Jump to content

Julian813

Members
  • Posts

    2
  • Joined

  • Last visited

Everything posted by Julian813

  1. I'm pretty good at removing malware but this one has me stumped. I installed Malwarebytes but when I go to run it, it gives me mbam.exe-bad image error and will not go any further. I tried to run Combofix but gets to output folder and hangs there. Tried running Hijackthis and came back with bad image file error also and "The application or DLL C;\windows\system32\MSVBM60.DLL is not a valid windows image file" Anyway, I ran a GMER and here is the log. Any help would be greatly appreciated! GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-07 13:32:01 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3802110AS rev.2AAA Running: ko9nkhuw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwlyapow.sys ---- System - GMER 1.0.15 ---- SSDT BA7594C6 ZwCreateKey SSDT BA7594BC ZwCreateThread SSDT BA7594CB ZwDeleteKey SSDT BA7594D5 ZwDeleteValueKey SSDT BA7594DA ZwLoadKey SSDT BA7594A8 ZwOpenProcess SSDT BA7594AD ZwOpenThread SSDT BA7594E4 ZwReplaceKey SSDT BA7594DF ZwRestoreKey SSDT BA7594D0 ZwSetValueKey SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA8997620] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2372] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 02294D20 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02294EA0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 022944A0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 02294600 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1 ---- EOF - GMER 1.0.15 ----
  2. I was getting BSOD and Stop Error 0x0000008E as soon as Win XP would start. I was however able to run without a problem in safe mode. I ran MBAM in safemode (see log below) and after scan it requested that reboot was necessary to get rid of some detections located in the registry. I rebooted and I was actually able to boot into Windows but BSOD after about 2 minutes. I again booted into safemode but MBAM will not run at all. I also tried to install Avira Free Personal Ed. to run a scan and it would not allow me to install it. Here is the MBAM anf HiJackThis logs. Malwarebytes' Anti-Malware 1.36 Database version: 2009 Windows 5.1.2600 Service Pack 2 4/19/2009 3:00:33 PM mbam-log-2009-04-19 (15-00-33).txt Scan type: Quick Scan Objects scanned: 85102 Time elapsed: 12 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 5 Registry Keys Infected: 49 Registry Values Infected: 20 Registry Data Items Infected: 10 Folders Infected: 6 Files Infected: 95 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\efcBqnnK.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\c00CE26C.mat (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\jsne87fidgf.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\nvrsol32.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87320472-2391-48cd-8a6d-d125af0d593b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{87320472-2391-48cd-8a6d-d125af0d593b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\c00ce26c (Trojan.BHO) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0041181-adb6-f17f-a4ad-8193614bad09} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a0041181-adb6-f17f-a4ad-8193614bad09} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{32c620d6-cc10-4e6a-9715-bacacd5b0e61} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{a744f16c-b2d5-4138-81a2-085cdfcde83a} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{28abc5c0-4fcb-11cf-aax5-81cx1c635612} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0c0d7b92-8630-4ef3-892c-cfe116193c5a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c0d7b92-8630-4ef3-892c-cfe116193c5a} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{635c7fb4-0337-1271-6125-5812b33fa662} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f5452bfb-7ad1-41c8-a626-953b001bd260} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f5452bfb-7ad1-41c8-a626-953b001bd260} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b4d73d15 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b4d73d15 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b8db3950 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\b8db3950 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b8db3950 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eed44f6a (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\eed44f6a (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eed44f6a (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sys32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instbndlkeyldr (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e80bf716 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\dppinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\prunnet (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{435d69fe-0f7e-c69d-3c82-b49bd50c5cc1} (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iupd721 (Trojan.Dropper) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\webproxy (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[system] (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winlogon (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Lsass Service (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbqnnk -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcbqnnk -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\msupdt.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\drivers\services.exe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe,C:\WINDOWS\system32\twext.exe,C:\WINDOWS\system32\msupdt.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Owner.Tammara\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\efcBqnnK.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\KnnqBcfe.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\KnnqBcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\trqiraas.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\saariqrt.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ydscxdrf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frdxcsdy.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\camc6hall.sys (Rootkit.Agent.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvrsol32.dll (Spyware.Agent.H) -> Delete on reboot. C:\WINDOWS\system32\c00CE26C.mat (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\crypts.dll (Trojan.Downloader) -> Delete on reboot. C:\WINDOWS\system32\prun.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Application Data\gadcom\gadcom.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rs32net.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ndvmdjrhjtmamrhis.dll (Trojan.Clicker) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Application Data\NI.GSCNS\IUpd721.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jsne87fidgf.dll (Trojan.BHO) -> Delete on reboot. C:\WINDOWS\system32\sxmg4.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\smartmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cycayvfgwk.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddjgwk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\iydolczmnmcevhmwi.dll-uninst.exe (Adware.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kqjwbyuq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lgjgbw.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\paso.el (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnnLBtt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rqRJYoND.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wchgfblf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yayaAPjJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\b4d73d15.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\b8db3950.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\eed44f6a.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\tcpsr.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\admwxe.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\ikhef.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\oxii.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\qjpirgg.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\ulwgf.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\uxftda.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\yxygu.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\new3.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\prun.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\snapsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\winvsnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\BX6YGSVV\asuper0[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\BX6YGSVV\asuper3[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\BX6YGSVV\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\BX6YGSVV\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\BX6YGSVV\wyzvjj[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\OH63OPAF\asuper2[1].htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\OH63OPAF\oluivj[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\OH63OPAF\qjgtuhu[1].htm (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNICTWLU\akuhhvijjx[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNICTWLU\asuper1[1].htm (Trojan.TDss) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\Temporary Internet Files\Content.IE5\SNICTWLU\dzjgghu[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\5922.tmp (Backdoor.KeyStart) -> Delete on reboot. C:\WINDOWS\Temp\BN2.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN4.tmp (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temporary Internet Files\Content.IE5\08H1ODTL\730f[1].exe (Backdoor.KeyStart) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Application Data\Microsoft\Windows\sys32.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Network Monitor\netmon.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Delete on reboot. C:\Documents and Settings\Owner.Tammara\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\services.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Local Settings\Temp\winlogin.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Application Data\Microsoft\Windows\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Start Menu\Programs\Startup\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msupdt.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dwwnw64r.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner.Tammara\Start Menu\Programs\Startup\DW_Start.lnk (Malware.Links) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sft.res (Malware.Trace) -> Quarantined and deleted successfully. C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\csrssc.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:42:42 PM, on 4/19/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\My Documents\omar.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-QO859.tmp\omar.tmp C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\tool\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file://E:\win\setup\iaieplay.dll O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} (IAMCE Class) - file://E:\win\setup\iamce.dll O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab46704.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.streamingfaith.com/common/m...MINIBrowser.CAB O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL lgjgbw.dll ddjgwk.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing) O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.