Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Virtumonde Is Killing Me


  • Please log in to reply
3 replies to this topic

#1 EscapeV

EscapeV

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 15 November 2007 - 02:14 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:28 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47627A37-1E3D-4C04-BA95-04BFBF5DEF42} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5F118A63-742C-4032-8735-B42A4692A1BE} - (no file)
O2 - BHO: (no name) - {66CC07E5-204F-4567-9EF8-796BEABB0E53} - (no file)
O2 - BHO: (no name) - {6B7957E2-EBFF-4F6C-8078-6168E3913AEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8B60577B-48D0-4AFC-A842-6C78A20DB811} - (no file)
O2 - BHO: {75bd174d-abab-fe2b-ac24-4f6e8422e1c9} - {9c1e2248-e6f4-42ca-b2ef-babad471db57} - C:\WINDOWS\system32\ukdexokt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B75E6147-DCA3-4225-81AB-07CCC6D485D5} - (no file)
O2 - BHO: (no name) - {F3C7B5C7-F8E8-4758-9AB7-ECA5688E412C} - C:\WINDOWS\system32\geedc.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10827 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:39 AM

Posted 16 November 2007 - 05:49 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum EscapeV :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please disable Spybot S&Dís protection,or it will interfere.
You can enable it later once you're system is clean.

Open Spybot and click on 'Mode' and check 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.
Restart the computer.

If you find you're experiencing problems disabling Spybot's Tea-Timer,follow the info in the link below:
http://www.russelltexas.com/malware/teatimer.htm

Download ResetTeaTimer.bat to your desktop:
http://downloads.subratam.org/ResetTeaTimer.bat

Now run ResetTeaTimer.bat by double clicking on its icon on your desktopPosted Image
You'll see a black window flash,thats normal.
Since it will not be needed again,now delete ResetTeaTimer.bat.


If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Disconnect from the Internet.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 EscapeV

EscapeV
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 28 November 2007 - 10:41 AM

this is the combo fix log


ComboFix 07-11-28.2 - HP_Administrator 2007-11-28 10:28:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.576 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\VUV6RUJ8\www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\VUV6RUJ8\www.broadcaster.com\played_list.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\#SharedObjects\VUV6RUJ8\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\HP_Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\system32\a13
C:\WINDOWS\system32\bokcgjgu.dll
C:\WINDOWS\system32\bpmlwrxx.dll
C:\WINDOWS\system32\cblfrqlh.dll
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\cdeeg.bak2
C:\WINDOWS\system32\cdeeg.ini
C:\WINDOWS\system32\cndwtpwk.dll
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\dhatmjjn.dll
C:\WINDOWS\system32\e2
C:\WINDOWS\system32\geedc.dll
C:\WINDOWS\system32\hgeuybrv.dll
C:\WINDOWS\system32\i8
C:\WINDOWS\system32\insmrcfh.dll
C:\WINDOWS\system32\iviofrwn.dll
C:\WINDOWS\system32\jcfbjday.ini
C:\WINDOWS\system32\jkhfg.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\mljgh.dll
C:\WINDOWS\system32\oTt04e
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pddnxuaw.dll
C:\WINDOWS\system32\sapqulqp.dll
C:\WINDOWS\system32\spaljqlv.dll
C:\WINDOWS\system32\tmbcvysv.dll
C:\WINDOWS\system32\ukdexokt.dll
C:\WINDOWS\system32\updketjv.dllbox
C:\WINDOWS\system32\vtsts.dll
C:\WINDOWS\system32\x22
C:\WINDOWS\system32\xxrwlmpb.ini
C:\WINDOWS\system32\yadjbfcj.dll
C:\WINDOWS\system32\yqebcses.exe
C:\z.dat
C:\z.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-15 14:10 . 2007-11-15 14:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-15 13:39 . 2007-11-28 10:33 1,439,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-15 13:39 . 2007-11-28 10:32 17,876 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-15 13:34 . 2007-11-15 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-15 13:34 . 2007-09-06 16:14 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-11-15 13:31 . 2007-11-15 13:34 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-15 13:31 . 2007-11-27 22:43 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-15 13:31 . 2007-11-28 10:33 353,247 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-11-15 07:15 . 2007-11-10 23:30 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-15 00:41 . 2007-08-20 05:04 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-15 00:41 . 2007-04-17 04:32 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-15 00:41 . 2007-03-08 00:10 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-15 00:41 . 2007-08-20 05:04 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-15 00:41 . 2007-08-20 05:04 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-15 00:41 . 2007-08-20 05:04 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-15 00:41 . 2007-08-20 05:04 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-15 00:41 . 2007-08-20 05:04 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-15 00:41 . 2007-08-17 05:20 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-14 21:52 . 2007-11-14 21:52 49,744 --a------ C:\Documents and Settings\HP_Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-11-14 18:24 . 2007-11-14 18:24 145,984 --a------ C:\WINDOWS\system32\fubhtbiw.dll
2007-11-11 00:17 . 2007-11-15 07:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-11 00:17 . 2007-11-15 07:22 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-10 23:30 . 2007-11-15 07:15 <DIR> d-------- C:\Documents and Settings\HP_Administrator\.housecall6.6
2007-11-10 21:31 . 2007-11-10 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-10 20:56 . 2007-11-10 20:56 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-10 20:56 . 2007-11-10 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-10 16:32 . 2007-11-10 16:32 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-09 15:46 . 2007-11-09 16:34 584,476 --ahs---- C:\WINDOWS\system32\ravrgtex.ini
2007-11-09 15:37 . 2007-11-15 07:49 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-09 15:37 . 2007-11-09 15:37 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\PC Tools
2007-11-09 15:37 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-09 15:37 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-09 15:37 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-09 15:37 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-09 14:48 . 2007-11-09 15:02 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-08 21:39 . 2007-11-08 21:39 145,984 --a------ C:\WINDOWS\system32\shtrpxeu.dll
2007-11-08 21:37 . 2007-11-08 21:37 436,491 --a------ C:\WINDOWS\system32\cdeeg.bak2.ren
2007-11-07 21:37 . 2007-11-07 21:37 145,984 --a------ C:\WINDOWS\system32\ufrpgfgm.dll
2007-11-07 10:42 . 2007-11-07 10:42 145,984 --a------ C:\WINDOWS\system32\fexkvtcm.dll
2007-11-06 14:25 . 2007-11-06 14:25 <DIR> d-------- C:\Program Files\Final Draft Tagger
2007-11-06 14:25 . 2007-11-06 14:25 <DIR> d-------- C:\Program Files\Final Draft 7
2007-11-06 14:25 . 2007-11-10 20:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-06 14:09 . 2007-11-06 14:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Final Draft
2007-11-06 14:08 . 2007-11-06 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Final Draft
2007-11-06 10:01 . 2007-11-07 16:42 569,860 --ahs---- C:\WINDOWS\system32\axsxrnhc.ini
2007-11-06 09:25 . 2007-11-07 21:37 425,645 --a------ C:\WINDOWS\system32\cdeeg.bak1.ren
2007-11-06 09:02 . 2007-11-06 09:02 566,757 --ahs---- C:\WINDOWS\system32\cclnwxvy.ini
2007-11-05 21:06 . 2007-11-11 10:15 451,373 --ahs---- C:\WINDOWS\system32\cdeeg.ini.ren
2007-11-05 18:18 . 2007-11-28 10:33 <DIR> d-------- C:\Program Files\Trojan Remover
2007-11-05 18:18 . 2007-11-05 18:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Simply Super Software
2007-11-05 18:18 . 2007-11-05 18:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-11-05 18:18 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-05 18:18 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-05 18:18 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-05 18:18 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-05 18:18 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-11-04 16:19 . 2007-11-04 16:19 163,840 --a------ C:\ps.exe
2007-11-04 16:19 . 2007-11-04 16:19 269 --a------ C:\WINDOWS\system32\7900.bat
2007-11-04 16:19 . 2007-11-04 16:19 84 --a------ C:\n.bat
2007-11-04 16:18 . 2007-11-04 16:18 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-10-30 17:53 . 2007-10-30 17:53 <DIR> d-------- C:\Program Files\Diner Dash 3-in-1
2007-10-29 21:34 . 2007-10-29 21:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\yf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 15:25 --------- d-----w C:\Program Files\PeerGuardian2
2007-11-28 03:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-28 03:27 --------- d-----w C:\Program Files\Spyware Terminator
2007-11-15 12:43 --------- d-----w C:\Program Files\Google
2007-11-15 12:38 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-11-13 20:31 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Spyware Terminator
2007-11-11 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 10:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-11 05:15 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-10 21:31 --------- d-----w C:\Program Files\Common Files\Real
2007-11-10 02:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-11-08 22:25 --------- d-----w C:\Program Files\Java
2007-11-08 20:45 --------- d-----w C:\Program Files\WinClamAVShield
2007-11-06 18:53 --------- d-----w C:\Program Files\BFG
2007-11-06 04:08 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-11-04 21:22 25,214 ----a-w C:\Program Files\B.ico
2007-11-04 21:22 25,214 ----a-w C:\Program Files\A.ico
2007-10-31 02:00 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\PlayFirst
2007-10-30 22:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-29 20:17 --------- d-----w C:\Program Files\Your Freedom
2007-10-26 02:11 --------- d-----w C:\Program Files\Mystery Case Files Ravenhearst
2007-10-25 21:16 --------- d-----w C:\Program Files\Mystery Case Files Huntsville
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 00:11 --------- d-----w C:\Program Files\Mystery Case Files Prime Suspects
2007-10-21 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47627A37-1E3D-4C04-BA95-04BFBF5DEF42}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F118A63-742C-4032-8735-B42A4692A1BE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66CC07E5-204F-4567-9EF8-796BEABB0E53}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B7957E2-EBFF-4F6C-8078-6168E3913AEB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B60577B-48D0-4AFC-A842-6C78A20DB811}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B75E6147-DCA3-4225-81AB-07CCC6D485D5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 17:40]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-09 08:26]
"Uniblue Registry Booster2"="C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe" [2007-04-23 14:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-11-02 15:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-27 14:15]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-08-29 12:45]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyCap]
2006-05-29 07:59 225280 --a------ C:\PROGRA~1\PROXYL~1\ProxyCap\proxycap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2007-08-29 12:45 2778112 --a------ C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-09 08:26 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe -m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-11-07 14:29:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-08-09 13:29:38 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-21 19:01:33 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 10:34:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 10:34:52 - machine was rebooted
.
--- E O F ---

#4 EscapeV

EscapeV
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 28 November 2007 - 10:43 AM

this is of course the new hijack log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:34 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {47627A37-1E3D-4C04-BA95-04BFBF5DEF42} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5F118A63-742C-4032-8735-B42A4692A1BE} - (no file)
O2 - BHO: (no name) - {66CC07E5-204F-4567-9EF8-796BEABB0E53} - (no file)
O2 - BHO: (no name) - {6B7957E2-EBFF-4F6C-8078-6168E3913AEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8B60577B-48D0-4AFC-A842-6C78A20DB811} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B75E6147-DCA3-4225-81AB-07CCC6D485D5} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10200 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users