Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo


  • This topic is locked This topic is locked
2 replies to this topic

#1 troip

troip

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 05 April 2008 - 03:19 PM

Hi there
Seemed to get this Vundo trojan last night when visiting a web page. I have tried VundoFix as well as Norton AV removal tools and it's still on my system. Here is the DSS info:

Deckard's System Scanner v20071014.68
Run by on 2008-04-05 20:49:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-05 20:49:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Taesha\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - C:\WINDOWS\system32\wvuvuut.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6CD9A508-CC39-42A5-9A2D-50F9B7DEFF8C} - C:\WINDOWS\system32\sstrr.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM9369a64d] Rundll32.exe "C:\WINDOWS\system32\wnsdktun.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Launcher] C:\Program Files\Wanadoo_UK\Setup\Check.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shock...director/sw.cab
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {E2B7DB22-38C5-11D5-91F6-00104BDB8FF9} (LEAD Video RGB Converter) - http://www.eprintdriver.com/demos/cabs/LMVRGBxf.cab
O16 - DPF: {E2B7DB7E-38C5-11D5-91F6-00104BDB8FF9} (Screen Capture Codec (VFW)) - http://www.eprintdriver.com/demos/cabs/LCodcScr.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: wvuvuut - C:\WINDOWS\system32\wvuvuut.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSVC - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 13689 bytes

-- Files created between 2008-03-05 and 2008-04-05 -----------------------------

2008-04-05 20:33:14 3172 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-05 16:30:05 87104 --a------ C:\WINDOWS\system32\wnsdktun.dll
2008-04-05 16:29:46 53312 --a------ C:\WINDOWS\system32\kdpiqiqy.dll
2008-04-05 15:57:36 0 d-------- C:\VundoFix Backups
2008-04-05 14:26:36 0 d-------- C:\WINDOWS\pss
2008-04-05 14:07:39 83040874 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-04-05 10:50:47 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-05 10:50:47 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-05 10:50:47 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-05 10:50:47 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-04-05 10:50:47 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-05 10:50:47 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-05 10:50:47 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-04-05 10:50:47 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-05 10:50:47 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-05 10:50:47 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-04-05 10:50:47 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-04-05 10:50:47 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-04-05 10:50:47 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-04-05 10:50:46 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-05 00:05:02 238023 --ahs---- C:\WINDOWS\system32\rrtss.ini2
2008-04-05 00:04:48 268288 --a------ C:\WINDOWS\system32\sstrr.dll
2008-04-04 23:59:25 38400 --a------ C:\WINDOWS\system32\wvuvuut.dll
2008-04-04 23:59:18 0 d-------- C:\WINDOWS\system32\bharebio01
2008-04-04 23:59:17 0 d-------- C:\Temp
2008-03-30 20:40:04 0 d-------- C:\Program Files\Common Files\Enfocus Software
2008-03-30 20:39:08 0 d-------- C:\Documents and Settings\Taesha\Application Data\InstallShield
2008-03-29 01:26:52 0 d-------- C:\Program Files\RSS Submit
2008-03-15 20:12:57 230818 --a------ C:\WINDOWS\uninstall USB_Memo.exe
2008-03-15 20:12:56 2182328 --a------ C:\WINDOWS\USB_Memo.scr
2008-03-15 20:02:15 0 d-------- C:\Program Files\Screensaver Factory 4 Enterprise
2008-03-15 20:02:15 0 d-------- C:\Documents and Settings\Taesha\Application Data\Blumentals
2008-03-13 01:05:44 0 d-------- C:\Program Files\PADexpress
2008-03-13 00:58:03 0 d-------- C:\Program Files\PADADD
2008-03-13 00:46:41 0 d-------- C:\Program Files\PromoSoft
2008-03-12 23:36:43 0 d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-03-12 23:35:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-12 22:03:34 0 d-------- C:\Documents and Settings\Taesha\Application Data\PADGen
2008-03-12 22:03:26 0 d-------- C:\Program Files\PADGen
2008-03-12 22:00:00 230818 --a------ C:\WINDOWS\uninstall CD_dupli.exe
2008-03-12 21:59:59 1585142 --a------ C:\WINDOWS\CD_dupli.scr


-- Find3M Report ---------------------------------------------------------------

2008-04-05 20:46:32 0 d-------- C:\Program Files\Common Files
2008-04-05 20:26:16 0 d-------- C:\Documents and Settings\Taesha\Application Data\U3
2008-04-05 16:55:13 0 d-------- C:\Program Files\eMule
2008-04-05 00:17:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-05 00:03:37 0 d-------- C:\Program Files\Norton Internet Security
2008-03-30 22:37:33 0 d-------- C:\Program Files\FlashFXP
2008-03-30 20:44:01 0 d-------- C:\Documents and Settings\Taesha\Application Data\Enfocus Prefs Folder
2008-03-30 20:39:38 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 20:34:01 0 d-------- C:\Documents and Settings\Taesha\Application Data\Adobe
2008-03-30 20:04:12 1343 --ah----- C:\Documents and Settings\Taesha\Application Data\pp7eskf
2008-03-15 17:10:08 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-12 23:36:22 0 d-------- C:\Program Files\TechSmith


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}]
04/04/2008 23:59 38400 --a------ C:\WINDOWS\system32\wvuvuut.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CD9A508-CC39-42A5-9A2D-50F9B7DEFF8C}]
05/04/2008 00:04 268288 --a------ C:\WINDOWS\system32\sstrr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 14:59]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [27/01/2005 01:02]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [27/07/2004 16:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [27/07/2004 16:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/01/2008 16:36]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [26/01/2004 11:38]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [27/04/2007 08:42]
"@"="" []
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20/09/2005 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20/09/2005 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20/09/2005 09:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04/08/2004 05:00]
"BM9369a64d"="C:\WINDOWS\system32\wnsdktun.dll" [05/04/2008 16:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Launcher"=C:\Program Files\Wanadoo_UK\Setup\Check.exe

C:\Documents and Settings\Taesha\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [01/10/2005 00:38:57]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [11/04/2006 15:10:12]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [01/10/2005 00:38:57]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 05:44:06]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [30/08/2005 19:08:34]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}"= C:\WINDOWS\system32\wvuvuut.dll [04/04/2008 23:59 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvuut]
wvuvuut.dll 04/04/2008 23:59 38400 C:\WINDOWS\system32\wvuvuut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstrr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Taesha^Start Menu^Programs^Startup^DigiGuide TV Guide.lnk]
path=C:\Documents and Settings\Taesha\Start Menu\Programs\Startup\DigiGuide TV Guide.lnk
backup=C:\WINDOWS\pss\DigiGuide TV Guide.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APL]
"C:\Program Files\ACT\ACT for Win 7\APL.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Radio365Agent]
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45e9c4f0-2017-11db-88a8-0013ce19aceb}]
AutoRun\command- AcroRd32.exe dietglue.pdf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{688779f2-f615-11da-887f-000e5047e583}]
AutoRun\command- AcroRd32.exe dietglue.pdf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7136c6d1-1366-11db-889c-0013ce19aceb}]
AutoRun\command- AcroRd32.exe dietglue.pdf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12f3c70-28a6-11db-88b6-000e5047e583}]
AutoRun\command- AcroRd32.exe dietglue.pdf




-- End of Deckard's System Scanner: finished at 2008-04-05 20:55:08 ------------


I have been trying various things for ten hours today and I am about to throw my laptop out of the window!

BC AdBot (Login to Remove)

 


m

#2 troip

troip
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 06 April 2008 - 04:55 PM

Being helped at Cybertech, thanks

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,719 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:47 PM

Posted 06 April 2008 - 06:04 PM

Thank you for letting us know, we appreciate that. Since you are being helped there, I will close this topic. Good luck getting your computer fixed.

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users