Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper.agent.dgo


  • This topic is locked This topic is locked
3 replies to this topic

#1 bonf1r

bonf1r

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 17 January 2008 - 10:39 PM

i currently have dropper.agent.dgo on my pc, i've ran avg a few times and it doesn't go away, so i tried the whole combo fix thing and got the report so here is the combo fix

ComboFix 08-01-18.4 - Owner 2008-01-17 19:42:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.499 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\APPLIC~1\STEM~1\wuaclt.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\STEM~1
C:\Documents and Settings\Owner\Application Data\STEM~1\??stem\
C:\Documents and Settings\Owner\Application Data\STEM~1\wuaclt .exe
C:\Documents and Settings\Owner\Application Data\STEM~1\wuaclt.exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd .exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\kernel
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\smbols~1
C:\Program Files\Spyware Doctor\swdoctor .exe
C:\Program Files\Spyware Doctor\swdoctor .exe
C:\Program Files\Spyware Doctor\swdoctor .exe
C:\Program Files\Spyware Doctor\swdoctor .exe
C:\Program Files\Spyware Doctor\swdoctor .exe
C:\Program Files\Spyware Doctor\swdoctor .exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\22CBE2FDE7.dll
C:\WINDOWS\system32\afksgvgf.ini
C:\WINDOWS\system32\ajtnutcm.dll
C:\WINDOWS\system32\aqputloa.dll
C:\WINDOWS\system32\avhsgsqf.ini
C:\WINDOWS\system32\bfdkphiu.dll
C:\WINDOWS\system32\bokrndny.dll
C:\WINDOWS\system32\buhagqie.ini
C:\WINDOWS\system32\cclnpkbo.exe
C:\WINDOWS\system32\dkcbslck.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\ecojjoxy.dll
C:\WINDOWS\system32\edycblrr.ini
C:\WINDOWS\system32\fajscukp.ini
C:\WINDOWS\system32\fgvgskfa.dll
C:\WINDOWS\system32\fmopxphk.dll
C:\WINDOWS\system32\fqsgshva.dll
C:\WINDOWS\system32\fugljriq.dll
C:\WINDOWS\system32\havjteai.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hrogfpuq.ini
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxtray .exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ipgekfpw.dll
C:\WINDOWS\system32\jbpjknuj.dll
C:\WINDOWS\system32\jgndmttl.dll
C:\WINDOWS\system32\jygfuqph.dll
C:\WINDOWS\system32\klfdwqkn.ini
C:\WINDOWS\system32\kxdhmmbl.dll
C:\WINDOWS\system32\lvtvffjn.exe
C:\WINDOWS\system32\lywwnkra.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcsdhnju.exe
C:\WINDOWS\system32\mctuntja.ini
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mllmn.exe
C:\WINDOWS\system32\mvxmjsnx.dll
C:\WINDOWS\system32\NeroCheck .exe
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\nfvirsvq.dll
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\qcfelyfc.dll
C:\WINDOWS\system32\qdepkimg.dll
C:\WINDOWS\system32\qirjlguf.ini
C:\WINDOWS\system32\qupfgorh.dll
C:\WINDOWS\system32\qxllsctj.ini
C:\WINDOWS\system32\rarldycn.dll
C:\WINDOWS\system32\rkjfivmk.exe
C:\WINDOWS\system32\rmirtfml.exe
C:\WINDOWS\system32\rrnpiarh.ini
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\tlpwqyyo.ini
C:\WINDOWS\system32\uihpkdfb.ini
C:\WINDOWS\system32\uwqogalu.exe
C:\WINDOWS\system32\vdaiqodk.ini
C:\WINDOWS\system32\vretwirj.dll
C:\WINDOWS\system32\vssyrwwh.dll
C:\WINDOWS\system32\vtauqoaq.dll
C:\WINDOWS\system32\vuqglcqy.exe
C:\WINDOWS\system32\vwwmxulc.ini
C:\WINDOWS\system32\wgsmgbde.ini
C:\WINDOWS\system32\wtssvtr.exe
C:\WINDOWS\system32\xnsjmxvm.ini
C:\WINDOWS\system32\xwewskri.dll
C:\WINDOWS\uninstall_nmon.vbs

<pre>
C:\Program Files\MSN Messenger\MsnMsgr .Exe ---> QooBox
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe ---> QooBox
C:\WINDOWS\system32\hkcmd .exe ---> QooBox
C:\WINDOWS\system32\igfxpers .exe ---> QooBox
C:\WINDOWS\system32\igfxtray .exe ---> QooBox
C:\WINDOWS\system32\NeroCheck .exe ---> QooBox
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_SFSYNC02
-------\DomainService
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-17 20:18 . 2008-01-17 20:18 329,728 --------- C:\WINDOWS\system32\mllmn.dll
2008-01-17 19:40 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:25 . 2004-08-12 07:05 260,272 -r-hs---- C:\cmldr
2008-01-17 19:25 . 2006-06-30 13:51 211 --ahs---- C:\BOOT.BAK
2008-01-17 13:52 . 2008-01-17 16:05 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-17 11:45 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-17 11:45 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-17 11:45 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-17 11:45 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-15 13:04 . 2008-01-15 13:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-15 13:04 . 2008-01-15 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-15 13:00 . 2008-01-15 13:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 19:50 . 2008-01-17 17:28 <DIR> d--hs---- C:\WINDOWS\a3lsZSB3YWxrZXI
2008-01-07 18:11 . 2008-01-07 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-07 17:21 . 2008-01-07 17:29 <DIR> d-------- C:\Netgear
2008-01-07 15:45 . 2008-01-07 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-01-06 19:23 . 2008-01-07 15:51 374,272 --a------ C:\WINDOWS\mrofinu72.exe.tmp
2007-12-18 07:14 . 2008-01-07 21:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-18 07:14 . 2007-12-18 07:14 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-24 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-18 02:52 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-18 02:52 --------- d-----w C:\Program Files\QuickTime
2008-01-18 02:52 --------- d-----w C:\Program Files\MSN Messenger
2008-01-18 01:35 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-14 00:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-01-11 04:00 --------- d-----w C:\Program Files\Steam
2008-01-10 03:01 --------- d-----w C:\Program Files\Soulseek
2008-01-08 13:54 --------- d-----w C:\Program Files\Last.fm
2008-01-08 02:41 10 ----a-w C:\Program Files\.autoreg
2008-01-08 02:02 --------- d-----w C:\Program Files\Winamp
2008-01-08 02:02 --------- d-----w C:\Program Files\iTunes
2008-01-08 02:02 --------- d-----w C:\Program Files\AIM
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-27 00:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Corel
2007-11-09 04:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2005-07-29 23:24 472 --sha-r C:\WINDOWS\a3lsZSB3YWxrZXI\ua5Ptm1asqUOtrK.vbs
2007-10-14 23:28 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w			67,160 2008-01-07 22:51:57  C:\Program Files\AIM\aim .exe
----a-w		 1,404,928 2008-01-07 22:50:24  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w			57,344 2008-01-07 22:51:57  C:\Program Files\ATI Multimedia\main\ATIDtct .EXE
----a-w			45,056 2008-01-07 22:50:39  C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w		   180,269 2008-01-07 22:50:31  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   256,576 2008-01-07 22:51:16  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2008-01-07 22:50:35  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		 1,732,608 2008-01-18 03:19:01  C:\Program Files\TGTSoft\StyleXP\StyleXP .exe
----a-w			35,328 2008-01-07 22:51:27  C:\Program Files\Winamp\winampa .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29A2D0B6-3DB2-4434-9B78-970C874D3415}]
2008-01-17 20:18 329728 --------- C:\WINDOWS\system32\mllmn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP .exe" [2008-01-17 20:19 1732608]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd .exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor .exe" [ ]
"Sen"="C:\DOCUME~1\Owner\APPLIC~1\STEM~1\wuaclt.exe" [ ]
"AIM"="C:\Program Files\AIM\aim.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [ ]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-07-02 09:42:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxyvuv]
byxyvuv.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\mllmn.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllmn

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\2Moons\bin\GameGuard\dump_wmimmc.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 23:36:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:19:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\mllmn.dll
.
Completion time: 2008-01-17 20:22:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-18 03:22:26
.
2008-01-18 00:41:01 --- E O F ---





hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:00 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP .exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://2moons.acclaim.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmn.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP .exe -Hide
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd .exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor .exe" /Q
O4 - HKCU\..\Run: [Sen] "C:\DOCUME~1\Owner\APPLIC~1\STEM~1\wuaclt.exe" -vt ndrv
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O22 - SharedTaskScheduler: apathies - {aed6f6a3-183c-488d-9f90-23db99f56e7f} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6339 bytes


thanks for any help

BC AdBot (Login to Remove)

 


#2 bonf1r

bonf1r
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 18 January 2008 - 12:45 AM

bump

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:46 PM

Posted 02 February 2008 - 02:54 PM

Hello bonf1r,

Sorry for the late reply, but as you can see we handle more than our fair share of logs. If you still have problems please post a fresh HijackThis log and we can begin the cleaning process.

Regards,
SNOWHITE
Posted Image

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:02:46 PM

Posted 10 February 2008 - 06:03 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users