Application Data\Xara
    2008-04-08 08:30 --------- d-----w C:\Program Files\Creative
    2008-04-05 11:55 --------- d-----w C:\Documents and Settings\ssn\Application Data\Apple Computer
    2008-04-05 09:40 --------- d-----w C:\Program Files\Safari
    2008-04-05 09:21 --------- d-----w C:\Program Files\iTunes
    2008-04-05 09:21 --------- d-----w C:\Program Files\iPod
    2008-04-05 09:17 --------- d-----w C:\Program Files\QuickTime
    2008-04-04 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Protexis
    2008-03-26 04:25 --------- d-----w C:\Program Files\Google
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-18 16:42 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-03-18 16:42 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
    2008-03-18 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
    2008-03-18 16:39 --------- d-----w C:\Program Files\Avanquest update
    2008-03-18 16:37 --------- d-----w C:\Program Files\Common Files\Motorola Shared
    2008-03-18 16:36 --------- d-----w C:\Documents and Settings\ssn\Application Data\InstallShield
    2008-03-18 15:08 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-03-18 15:08 --------- d-----w C:\Documents and Settings\ssn\Application Data\NCH Swift Sound
    2008-03-15 14:16 --------- d-----w C:\Program Files\Common Files\Macromedia
    2008-03-15 03:36 --------- d-----w C:\Program Files\Common Files\Nikon
    2008-03-14 08:06 --------- d-----w C:\Documents and Settings\ssn\Application Data\Metacafe
    2008-03-11 14:49 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
    2008-03-01 13:06 1,342,464 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-01-24 16:51 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    2008-01-03 17:09 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ------- Sigcheck -------

    2007-08-22 18:25 665600 a1bc17eb3758d73c3938b2318820f5b4 C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
    2007-10-11 11:27 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
    2007-10-11 05:17 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    2007-12-07 07:31 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    2008-03-01 18:33 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    2004-08-04 04:26 1134080 0657a5b234a9abb3f0b63e2f422220b5 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
    2007-08-22 18:42 658944 1901ad51da8be9f8b38d5d526e5d1788 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
    2007-10-11 11:43 659456 2005ad86a22aee68e21ee59f9ccb77f2 C:\WINDOWS\ie7\wininet.dll
    2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
    2007-10-11 05:26 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
    2007-12-07 07:51 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
    2007-10-11 05:26 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
    2007-10-11 05:17 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
    2008-03-01 18:36 1342464 59b89ba2f45e745518f40fdefa2217fc C:\WINDOWS\system32\wininet.dll
    2008-03-01 18:36 1342464 59b89ba2f45e745518f40fdefa2217fc C:\WINDOWS\system32\dllcache\wininet.dll

    2007-06-13 15:53 1881600 3602561a003bca1da12af0ddcc572269 C:\WINDOWS\explorer.exe
    2007-06-13 16:56 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-04 04:26 3194368 5ef48912206ff9225ba9cb3d26917db1 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 15:53 1881600 3602561a003bca1da12af0ddcc572269 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C218BC1-B339-40DF-8346-792D2DBAFFB5}]
    2008-05-08 17:44 44032 --a------ C:\WINDOWS\system32\hgGaYSiI.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-06 18:53 20034600]
    "IDMan"="F:\IDM\Internet Download Manager\IDMan.exe" [2008-04-25 14:07 2586032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-11-01 01:29 73728]
    "CnxDslTaskBar"="C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe" [2005-10-30 23:34 462848]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55 6731312]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "BigDog303"="C:\WINDOWS\VM303_STI.exe" [2005-10-25 12:56 61440]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-14 20:27 185632]
    "DAEMON Tools-1033"="F:\Daemon\daemon.exe" [2004-08-22 17:05 81920]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
    "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "Cmaudio"="cmicnfg.cpl" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoft Updates"="svehost.exe" []

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-04-27 11:23:15 475136]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{1C218BC1-B339-40DF-8346-792D2DBAFFB5}"= C:\WINDOWS\system32\hgGaYSiI.dll [2008-05-08 17:44 44032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGaYSiI]
    hgGaYSiI.dll 2008-05-08 17:44 44032 C:\WINDOWS\system32\hgGaYSiI.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "F:\\limewire\\LimeWire.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "F:\\Ares\\Ares.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "F:\\Opera\\Opera.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\TimHillOne\\H264WebCamPro\\H264WebCamPro.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R2 878TVCard;Bt878 TV Card - Video Capture;C:\WINDOWS\system32\drivers\Bt878.sys [2005-01-28 09:30]
    R2 878TVTuner;Bt878 TV Card - TV Tuner;C:\WINDOWS\system32\drivers\BtTuner.sys [2005-01-28 09:30]
    R2 878Xbar;Bt878 TV Card - Crossbar;C:\WINDOWS\system32\drivers\BtXbar.sys [2005-01-28 09:30]
    R2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2006-04-01 15:03]
    R3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\BRGSp50.sys [2005-06-09 08:14]
    R3 CnxEtP;Prolink H9600 USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2005-10-30 23:34]
    R3 CnxEtU;Prolink H9600 USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2005-10-30 23:34]
    R3 CnxTgN;Prolink H9600 USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2005-10-30 23:34]
    R3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 05:44]
    S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2006-04-01 15:03]
    S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2006-04-01 15:03]
    S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2006-04-01 15:03]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 05:44]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - K:\RunCD.exe /auto

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23ca9bad-8af4-11dc-b2d5-000b6a997f17}]
    \Shell\AutoRun\command - fun.exe
    \Shell\explore\Command - fun.exe
    \Shell\open\Command - fun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42c88304-8a55-11dc-b2d3-000b6a997f17}]
    \Shell\AutoRun\command - ntde1ect.com
    \Shell\explore\Command - ntde1ect.com
    \Shell\open\Command - ntde1ect.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c20037fb-a92e-11dc-a5b6-000b6a997f17}]
    \Shell\AutoRun\command - MntDrCore.exe
    \Shell\Open\command - MntDrCore.exe
    \Shell\Open With...\command - MntDrCore.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e73328d4-8f3e-11dc-a575-000e8e0b109d}]
    \Shell\AutoRun\command - fun.exe
    \Shell\explore\Command - fun.exe
    \Shell\open\Command - fun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6b839e8-ce63-11dc-a614-000e8e0b109d}]
    \Shell\AutoRun\command - MntDrCore.exe
    \Shell\Open\command - MntDrCore.exe
    \Shell\Open With...\command - MntDrCore.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-03 06:59:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-09 20:20:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\hgGaYSiI.dll
    -> C:\WINDOWS\system32\NavLogon.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> E:\Vista Inspirat\ObjectDock\DockShellHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\system32\MSGSYS.EXE
    E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    E:\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    F:\IDM\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Completion time: 2008-05-09 20:28:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-05-09 14:58:01

    Pre-Run: 1,065,889,792 bytes free
    Post-Run: 2,474,782,720 bytes free

    251 --- E O F --- 2008-04-09 21:34:05


    THANKS FOR ANY HELP YOU CAN OFFER,
    NUWAN

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    1) Read the directions posted above and pinned to the top of the forum.
    http://forums.spybot.info/showthread.php?t=16806 <<< read this information

    2) You are still infected with Vundo but that is not the worse of your problems, this is:
    O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
    http://www.bleepingcomputer.com/star....EXE-6495.html
    http://www.trendmicro.com/vinfo/viru...=WORM_SPYBOT.H
    Log keystrokes
    Steal cached passwords

    Perform denial of service (DoS) attacks against other hosts
    List and terminate running applications
    Download, modify and execute files
    Create directories
    Retrieve system information
    Scan ports
    Control the CD-Rom tray

    You're infected, one or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    http://www.dslreports.com/faq/10451
    When Should I Format, How Should I Reinstall
    http://www.dslreports.com/faq/10063

    Let me know how you wish to proceed.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Junior Member
    Join Date
    May 2008
    Posts
    9

    Default

    OK....What do you recommend????

  4. #4
    Junior Member
    Join Date
    May 2008
    Posts
    9

    Default

    What software do i need to remove them???

  5. #5
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Thanks for responding, I can not make your decisions for you. I can say if it were my computer, since I do online purchases, bill pay, etc. I would have to reformat.

    You would start like this:

    Download SDFix and save it to your Desktop
    http://downloads.andymanchesta.com/R...ools/SDFix.exe

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    Restart your computer
    After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    Instead of Windows loading as normal, the Advanced Options Menu should appear;
    Select the first option, to run Windows in Safe Mode, then press Enter.
    Choose your usual account.
    Open the extracted SDFix folder and double click RunThis.bat to start the script.
    Type Y to begin the cleanup process.
    It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    Press any Key and it will restart the PC.
    When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    Finally post the contents of the Report.txt back on the forum with a new HijackThis log

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  6. #6
    Junior Member
    Join Date
    May 2008
    Posts
    9

    Default

    I Installed Kaspersky instead of norton...
    and Installed Uniblues Spyeraser, Registrybooster.... and got rid of the Mislead virus i guess...


    What else can I do to remove the SVHOST other than reformatting???

    Thanks

  7. #7
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Be very careful, you said: SVHOST

    the VALID Windows file is: svchost.exe

    the infected file is: svehost.exe

    What else can I do to remove the SVHOST other than reformatting???
    I posted the instructions for starting removal of the malware at 06:30 AM EST, over an hour before your recent post?

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  8. #8
    Junior Member
    Join Date
    May 2008
    Posts
    9

    Default

    HIJAK LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:26:02 AM, on 5/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    F:\Spybot - Search & Destroy\TeaTimer.exe
    F:\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    F:\SpeedUpMyPC 3\SpeedUpMyPC.exe
    F:\SpyEraser\SpyEraser.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    E:\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    F:\IDM\Internet Download Manager\IEMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    F:\HIJAK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\IDM\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1C218BC1-B339-40DF-8346-792D2DBAFFB5} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {3AC1A78F-5EA9-41B2-BBB4-9E35728A9327} - (no file)
    O2 - BHO: (no name) - {47E301E3-41F0-4153-B12E-7131DC5E1AA7} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {98DEE815-17A0-45A1-854C-947B173BA1AC} - (no file)
    O2 - BHO: (no name) - {ED57E1CD-B626-4B0C-AB83-A7C822C99169} - (no file)
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Daemon\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IDMan] F:\IDM\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "F:\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: AccessRunner DSL.lnk = ?
    O4 - Startup: Stardock ObjectDock.lnk = E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = E:\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Download all links with IDM - F:\IDM\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - F:\IDM\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - F:\IDM\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ssn\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D47B126-95DF-4B89-A432-FF7A0DC85473}: NameServer = 203.115.0.46 203.115.0.47
    O20 - Winlogon Notify: hgGaYSiI - hgGaYSiI.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 8731 bytes


    SDfix REPORT


    SDFix: Version 1.181
    Run by ssn on Sun 05/11/2008 at 08:15 AM

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-11 08:27:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
    "khjeh"=hex:20,02,00,00,e5,74,38,5c,e6,c0,73,8b,5d,26,55,88,4e,3c,40,dc,b0,..
    "hj34z0"=hex:6a,fc,1c,dd,e2,7a,43,fc,18,60,57,a8,21,8b,b3,bb,f7,7c,63,33,b9,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
    "khjeh"=hex:20,02,00,00,e5,74,38,5c,42,01,4d,be,5d,26,55,88,47,3c,40,dc,b0,..
    "hj34z0"=hex:63,fc,1c,dd,e2,7a,43,fc,18,60,57,a8,21,8b,b3,bb,f7,7c,63,33,ad,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42]
    "khjeh"=hex:20,02,00,00,e5,74,38,5c,3d,7c,3a,75,5d,26,55,88,47,3c,40,dc,b0,..
    "hj34z0"=hex:63,fc,1c,dd,e2,7a,43,fc,18,60,57,a8,21,8b,b3,bb,f7,7c,63,33,a6,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
    "F:\\limewire\\LimeWire.exe"="F:\\limewire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "F:\\Ares\\Ares.exe"="F:\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "F:\\Opera\\Opera.exe"="F:\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\TimHillOne\\H264WebCamPro\\H264WebCamPro.exe"="C:\\Program Files\\TimHillOne\\H264WebCamPro\\H264WebCamPro.exe:*:Enabled:H264WebCam Surveillance System"
    "C:\\Documents and Settings\\ssn\\My Documents\\Downloads\\Programs\\Norton_Removal_Tool\\SymNRT.exe"="C:\\Documents and Settings\\ssn\\My Documents\\Downloads\\Programs\\Norton_Removal_Tool\\SymNRT.exe:*:Enabled:Symantec Removal Utility"
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
    "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Sun 6 Apr 2008 80 A.SHR --- "C:\WINDOWS\system32\F9F95DAB6A.dll"
    Wed 4 Aug 2004 10,912 A.SH. --- "C:\WINDOWS\system32\Proxy.Dll"
    Wed 4 Aug 2004 134,091 A.SH. --- "C:\WINDOWS\system32\ProxyM.dll"
    Sun 6 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 16 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
    Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\BIT1.tmp"

    Finished!

    THANKS

  9. #9
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Please do not install new programs unless I request them. Once you are clean and we are finished, you may do as you wish.

    1) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\ <<< uninstall in Add Remove programs, no longer supported
    http://free.grisoft.com/ww.download-...d-anti-rootkit

    2) C:\Program Files\Java\jre1.6.0_05\ <<< update Java, see this:
    http://forums.spybot.info/showpost.p...80&postcount=2

    3) F:\HIJAK\HijackThis.exe <<< F must be a drive, if it is not, move HJT to C

    4) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
    * Run Spybot-S&D in Advanced Mode.
    * If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    * On the left hand side, Click on Tools
    * Then click on the Resident Icon in the List
    * Uncheck "Resident TeaTimer" and OK any prompts.
    * Restart your computer.
    (leave TT disabled until we finish)

    5) Download ResetTeaTimer.bat to the Desktop
    http://downloads.subratam.org/ResetTeaTimer.bat
    Double click ResetTeaTimer.bat
    to remove all entries set by TeaTimer (and preventing TeaTimer to restore them upon reactivation).

    6) Please download ATF Cleaner by Atribune
    http://www.atribune.org/public-beta/ATF-Cleaner.exe
    Save it to your Desktop. We will use this later.

    7) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    O2 - BHO: (no name) - {1C218BC1-B339-40DF-8346-792D2DBAFFB5} - (no file)
    O2 - BHO: (no name) - {3AC1A78F-5EA9-41B2-BBB4-9E35728A9327} - (no file)
    O2 - BHO: (no name) - {47E301E3-41F0-4153-B12E-7131DC5E1AA7} - (no file)
    O2 - BHO: (no name) - {98DEE815-17A0-45A1-854C-947B173BA1AC} - (no file)
    O2 - BHO: (no name) - {ED57E1CD-B626-4B0C-AB83-A7C822C99169} - (no file)
    O20 - Winlogon Notify: hgGaYSiI - hgGaYSiI.dll (file missing)

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    8) Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Restart and post a new HJT log, let me know how the computer is running now.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  10. #10
    Junior Member
    Join Date
    May 2008
    Posts
    9

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:51:46 AM, on 5/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    F:\IDM\Internet Download Manager\IDMan.exe
    F:\RegistryBooster 2\RegistryBooster.exe
    F:\SpeedUpMyPC 3\SpeedUpMyPC.exe
    F:\SpyEraser\SpyEraser.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\W32BRG55.EXE
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    E:\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\WINDOWS\System32\svchost.exe
    F:\IDM\Internet Download Manager\IEMonitor.exe
    C:\HIJAK\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.lk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - F:\IDM\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\Prolink\Prolink H9600\CnxDslTb.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Daemon\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [IDMan] F:\IDM\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
    O4 - HKCU\..\Run: [Uniblue SpyEraser] "F:\SpyEraser\SpyEraser.exe" -m
    O4 - Startup: AccessRunner DSL.lnk = ?
    O4 - Startup: Stardock ObjectDock.lnk = E:\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: Y'z ToolBar.lnk = E:\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
    O8 - Extra context menu item: Download all links with IDM - F:\IDM\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - F:\IDM\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - F:\IDM\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ssn\Start Menu\Programs\IMVU\Run IMVU.lnk
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D47B126-95DF-4B89-A432-FF7A0DC85473}: NameServer = 203.115.0.46 203.115.0.47
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - F:\Ares\chatServer.exe
    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 7669 bytes

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •