WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] IE Defender Pop-ups and Vundo Trojan

Started by Waynedeer , Nov 01 2007 11:09 PM

This topic is locked

9 replies to this topic

#1 Waynedeer

Authentic Member

Authentic Member
22 posts

Posted 01 November 2007 - 11:09 PM

Hello all,
Ive been reading about the same exact problem with my computer in this topic:

http://forums.whatth...jan_t84617.html

I have Windows Xp, and ive tried to follow the instructions given by MrC

Every time I run my internet Explorer, I get these annoying pop-ups from IE Defender..
and i have run AdAware, SpyHunter, SpyBot, and a few and no luck, the popups still come up on internet explorer.
Spyhunter informs me of a "Vundo Trojan" so i found software to remove it, but it keeps showing back up..

If anyone can be of any assistance I would appreciate it tremendously!!!
Thanks in advance, and God bless..

I ran a Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 0:43:11, on 2007-11-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\DOCUME~1\LIENTS~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bochk.com/web/home/home.xml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {990EE8B2-6E0B-40E1-9781-1A6E8F8A46FB} (WebDVRX Control) - http://www.dvrviewer...TIdvrViewer.inf
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave...sh.1.0.0.47.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Advertisements

Register to Remove

#2 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 02 November 2007 - 09:12 AM

Welcome to the forum.

Did you run RVAXO? if so please post the log.

--------------------

Please disable TeaTimer and SDHelper by opening Spybot SD, click Mode>Advanced>and on the left menu choose Tools and then Resident. In the right hand pane you will see a check box for TeaTimer and for SDHelper . Please uncheck both boxes and then close Spybot. You can reinstate it later but we don't want it interfering with what we need to do. Reboot when done

------------

Close ALL programs down, leaving ONLY HijackThis running - Click Scan and.....
Place a check against the following items if found:

O2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dll

Click on Fix Checked and exit HijackThis.

-----------------

Delete this file if found:
C:\WINDOWS\system32\IntelVideo.dll

---------------------

Download combofix.exe from the link below:
http://download.blee...Bs/ComboFix.exe

Double click combofix.exe & follow the prompts.
A window will open with a warning.
Type "Y" (and Enter) to start the fix.
When the scan completes it will open a text window.
Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

------------------

Reboot and post the logs from ComboFix and a fresh HJT log, MrC

#3 Waynedeer

Authentic Member

Authentic Member
22 posts

Posted 02 November 2007 - 06:07 PM

Hello there MrC, Thanks for coming to the rescue!

I have followed all your instructions closely, here goes:

RVAXO-Results:

----------------RVAXO.exe first run-------------

Files found:

Uninstallers Rogue scanners:

Folders Found:

Hosts-file was reset, If you use a custom hosts file please replace it...

--------------RVAXO.exe last run---------------

Files found:

Folders Found:

--------------RVAXO.exe finished----------------

Combo Fix:
ComboFix 07-11-01.1 - Lien Tse 2007-11-02 19:32:28.1 - NTFSx86
Running from: C:\Documents and Settings\Lien Tse\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Lien Tse\My Documents\My Music\Maggie Files\nav 10\_desktop.ini
C:\WINDOWS\system32\sysinit32
C:\WINDOWS\system32\sysinit32.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
.

2007-11-02 19:31 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-01 23:45 <DIR> d-------- C:\Documents and Settings\Lien Tse\Application Data\Grisoft
2007-11-01 23:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-01 23:45 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-29 17:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-29 17:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-29 17:18 <DIR> d-------- C:\Documents and Settings\Lien Tse\Application Data\SUPERAntiSpyware.com
2007-10-29 17:14 <DIR> d-------- C:\RVAXO
2007-10-29 17:08 356,562 --a------ C:\WINDOWS\system32\RVAXO.bat
2007-10-29 17:08 69,632 --a------ C:\WINDOWS\system32\remove.exe
2007-10-29 16:54 <DIR> d-------- C:\VundoFix Backups
2007-10-29 16:08 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-10-29 04:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-29 04:10 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-29 04:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-29 04:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-09 13:44 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-06 16:06 <DIR> d-------- C:\Documents and Settings\Lien Tse\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-01 07:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-01 04:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-31 04:19 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-31 04:19 --------- d-----w C:\Documents and Settings\Lien Tse\Application Data\AOL
2007-10-31 04:19 --------- d-----w C:\Documents and Settings\Ezekiel Wan\Application Data\AOL
2007-10-31 04:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-31 04:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AOL
2007-10-31 03:48 --------- d-----w C:\Program Files\Java
2007-10-03 19:04 --------- d-----w C:\Program Files\Symantec
2007-10-03 19:03 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 19:03 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-03 19:03 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-03 19:03 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-26 14:23 --------- d-----w C:\Program Files\Norton 360
2007-09-18 18:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 18:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 18:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 18:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 18:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 18:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 18:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 18:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 18:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-08-22 12:55 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-22 12:55 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-22 12:55 617,984 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-22 12:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-22 12:55 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-22 12:55 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-22 12:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-22 12:55 3,064,832 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-22 12:55 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-22 12:55 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-22 12:55 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 10:19 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2006-02-19 07:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 04:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 04:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 04:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 11:28]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 11:28]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 20:51]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 12:51]
"MBMon"="CTMBHA.DLL" [2006-06-29 01:12 C:\WINDOWS\system32\CTMBHA.DLL]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2006-02-16 11:20]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-01-24 09:34]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-24 04:35]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 18:16]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 07:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 07:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 07:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 07:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-11 18:56]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 18:03]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 04:24]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 06:40 C:\WINDOWS\MIDIDEF.EXE]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 23:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 23:55]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Aim6"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-07-11 18:53:44]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-24 20:28:28]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-01-24 09:30:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-04 00:07:32]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

*Newly Created Service* - AVGASCLN
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-02 19:34:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-02 19:35:08
.
--- E O F ---

And Lastly my HJT Log:( I tried to close as much programs as possible, my apologizes if i did'nt do it correctly)

Logfile of HijackThis v1.99.1
Scan saved at 19:59:26, on 2007-11-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\DOCUME~1\LIENTS~1\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bochk.com/web/home/home.xml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070124
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {990EE8B2-6E0B-40E1-9781-1A6E8F8A46FB} (WebDVRX Control) - http://www.dvrviewer...TIdvrViewer.inf
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave...sh.1.0.0.47.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thank you so much Charlie! Sorry for all the trouble. Wayne.

#4 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 02 November 2007 - 06:50 PM

Thank you so much Charlie! Sorry for all the trouble. Wayne.

You're no trouble!

The log looks OK.....How's it running, MrC

#5 Waynedeer

Authentic Member

Authentic Member
22 posts

Posted 02 November 2007 - 06:57 PM

Everything is perfect Mr.C, i dont get the annoying popups on internet explorer anymore. However, when i run spyhunter, the vundo trojan is still there in my registry, would you know of how i could remove it? im very intimidated by manual registry edits, i hate those registry errors. THanks again, you guys are awesome, and the service you guys provide is surley helpful.

#6 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 02 November 2007 - 07:05 PM

SuperAntiSpyware is very good at doing this.
I see you have it installed so update it and run it, post the log it creates.

You can configure it as per the link below.

http://forums.maddok...?showtopic=9590

MrC

#7 Waynedeer

Authentic Member

Authentic Member
22 posts

Posted 05 November 2007 - 12:41 AM

Hey there MrC! I just donated a sum of money to the website, i hope you guys continue your great work with helping others with their computer questions/problems. :thumbup:

Regarding the status of my computer, I ran SuperAntispy and under full system scan it told me nothing was found, under spyhunter, i can still see Trojan Vundo in my registry. Heres spywares support log: ###########################Runnning Processes DATA########################### processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178 processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4 processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = EVTENG.EXE File Size = 114753 File Path = C:\Program Files\Intel\Wireless\Bin\EvtEng.exe ModuleMD5 = f96e450937bad69fe4804d46829aa5c7 processName = S24EVMON.EXE File Size = 540745 File Path = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe ModuleMD5 = 99647323602be0e77a9737e6eada65ba processName = WLKEEPER.EXE File Size = 262217 File Path = C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ModuleMD5 = e876c33293aa5ffa81a1aa28d594712e processName = CCSVCHST.EXE File Size = 108648 File Path = C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe ModuleMD5 = fe69c498b922ce835e2e2123fbd0a272 processName = SYMLCSVC.EXE File Size = 1174664 File Path = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ModuleMD5 = 43cfca936d211bf7f1cde1ddf807cb76 processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f processName = ALUSCHEDULERSVC.EXE File Size = 554616 File Path = C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe ModuleMD5 = e769ccf3db27276f0ab9d31116a2f416 processName = GUARD.EXE File Size = 312880 File Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe ModuleMD5 = 5dcd235c061022bcda9aa48670b64211 processName = BTWDINS.EXE File Size = 266295 File Path = C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe ModuleMD5 = 3a462eba453d84d036046772104cfbcb processName = CREATIVELICENSING.EXE File Size = 69632 File Path = C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe ModuleMD5 = 7db5e3f44d797bd38b8e336ccc2e49d5 processName = CTSVCCDA.EXE File Size = 44032 File Path = C:\WINDOWS\system32\CTsvcCDA.exe ModuleMD5 = 3c8b6609712f4ff78e521f6dcfc4032b processName = MDM.EXE File Size = 322120 File Path = C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE ModuleMD5 = 11f714f85530a2bd134074dc30e99fca processName = SQLSERVR.EXE File Size = 9150464 File Path = C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe ModuleMD5 = 751961e128dbcc7a32304339c4bdeff0 processName = REGSRVC.EXE File Size = 217164 File Path = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe ModuleMD5 = 6210679582240d54cc7fcc6278ca8b04 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = EXPLORER.EXE File Size = 1033216 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = 97bd6515465659ff8f3b7be375b2ea87 processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = 24232996a38c0b0cf151c2140ae29fc8 processName = HPQNRS08.EXE File Size = 139264 File Path = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe ModuleMD5 = 375a6a208de8fc97fbadcbc963bd660c processName = HKCMD.EXE File Size = 77824 File Path = C:\WINDOWS\system32\hkcmd.exe ModuleMD5 = 19d63cf10330b51fd42abb1d4d39d0c4 processName = IGFXSRVC.EXE File Size = 159744 File Path = C:\WINDOWS\system32\igfxsrvc.exe ModuleMD5 = 93084839f7517112829f2a26f486e8cf processName = IGFXPERS.EXE File Size = 118784 File Path = C:\WINDOWS\system32\igfxpers.exe ModuleMD5 = 697963452107c59be69a67bee54e3eac processName = JUSCHED.EXE File Size = 132496 File Path = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe ModuleMD5 = d4f0f7437327dbaa264338baafb5e5af processName = SYNTPENH.EXE File Size = 761947 File Path = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ModuleMD5 = abb85828c394ceacacbc90373c59c529 processName = ZCFGSVC.EXE File Size = 667718 File Path = C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe ModuleMD5 = b8c80dccd4ce7cbf1fe8600b68418536 processName = IFRMEWRK.EXE File Size = 602182 File Path = C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe ModuleMD5 = da199948bdf65d2ef9109b60ec4621d0 processName = STSYSTRA.EXE File Size = 282624 File Path = C:\WINDOWS\stsystra.exe ModuleMD5 = ad2506958de1937c16c553c0a1be0572 processName = QUICKSET.EXE File Size = 1032192 File Path = C:\Program Files\Dell\QuickSet\quickset.exe ModuleMD5 = a2dc1e0e4c74d5d9598e18b2fdc7cee4 processName = CTSYSVOL.EXE File Size = 57344 File Path = C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe ModuleMD5 = 06de1310e3f1ea208b3c3b3c3ade6b55 processName = RUNDLL32.EXE File Size = 33280 File Path = C:\WINDOWS\system32\Rundll32.exe ModuleMD5 = da285490bbd8a1d0ce6623577d5ba1ff processName = ANDREAVC.EXE File Size = 1118208 File Path = C:\Program Files\Creative\VoiceCenter\AndreaVC.exe ModuleMD5 = 0eb3273815d81b4e58b9597b7c682fe6 processName = REALPLAY.EXE File Size = 26112 File Path = C:\Program Files\Real\RealPlayer\RealPlay.exe ModuleMD5 = 849d97fe4cc09cfc2772d10f641e1baf processName = DLACTRLW.EXE File Size = 122940 File Path = C:\WINDOWS\System32\DLA\DLACTRLW.EXE ModuleMD5 = cefd0e35b35afd9d1c2fec9af81afdb8 processName = ISSCH.EXE File Size = 81920 File Path = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ModuleMD5 = d2aeadfd998706b4216315b2bd3fa79e processName = GOOGLEDESKTOP.EXE File Size = 1831936 File Path = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ModuleMD5 = 5c4f5211e54c0c7d6af5591b69209f1d processName = PCMSERVICE.EXE File Size = 184320 File Path = C:\Program Files\Dell\MediaDirect\PCMService.exe ModuleMD5 = 91e8061b6eb04774a2d807800dd7b695 processName = CLCLEAN.0001 File Size = 59964 File Path = C:\DOCUME~1\LIENTS~1\LOCALS~1\Temp\clclean.0001 ModuleMD5 = 9fef04a50f79295c036cf000b0366ef8 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716 processName = CCAPP.EXE File Size = 115816 File Path = C:\Program Files\Common Files\Symantec Shared\ccApp.exe ModuleMD5 = 25be770865658cb79100117112819a7c processName = HPWUSCHD2.EXE File Size = 49152 File Path = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe ModuleMD5 = 926a397334fe426a6c7657096fe681db processName = NETWAITING.EXE File Size = 20480 File Path = C:\Program Files\NetWaiting\netWaiting.exe ModuleMD5 = 676b1d0bfa5ef8005395ab43f33de1f1 processName = DSAGNT.EXE File Size = 395776 File Path = C:\Program Files\Dell Support\DSAgnt.exe ModuleMD5 = 825edddb0521eb2183c7e3c45bb5fe97 processName = GOOGLETOOLBARNOTIFIER.EXE File Size = 68856 File Path = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ModuleMD5 = e616a6a6e91b0a86f2f6217cde835ffe processName = MSNMSGR.EXE File Size = 5674352 File Path = C:\Program Files\MSN Messenger\MsnMsgr.Exe ModuleMD5 = 7290a79851ebe4c919d20a95875ad383 processName = SUPERANTISPYWARE.EXE File Size = 1318912 File Path = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ModuleMD5 = 225e41f95d0f33148d264746087017d4 processName = WINCINEMAMGR.EXE File Size = 303104 File Path = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe ModuleMD5 = fbc2ce25a5c28bcff3e692e8af60593b processName = BTTRAY.EXE File Size = 622653 File Path = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe ModuleMD5 = 223a18ac9e6a23d6a8b84223f3794497 processName = DLG.EXE File Size = 24576 File Path = C:\Program Files\Digital Line Detect\DLG.exe ModuleMD5 = b66e56733e2cd6a10fda5919625fbf46 processName = HPQTRA08.EXE File Size = 288472 File Path = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe ModuleMD5 = 4543367e50bd35e7d1269d42841b156e processName = BTSTAC~1.EXE File Size = 1372244 File Path = C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE ModuleMD5 = feaf804695d8f8a8a8621e8d82725d8d processName = SQLMANGR.EXE File Size = 81920 File Path = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe ModuleMD5 = f45bfc03a06c9dcfa6731e551029b474 processName = OLFSNT40.EXE File Size = 45568 File Path = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE ModuleMD5 = 60fdd0fcf620deb6ac1f5fbedb659489 processName = HPQIMZONE.EXE File Size = 479232 File Path = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe ModuleMD5 = 87bcf7a6a70060a48f9f5e6f80228a3f processName = HPQSTE08.EXE File Size = 239320 File Path = C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe ModuleMD5 = 88029974b1c9995cfa3bd9560bba2eef processName = DOT1XCFG.EXE File Size = 397381 File Path = C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe ModuleMD5 = 1cc87053c28dca5cd94cac36dc56e7b4 processName = YMETRAY.EXE File Size = 49152 File Path = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ModuleMD5 = 79f91db6e0faf70e16b54a9633913b61 processName = HPZINW12.EXE File Size = 65536 File Path = C:\WINDOWS\system32\HPZinw12.exe ModuleMD5 = fbe5d2ad9912c064bb16112768087003 processName = HPZIPM12.EXE File Size = 69632 File Path = C:\WINDOWS\system32\HPZipm12.exe ModuleMD5 = d31f88c5f19eefa366a415d6bc5f2abc processName = VISUALBOYADVANCE.EXE File Size = 1974352 File Path = C:\Documents and Settings\Lien Tse\Desktop\Games\VisualBoyAdvance.exe ModuleMD5 = 6be4a22726cd2c884f9b8d93cd560cc4 processName = SPYHUNTER.EXE File Size = 2693248 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5 processName = NOTEPAD.EXE File Size = 69120 File Path = C:\WINDOWS\system32\NOTEPAD.EXE ModuleMD5 = 388b8fbc36a8558587afc90fb23a3b99 processName = FIREFOX.EXE File Size = 7649128 File Path = C:\Program Files\Mozilla Firefox\firefox.exe ModuleMD5 = 451f674ea11d8570690e5150c86fa2f7 processName = NOTEPAD.EXE File Size = 69120 File Path = C:\WINDOWS\system32\NOTEPAD.EXE ModuleMD5 = 388b8fbc36a8558587afc90fb23a3b99 processName = NOTEPAD.EXE File Size = 69120 File Path = C:\WINDOWS\system32\NOTEPAD.EXE ModuleMD5 = 388b8fbc36a8558587afc90fb23a3b99 ###########################REGISTRY MD5 DATA########################### <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=igfxtray Data=C:\WINDOWS\system32\igfxtray.exe FileSize = 98304 MD5=45985c1b266666cb7bbac01428ac2fad Name=igfxhkcmd Data=C:\WINDOWS\system32\hkcmd.exe FileSize = 77824 MD5=19d63cf10330b51fd42abb1d4d39d0c4 Name=igfxpers Data=C:\WINDOWS\system32\igfxpers.exe FileSize = 118784 MD5=697963452107c59be69a67bee54e3eac Name=SunJavaUpdateSched Data="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" FileSize = 132496 MD5=d4f0f7437327dbaa264338baafb5e5af Name=SynTPEnh Data=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe FileSize = 761947 MD5=abb85828c394ceacacbc90373c59c529 Name=IntelZeroConfig Data="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" FileSize = 667718 MD5=b8c80dccd4ce7cbf1fe8600b68418536 Name=IntelWireless Data="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless FileSize = 602182 MD5=da199948bdf65d2ef9109b60ec4621d0 Name=SigmatelSysTrayApp Data=stsystra.exe FileSize = 282624 MD5=ad2506958de1937c16c553c0a1be0572 Name=Dell QuickSet Data=C:\Program Files\Dell\QuickSet\quickset.exe FileSize = 1032192 MD5=a2dc1e0e4c74d5d9598e18b2fdc7cee4 Name=CTSysVol Data=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r FileSize = 57344 MD5=06de1310e3f1ea208b3c3b3c3ade6b55 Name=MBMon Data=Rundll32 CTMBHA.DLL,MBMon FileSize = MD5= Name=UpdReg Data=C:\WINDOWS\UpdReg.EXE FileSize = 90112 MD5=c419df63e0121d72411285780c2fc6cc Name=VoiceCenter Data="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray FileSize = 1118208 MD5=0eb3273815d81b4e58b9597b7c682fe6 Name=RealTray Data=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER FileSize = 26112 MD5=849d97fe4cc09cfc2772d10f641e1baf Name=DLA Data=C:\WINDOWS\System32\DLA\DLACTRLW.EXE FileSize = 122940 MD5=cefd0e35b35afd9d1c2fec9af81afdb8 Name=ISUSPM Startup Data=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup FileSize = 221184 MD5=fb9e5c251cf6c37749f296bacb34a69b Name=ISUSScheduler Data="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start FileSize = 81920 MD5=d2aeadfd998706b4216315b2bd3fa79e Name=Google Desktop Search Data="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup FileSize = 1831936 MD5=5c4f5211e54c0c7d6af5591b69209f1d Name=PCMService Data="C:\Program Files\Dell\MediaDirect\PCMService.exe" FileSize = 184320 MD5=91e8061b6eb04774a2d807800dd7b695 Name=IMJPMIG8.1 Data="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 FileSize = 208952 MD5=7bbe4cf421aecc7f0226edd75f12079f Name=IMEKRMIG6.1 Data=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE FileSize = 44032 MD5=e6bb63bbe1bed01769ca87f4dac286c8 Name=MSPY2002 Data=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC FileSize = 59392 MD5=1b17e09c1223f6d17336d2dd7a1af4f4 Name=PHIME2002ASync Data=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC FileSize = 455168 MD5=024dc0f68df5fd6ae9dd82dfbaf479d6 Name=PHIME2002A Data=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName FileSize = 455168 MD5=024dc0f68df5fd6ae9dd82dfbaf479d6 Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 98304 MD5=76a3a30b58405c2c6d833895253a51a9 Name=ccApp Data="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" FileSize = 115816 MD5=25be770865658cb79100117112819a7c Name=Symantec PIF AlertEng Data="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" FileSize = MD5=******************************** Name=HP Software Update Data=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe FileSize = 49152 MD5=926a397334fe426a6c7657096fe681db Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe FileSize = 2693248 MD5=106556f40e0366b98ff715462aa3c3e5 <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=ModemOnHold Data=C:\Program Files\NetWaiting\netWaiting.exe FileSize = 20480 MD5=676b1d0bfa5ef8005395ab43f33de1f1 Name=SetDefaultMIDI Data=MIDIDef.exe FileSize = 24576 MD5=702a697091f0c47af6bdae2a35e2c248 Name=DellSupport Data="C:\Program Files\Dell Support\DSAgnt.exe" /startup FileSize = 395776 MD5=825edddb0521eb2183c7e3c45bb5fe97 Name=ctfmon.exe Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 15360 MD5=24232996a38c0b0cf151c2140ae29fc8 Name=swg Data=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe FileSize = 68856 MD5=e616a6a6e91b0a86f2f6217cde835ffe Name=MsnMsgr Data="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background FileSize = 5674352 MD5=7290a79851ebe4c919d20a95875ad383 Name=Aim6 Data= FileSize = MD5= Name=SUPERAntiSpyware Data=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe FileSize = 1318912 MD5=225e41f95d0f33148d264746087017d4 <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL FileSize = 144896 MD5=a9740d51c21696df0d34c83908f774d0 <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL> explorer.exe FileSize = 1033216 MD5=97bd6515465659ff8f3b7be375b2ea87 <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT> C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=39b1ffb03c2296323832acbae50d2aff #############################FILE MD5 DATA############################# <C:\Documents and Settings\Lien Tse\Start Menu\Programs\Startup> File Path = C:\Documents and Settings\Lien Tse\Start Menu\Programs\Startup\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35 #############################SERVICES DATA############################# Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7 Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Automatic LiveUpdate Scheduler Service Display Name = Automatic LiveUpdate Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" Binary Size = 0 Binary MD5 = Service Name = AVG Anti-Spyware Guard Service Display Name = AVG Anti-Spyware Guard Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe Binary Size = 312880 Binary MD5 = 5dcd235c061022bcda9aa48670b64211 Service Name = BITS Service Display Name = Background Intelligent Transfer Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = btwdins Service Display Name = Bluetooth Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe Binary Size = 266295 Binary MD5 = 3a462eba453d84d036046772104cfbcb Service Name = ccEvtMgr Service Display Name = Symantec Event Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Binary Size = 0 Binary MD5 = Service Name = ccSetMgr Service Display Name = Symantec Settings Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Binary Size = 0 Binary MD5 = Service Name = CLTNetCnService Service Display Name = Symantec Lic NetConnect service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Binary Size = 0 Binary MD5 = Service Name = Creative Labs Licensing Service Service Display Name = Creative Labs Licensing Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe" Binary Size = 0 Binary MD5 = Service Name = Creative Service for CDROM Access Service Display Name = Creative Service for CDROM Access Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\CTsvcCDA.exe Binary Size = 44032 Binary MD5 = 3c8b6609712f4ff78e521f6dcfc4032b Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 = Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 = Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4 Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = EvtEng Service Display Name = Intel® PROSet/Wireless Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Intel\Wireless\Bin\EvtEng.exe Binary Size = 114753 Binary MD5 = f96e450937bad69fe4804d46829aa5c7 Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = HidServ Service Display Name = HID Input Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = HTTPFilter Service Display Name = HTTP SSL Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k HTTPFilter Binary Size = 0 Binary MD5 = Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = LiveUpdate Notice Ex Service Display Name = LiveUpdate Notice Service Ex Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon Binary Size = 0 Binary MD5 = Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = MDM Service Display Name = Machine Debug Manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" Binary Size = 0 Binary MD5 = Service Name = MSSQL$MICROSOFTSMLBIZ Service Display Name = MSSQL$MICROSOFTSMLBIZ Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ Binary Size = 0 Binary MD5 = Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4 Service Name = Pml Driver HPZ12 Service Display Name = Pml Driver HPZ12 Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\HPZipm12.exe Binary Size = 69632 Binary MD5 = d31f88c5f19eefa366a415d6bc5f2abc Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = RegSrvc Service Display Name = Intel® PROSet/Wireless Registry Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe Binary Size = 217164 Binary MD5 = 6210679582240d54cc7fcc6278ca8b04 Service Name = RemoteRegistry Service Display Name = Remote Registry Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 = Service Name = S24EventMonitor Service Display Name = Intel® PROSet/Wireless Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe Binary Size = 540745 Binary MD5 = 99647323602be0e77a9737e6eada65ba Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2 Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 = Service Name = Symantec Core LC Service Display Name = Symantec Core LC Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" Binary Size = 0 Binary MD5 = Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 = Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\wdfmgr.exe Binary Size = 38912 Binary MD5 = ab0a7ca90d9e3d6a193905dc1715ded0 Service Name = w32time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WLANKEEPER Service Display Name = Intel® PROSet/Wireless SSO Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe Binary Size = 262217 Binary MD5 = e876c33293aa5ffa81a1aa28d594712e Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = #############################WINLOGON DATA############################# <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY> Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon Filepath = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll File Size = 294912 File MD5 = 3b2f85d8c913ce452ade4a0d24299fea Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxdev.dll File Size = 139264 File MD5 = efc3639ae8a452dc8dddf7d526092d3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 236928 File MD5 = d7dcfb4d0c58ffb569de93e1681fd37a Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e ##########################BROWSER ADD-ON DATA########################## <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar> CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\program files\google\googletoolbar2.dll File Size = 2403392 File MD5 = 6319f2d4708dbcae37cfa03da10782c0 Description = 0 CLSID = {90222687-F593-4738-B738-FBEE9C7B26DF} FilePath = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll File Size = 609424 File MD5 = 91d1f2d472b90ac1ed6e6a2953106f32 Description = NCO Toolbar <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1498112 File MD5 = f8b04d344a72782666e1f4b99cd866f0 CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\system32\Shdocvw.dll File Size = 1498112 File MD5 = f8b04d344a72782666e1f4b99cd866f0 <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {21569614-B795-46B1-85F4-E737A8DC09AD} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = 1404a1b21d5da381c84498517464f306 CLSID = {EFA24E61-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1498112 File MD5 = f8b04d344a72782666e1f4b99cd866f0 <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects> CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File Size = 63128 File MD5 = f17b2b264072b921fc66a0be16626bab CLSID = {1E8A6170-7264-4D0F-BEAE-D42A53123C75} FilePath = C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll File Size = 97960 File MD5 = fe48bb4c64b6d42eb637732d9d2962e4 CLSID = {5CA3D70E-1895-11CF-8E15-001234567890} FilePath = C:\WINDOWS\System32\DLA\DLASHX_W.DLL File Size = 110652 File MD5 = 8ef6619212e5500022ab22ff11e68d3b CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll File Size = 501136 File MD5 = d787e3123fad2bd58ab45b9a5c360acd CLSID = {9030D464-4C02-4ABF-8ECC-5164760863C6} FilePath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File Size = 322368 File MD5 = e43f7cfdee2b00a22c96c168147b20d3 CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7} FilePath = c:\program files\google\googletoolbar2.dll File Size = 2403392 File MD5 = 6319f2d4708dbcae37cfa03da10782c0 CLSID = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} FilePath = C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll File Size = 325048 File MD5 = 1dc47ca76a0ffeaa25b45de5706f2115 CLSID = {CA6319C0-31B7-401E-A518-A07C3DB8F777} FilePath = C:\Program Files\BAE\BAE.dll File Size = 98304 File MD5 = 28e1b808dd272cbd8f5667959deb61c1 <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions> CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = File Size = 0 File MD5 = CLSID = {92780B25-18CC-41C8-B9BE-3C9C571A8263} FilePath = File Size = 0 File MD5 = CLSID = {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} FilePath = File Size = 0 File MD5 = CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions> CLSID = CmdMapping FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks> CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1498112 File MD5 = f8b04d344a72782666e1f4b99cd866f0 Description = <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler> CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = 1404a1b21d5da381c84498517464f306 Description = Browseui preloader CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\system32\browseui.dll File Size = 1022976 File MD5 = 1404a1b21d5da381c84498517464f306 Description = Component Categories cache daemon ##########################LSP CHAIN DATA########################## <HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS> Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000016 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000017 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000018 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000019 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000020 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries�0000000021 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184 ##########################UNINSTALL DATA########################## <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL> Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX DisplayName = Adobe Flash Player ActiveX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin DisplayName = Adobe Flash Player Plugin Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player DisplayName = Adobe Shockwave Player Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AIM_6 DisplayName = AIM 6 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AOLOCP_Y Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AudioPlugin.dll Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVGAntiSpyware75 DisplayName = AVG Anti-Spyware 7.5 InstallLocation = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CADI Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3 DisplayName = Conexant HDA D110 MDC V.92 Modem Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Combined Community Codec Pack_is1 DisplayName = Combined Community Codec Pack 2007-02-22 InstallLocation = C:\Program Files\Combined Community Codec Pack\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CopyNow.dll Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Audio Pack DisplayName = Creative Audio Pack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource 5 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Go! Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Net Content Plugin Unicode Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative MediaSource Unicode Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DataPlugin.dll Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\dlatray.exe Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\EAXSet Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Equalizer Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Desktop DisplayName = Google Desktop Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis_is1 DisplayName = Hijackthis 1.99.1 InstallLocation = C:\Program Files\Hijackthis\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Document Viewer DisplayName = HP Document Viewer 7.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions DisplayName = HP Imaging Device Functions 7.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Photo & Imaging DisplayName = HP Photosmart Premier Software 6.5 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools DisplayName = HP Solution Center 7.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities DisplayName = HP Customer Participation Program 7.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HPOCR DisplayName = OCR Software by I.R.I.S 7.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB835221WXP DisplayName = High Definition Audio Driver Package - KB835221 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885855 DisplayName = Windows XP Hotfix - KB885855 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB889673 DisplayName = Windows XP Hotfix - KB889673 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892627 DisplayName = Windows XP Hotfix - KB892627 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893056 DisplayName = Windows XP Hotfix - KB893056 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Security Update for Windows XP (KB893756) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Update for Windows XP (KB894391) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896256 DisplayName = Hotfix for Windows XP (KB896256) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Security Update for Windows XP (KB896423) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Security Update for Windows XP (KB896424) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Security Update for Step By Step Interactive Training (KB898458) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Security Update for Windows XP (KB899587) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899588 DisplayName = Security Update for Windows XP (KB899588) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Security Update for Windows XP (KB899591) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Update for Windows XP (KB900485) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Security Update for Windows XP (KB900725) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Security Update for Windows XP (KB901017) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901190 DisplayName = Security Update for Windows XP (KB901190) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Security Update for Windows XP (KB902400) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Security Update for Windows XP (KB904706) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Security Update for Windows XP (KB905414) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Security Update for Windows XP (KB905749) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB906569 DisplayName = Hotfix for Windows XP (KB906569) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Security Update for Windows XP (KB908519) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Security Update for Windows XP (KB908531) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908673 DisplayName = Hotfix for Windows XP (KB908673) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB909095 DisplayName = Hotfix for Windows XP (KB909095) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Update for Windows XP (KB910437) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Update for Windows XP (KB911280) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Security Update for Windows XP (KB911562) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Security Update for Windows Media Player (KB911564) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911567 DisplayName = Security Update for Windows XP (KB911567) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Security Update for Windows XP (KB911927) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Security Update for Windows XP (KB912919) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912945 DisplayName = Update for Windows XP (KB912945) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Security Update for Windows XP (KB913580) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Security Update for Windows XP (KB914388) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Security Update for Windows XP (KB914389) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Update for Windows XP (KB916595) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Security Update for Windows XP (KB917344) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Security Update for Windows XP (KB917422) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP9 DisplayName = Security Update for Windows Media Player 9 (KB917734) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Security Update for Windows XP (KB917953) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918118 DisplayName = Security Update for Windows XP (KB918118) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918439 DisplayName = Security Update for Windows XP (KB918439) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918899 DisplayName = Security Update for Windows XP (KB918899) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Security Update for Windows XP (KB919007) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Security Update for Windows XP (KB920213) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920214 DisplayName = Security Update for Windows XP (KB920214) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Security Update for Windows XP (KB920670) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Security Update for Windows XP (KB920683) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Security Update for Windows XP (KB920685) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Update for Windows XP (KB920872) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Security Update for Windows XP (KB921398) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921503 DisplayName = Security Update for Windows XP (KB921503) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Security Update for Windows XP (KB921883) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Update for Windows XP (KB922582) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Security Update for Windows XP (KB922616) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Security Update for Windows XP (KB922819) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Security Update for Windows XP (KB923191) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Security Update for Windows XP (KB923414) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923689 DisplayName = Security Update for Windows XP (KB923689) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923694 DisplayName = Security Update for Windows XP (KB923694) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923723 DisplayName = Security Update for Step By Step Interactive Training (KB923723) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Security Update for Windows XP (KB923980) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Security Update for Windows XP (KB924191) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Security Update for Windows XP (KB924270) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Security Update for Windows XP (KB924496) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924667 DisplayName = Security Update for Windows XP (KB924667) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64 DisplayName = Security Update for Windows Media Player 6.4 (KB925398) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925454 DisplayName = Security Update for Windows XP (KB925454) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925486 DisplayName = Security Update for Windows XP (KB925486) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925902 DisplayName = Security Update for Windows XP (KB925902) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926255 DisplayName = Security Update for Windows XP (KB926255) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926436 DisplayName = Security Update for Windows XP (KB926436) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927779 DisplayName = Security Update for Windows XP (KB927779) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927802 DisplayName = Security Update for Windows XP (KB927802) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927891 DisplayName = Update for Windows XP (KB927891) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928090 DisplayName = Security Update for Windows XP (KB928090) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928255 DisplayName = Security Update for Windows XP (KB928255) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928843 DisplayName = Security Update for Windows XP (KB928843) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929123 DisplayName = Security Update for Windows XP (KB929123) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929338 DisplayName = Update for Windows XP (KB929338) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929969 DisplayName = Security Update for Windows XP (KB929969) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930178 DisplayName = Security Update for Windows XP (KB930178) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930916 DisplayName = Update for Windows XP (KB930916) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931261 DisplayName = Security Update for Windows XP (KB931261) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931768 DisplayName = Security Update for Windows XP (KB931768) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931784 DisplayName = Security Update for Windows XP (KB931784) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931836 DisplayName = Update for Windows XP (KB931836) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB932168 DisplayName = Security Update for Windows XP (KB932168) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933360 DisplayName = Update for Windows XP (KB933360) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933566 DisplayName = Security Update for Windows XP (KB933566) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933729 DisplayNam Thanks MrC, Wayne

#8 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 05 November 2007 - 04:46 PM

OK, first anything in the registry is basically harmless, files in the operating system are what cause problems.

---------------

I don't see anything in the log you posted...if you can point it out to me...please do.

But lets do this........

Enable hidden files:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK" (reverse this procedure when we are done)

-------------------

Right click on HiJackThis.exe and rename it to abc.exe

------------------

Download to your desktop a fresh copy of ComboFix:

http://download.blee...Bs/ComboFix.exe

Double click combofix.exe & follow the prompts.
A window will open with a warning.
Type "Y" (and Enter) to start the fix.
When the scan completes it will open a text window.
Please attach that log back here together with a fresh HJT log.
Caution - do not touch your mouse/keyboard until the scan has completed.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Combofix will automatically save the log file to C:\combofix.txt

-----------------

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at
reboot.

Post the log from ComboFix, VundoFix and a fresh HJT log, MrC

#9 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 09 November 2007 - 06:04 PM

How are we doing???? Do you still need help or can I close this post, MrC

#10 MrCharlie

SuperMember

Malware Team
2,949 posts

Posted 16 November 2007 - 07:15 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Body Background

skin color theme