Jump to content

Redmofia

Members
 View Profile  See their activity

  • Posts

    7

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Redmofia
    Sorry, after running the Killbox application, logging on became impossible for a while. But after a while, it worked again. Logfile of HijackThis v1.99.1 Scan saved at 9:35:10 PM, on 8/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Tools\daemon.exe D:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE C:\Program Files\Common Files\AOL\1146929648\ee\AOLSoftware.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\mmxhuu.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE D:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...www.google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...count_id=146189 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {080562AA-A7BF-43A1-91C8-ED0939EFC750} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\xhyetxmf.dll (file missing) O2 - BHO: (no name) - {1FE12CBF-E9FA-4696-9E31-7D981C28EA47} - C:\WINDOWS\system32\wvieomie.dll (file missing) O2 - BHO: (no name) - {22E58089-6DB5-45D9-BF87-6C8975246D26} - C:\WINDOWS\system32\rqrpmno.dll (file missing) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: (no name) - {B3529A57-DEBB-42AB-9945-D975D90624E0} - C:\WINDOWS\system32\geebc.dll O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {E7860229-4B3D-4383-A8FA-7108FE940E96} - C:\WINDOWS\system32\wvieomie.dll (file missing) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing) O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DLPSP] "d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146929648\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [hcsystray] D:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tqznigawvcr] C:\WINDOWS\system32\tqznigawvcr.exe O4 - HKLM\..\Run: [mvytbehrv] C:\WINDOWS\system32\mvytbehrv.exe O4 - HKLM\..\Run: [rowjbg] C:\WINDOWS\system32\rowjbg.exe O4 - HKLM\..\Run: [ibmaxdqazr] C:\WINDOWS\system32\ibmaxdqazr.exe O4 - HKLM\..\Run: [buheelnesd] C:\WINDOWS\system32\buheelnesd.exe O4 - HKLM\..\Run: [drowzmqy] C:\WINDOWS\system32\drowzmqy.exe O4 - HKLM\..\Run: [ufuhius] C:\WINDOWS\system32\ufuhius.exe O4 - HKLM\..\Run: [eyz] C:\WINDOWS\system32\eyz.exe O4 - HKLM\..\Run: [fjvprbibo] C:\WINDOWS\system32\fjvprbibo.exe O4 - HKLM\..\Run: [xmadbweevd] C:\WINDOWS\system32\xmadbweevd.exe O4 - HKLM\..\Run: [za] C:\WINDOWS\system32\za.exe O4 - HKLM\..\Run: [wok] C:\WINDOWS\system32\wok.exe O4 - HKLM\..\Run: [yalggvz] C:\WINDOWS\system32\yalggvz.exe O4 - HKLM\..\Run: [cvfdwdc] C:\WINDOWS\system32\cvfdwdc.exe O4 - HKLM\..\Run: [rkuexnyzcedd] C:\WINDOWS\system32\rkuexnyzcedd.exe O4 - HKLM\..\Run: [un] C:\WINDOWS\system32\un.exe O4 - HKLM\..\Run: [umneihg] C:\WINDOWS\system32\umneihg.exe O4 - HKLM\..\Run: [eozlpcykyggt] C:\WINDOWS\system32\eozlpcykyggt.exe O4 - HKLM\..\Run: [omjcf] C:\WINDOWS\system32\omjcf.exe O4 - HKLM\..\Run: [qkyapt] C:\WINDOWS\system32\qkyapt.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [jxdka] C:\WINDOWS\system32\jxdka.exe O4 - HKLM\..\Run: [intgkeovy] C:\WINDOWS\system32\intgkeovy.exe O4 - HKLM\..\Run: [mmxhuu] C:\WINDOWS\system32\mmxhuu.exe O4 - HKLM\..\Run: [dnsi] C:\WINDOWS\system32\dnsi.exe O4 - HKLM\..\Run: [goboznffn] C:\WINDOWS\system32\goboznffn.exe O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\wuibmnck.dll",forkonce O4 - HKLM\..\Run: [djtxclylfrln] C:\WINDOWS\system32\djtxclylfrln.exe O4 - HKLM\..\Run: [n] C:\WINDOWS\system32\n.exe O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arthur\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4228913B-ACC4-4DFF-A6E3-F5D836662BE3}: NameServer = 141.202.1.108,130.200.10.108 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: geebc - C:\WINDOWS\system32\geebc.dll O20 - Winlogon Notify: rqrpmno - rqrpmno.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: yayvtut - yayvtut.dll (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Wireless Discovery Service (DSSNVC) - Unknown owner - C:\WINDOWS\repair\dbmsvc.exe (file missing) O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe (file missing) O23 - Service: Print Spooler Service (ue46ntaouyiz) - Unknown owner - C:\WINDOWS\system32\n.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
  2. Redmofia
    Incident Status Location Virus:Generic Malware Disinfected Operating system Virus:Generic Trojan Disinfected Operating system Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\xhyetxmf.dll Adware:adware/tubby Not disinfected c:\windows\system32\WER8274.DLL Adware:adware/ncase Not disinfected c:\windows\didduid.ini Adware:adware/ist.sidefind Not disinfected Windows Registry Adware:adware/dyfuca Not disinfected Windows Registry Adware:adware/sqwire Not disinfected Windows Registry Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC} Adware:adware/surfassistant Not disinfected Windows Registry Adware:adware/powerstrip Not disinfected Windows Registry Adware:adware/404search Not disinfected Windows Registry Adware:adware/exact.searchbar Not disinfected Windows Registry Adware:adware/wupd Not disinfected Windows Registry Adware:adware/ieplugin Not disinfected Windows Registry Adware:adware/adlogix Not disinfected Windows Registry Adware:adware/wintools Not disinfected Windows Registry Adware:adware/favoriteman Not disinfected Windows Registry Adware:adware/bookedspace Not disinfected Windows Registry Spyware:spyware/searchcentrix Not disinfected Windows Registry Spyware:spyware/betterinet Not disinfected Windows Registry Adware:adware/ist.istbar Not disinfected Windows Registry Adware:adware/exact.bargainbuddy Not disinfected Windows Registry Virus:Generic Malware Disinfected C:0.exe Virus:Generic Malware Disinfected C:1.exe Virus:Generic Malware Disinfected C:2.exe Virus:Generic Malware Disinfected C:3.exe Virus:Generic Malware Disinfected C:\1.exe Virus:Generic Malware Disinfected C:\2.exe Virus:Generic Malware Disinfected C:\3.exe Virus:Generic Malware Disinfected C:\4.exe Virus:Generic Malware Disinfected C:\5.exe Virus:Generic Malware Disinfected C:\6.exe Adware:Adware/Yazzle Not disinfected C:\BOOTINI.EXE.0.AVB Virus:Generic Malware Disinfected C:\bootloaderX.exe Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt[.atwola.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\pqlqu0gq.default\cookies.txt[.azjmp.com/] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[baaaaBaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[VaaaaaaaBaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[Dvnny.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[baaaaa.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[Dex.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[Dix.class] Virus:JS/Downloader.NOE Disinfected C:\Documents and Settings\Arthur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3cedbdad-778bebe3.zip[Dux.class] Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\crkyqabr.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\frgtbsgq.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\kqqoyypc.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\mwgavuhx.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\oasprbqs.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\rhflwlxv.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\rhphhyhb.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\TGTSXXPR.DLL.0.AVB Virus:Trj/Downloader.ORT Disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\wardgufx.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\ximpdhin.dll Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\xqycgyqx.dll Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.bravenet.com/] Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.xiti.com/] Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.rightmedia.net/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.go.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.c3.gostats.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.belnk.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.belnk.com/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.ath.belnk.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Edward\Application Data\Mozilla\Firefox\Profiles\1iali8c0.default\cookies.txt[.c3.gostats.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Edward\Cookies\edward@2o7[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Edward\Cookies\edward@doubleclick[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\eltbedwl.default\cookies.txt[.bravenet.com/] Virus:Generic Malware Disinfected C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll Virus:Generic Malware Disinfected C:\upd02.exe Virus:Generic Malware Disinfected C:\upd02001.exe Virus:Generic Malware Disinfected C:\upd05001.exe Virus:Generic Malware Disinfected C:\upd08001.exe Virus:Generic Malware Disinfected C:\upd09001.exe Virus:Generic Malware Disinfected C:\upd0901.exe Virus:Generic Malware Disinfected C:\update.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\rscope.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\EYFTBXAA.DLL.0.AVB Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\GEBCYVS.DLL.0.AVB Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\IIFFDAW.DLL.0.AVB Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\system32\instsrv.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\JKKLIJK.DLL.0.AVB Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\LIBXSSNK.DLL.0.AVB Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\QOMMNKL.DLL.0.AVB Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\SSQOLIG.DLL.0.AVB Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\URQOPNL.DLL.0.AVB Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\WQNGFCGJ.DLL.0.AVB Adware:Adware/CWS.GoogleError Not disinfected C:\WINDOWS\system32\wvieomie.VIR Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\YSNTURUL.DLL.0.AVB Virus:Generic Malware Disinfected D:\ar\iopus.com\iopus-pwdrec-setup.exe Virus:Generic Malware Disinfected D:\ar\snadboy.com\RevelationV2.zip[setupRevelationV2.exe] Virus:Generic Malware Disinfected D:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
  3. Redmofia
    --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 11:22:52 PM 7/7/2007 + Scan result: C:\Documents and Settings\Edward\Local Settings\Temp\webrebates.exe -> Adware.WebRebates : No action taken. C:\Documents and Settings\Edward\Local Settings\Temporary Internet Files\Content.IE5\WLO1MZG9\adfcook[1] -> Downloader.Tiny.id : No action taken. C:\WINDOWS\system32\MSDN_LIB.DLL.0.AVB -> Downloader.VB.apq : No action taken. :mozilla.127:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.128:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@aavalue[1].txt -> TrackingCookie.Aavalue : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@arn.aavalue[2].txt -> TrackingCookie.Aavalue : No action taken. C:\Documents and Settings\Edward\Cookies\edward@aavalue[1].txt -> TrackingCookie.Aavalue : No action taken. C:\Documents and Settings\Edward\Cookies\edward@arn.aavalue[1].txt -> TrackingCookie.Aavalue : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. :mozilla.75:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.76:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.77:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.78:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken. :mozilla.79:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@advertising[2].txt -> TrackingCookie.Advertising : No action taken. :mozilla.54:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. :mozilla.25:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.27:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.28:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken. :mozilla.29:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Edward\Cookies\edward@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken. C:\Documents and Settings\Edward\Cookies\edward@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken. :mozilla.26:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. :mozilla.107:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Euroclick : No action taken. :mozilla.108:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Euroclick : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken. C:\Documents and Settings\Edward\Cookies\edward@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@fortunecity[1].txt -> TrackingCookie.Fortunecity : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. :mozilla.49:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@overture[2].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@perf.overture[1].txt -> TrackingCookie.Overture : No action taken. :mozilla.71:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.72:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.73:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken. :mozilla.74:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken. :mozilla.83:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.84:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.85:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.86:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.87:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.88:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Questionmarket : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken. :mozilla.53:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Realmedia : No action taken. :mozilla.55:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Realmedia : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@realmedia[1].txt -> TrackingCookie.Realmedia : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken. C:\Documents and Settings\Edward\Cookies\edward@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken. :mozilla.122:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Revsci : No action taken. :mozilla.123:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Revsci : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@revsci[1].txt -> TrackingCookie.Revsci : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. :mozilla.10:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken. :mozilla.11:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken. :mozilla.12:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken. :mozilla.13:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Specificclick : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken. :mozilla.82:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@reduxads.valuead[2].txt -> TrackingCookie.Valuead : No action taken. :mozilla.80:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. :mozilla.81:C:\Documents and Settings\Arthur\Application Data\Mozilla\Firefox\Profiles\9l3teby6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken. C:\Documents and Settings\Arthur\Cookies\arthur@zedo[1].txt -> TrackingCookie.Zedo : No action taken. C:\Documents and Settings\Edward\Local Settings\Temporary Internet Files\Content.IE5\ANIBU9IR\koocwolla_20070601[1] -> Trojan.Agent.anr : No action taken. C:\Documents and Settings\Edward\Local Settings\Temporary Internet Files\Content.IE5\SZUBUHAD\koocwolla_20070601[1] -> Trojan.Agent.anr : No action taken. C:\System Volume Information\_restore{CF9CDDA1-6052-4E0E-BB88-D470E42D17CE}\RP878\A0108807.exe -> Trojan.Agent.anr : No action taken. C:\Documents and Settings\Arthur\Local Settings\Temp\FYYWAILN.EXE.0.AVB -> Trojan.Agent.aoy : No action taken. C:\Documents and Settings\Edward\Local Settings\Temporary Internet Files\Content.IE5\SEKLCJM5\tob_snd_20070616[1] -> Trojan.Agent.aoy : No action taken. ::Report end
  4. Redmofia
    Once again, no log file was generated.
  5. Redmofia
    No report was generated.
  6. Redmofia
    Vundofix.txt: VundoFix V6.5.0 Checking Java version... Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Scan started at 11:01:16 AM 6/14/2007 Listing files found while scanning.... C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak2 C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini2 C:\WINDOWS\system32\adeeg.tmp C:\WINDOWS\system32\eyftbxaa.dll C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\libxssnk.dll C:\WINDOWS\system32\wqngfcgj.dll C:\WINDOWS\system32\yayvtut.dll C:\WINDOWS\system32\ysnturul.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\adeeg.bak1 C:\WINDOWS\system32\adeeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.bak2 C:\WINDOWS\system32\adeeg.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.ini C:\WINDOWS\system32\adeeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.ini2 C:\WINDOWS\system32\adeeg.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\adeeg.tmp C:\WINDOWS\system32\adeeg.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\geeda.dll C:\WINDOWS\system32\geeda.dll Has been deleted! Performing Repairs to the registry. Done! Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 12:00:44 PM, on 6/14/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Tools\daemon.exe D:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE C:\Program Files\Common Files\AOL\1146929648\ee\AOLSoftware.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\rundll32.exe d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\WINDOWS\repair\dbmsvc.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\Config\service.exe C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE C:\WINDOWS\system32\UAService7.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\Program Files\Hijackthis\HijackThis.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...www.google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...count_id=146189 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {080562AA-A7BF-43A1-91C8-ED0939EFC750} - C:\WINDOWS\system32\geeda.dll (file missing) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {1FE12CBF-E9FA-4696-9E31-7D981C28EA47} - C:\WINDOWS\system32\wvieomie.dll (file missing) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {E7860229-4B3D-4383-A8FA-7108FE940E96} - C:\WINDOWS\system32\wvieomie.dll (file missing) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing) O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DLPSP] "d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146929648\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [hcsystray] D:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tqznigawvcr] C:\WINDOWS\system32\tqznigawvcr.exe O4 - HKLM\..\Run: [mvytbehrv] C:\WINDOWS\system32\mvytbehrv.exe O4 - HKLM\..\Run: [rowjbg] C:\WINDOWS\system32\rowjbg.exe O4 - HKLM\..\Run: [ibmaxdqazr] C:\WINDOWS\system32\ibmaxdqazr.exe O4 - HKLM\..\Run: [buheelnesd] C:\WINDOWS\system32\buheelnesd.exe O4 - HKLM\..\Run: [drowzmqy] C:\WINDOWS\system32\drowzmqy.exe O4 - HKLM\..\Run: [ufuhius] C:\WINDOWS\system32\ufuhius.exe O4 - HKLM\..\Run: [eyz] C:\WINDOWS\system32\eyz.exe O4 - HKLM\..\Run: [fjvprbibo] C:\WINDOWS\system32\fjvprbibo.exe O4 - HKLM\..\Run: [xmadbweevd] C:\WINDOWS\system32\xmadbweevd.exe O4 - HKLM\..\Run: [za] C:\WINDOWS\system32\za.exe O4 - HKLM\..\Run: [wok] C:\WINDOWS\system32\wok.exe O4 - HKLM\..\Run: [yalggvz] C:\WINDOWS\system32\yalggvz.exe O4 - HKLM\..\Run: [nxolkl] C:\WINDOWS\system32\nxolkl.exe O4 - HKLM\..\Run: [cvfdwdc] C:\WINDOWS\system32\cvfdwdc.exe O4 - HKLM\..\Run: [rkuexnyzcedd] C:\WINDOWS\system32\rkuexnyzcedd.exe O4 - HKLM\..\Run: [un] C:\WINDOWS\system32\un.exe O4 - HKLM\..\Run: [umneihg] C:\WINDOWS\system32\umneihg.exe O4 - HKLM\..\Run: [eozlpcykyggt] C:\WINDOWS\system32\eozlpcykyggt.exe O4 - HKLM\..\Run: [omjcf] C:\WINDOWS\system32\omjcf.exe O4 - HKLM\..\Run: [qkyapt] C:\WINDOWS\system32\qkyapt.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arthur\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4228913B-ACC4-4DFF-A6E3-F5D836662BE3}: NameServer = 141.202.1.108,130.200.10.108 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: yayvtut - yayvtut.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Wireless Discovery Service (DSSNVC) - Unknown owner - C:\WINDOWS\repair\dbmsvc.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Print Spooler Service (keevikaheee0) - Unknown owner - C:\WINDOWS\system32\umneihg.exe (file missing) O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
  7. Redmofia
    Logfile of HijackThis v1.99.1 Scan saved at 11:21:16 AM, on 6/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\CA\ETRUST~1\realmon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\D-Tools\daemon.exe D:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE C:\Program Files\Common Files\AOL\1146929648\ee\AOLSoftware.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\WINDOWS\repair\dbmsvc.exe C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe C:\WINDOWS\Config\service.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe C:\WINDOWS\system32\nxolkl.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe D:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msorcl32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ER}&ar=home R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) O2 - BHO: (no name) - {1FE12CBF-E9FA-4696-9E31-7D981C28EA47} - C:\WINDOWS\system32\wvieomie.dll (file missing) O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file) O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file) O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file) O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file) O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7A93CA2C-4F0A-4460-89CE-C8A16681CFD9} - C:\WINDOWS\system32\geeda.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file) O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {BE4E1890-3C18-4D15-9709-6C10218E3A0C} - C:\WINDOWS\system32\yayvtut.dll (file missing) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\libxssnk.dll (file missing) O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file) O2 - BHO: (no name) - {E7860229-4B3D-4383-A8FA-7108FE940E96} - C:\WINDOWS\system32\wvieomie.dll (file missing) O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file) O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing) O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [DLPSP] "d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146929648\ee\AOLSoftware.exe O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKLM\..\Run: [hcsystray] D:\Program Files\Kuma Games\hcsystray\hc_tray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [tqznigawvcr] C:\WINDOWS\system32\tqznigawvcr.exe O4 - HKLM\..\Run: [mvytbehrv] C:\WINDOWS\system32\mvytbehrv.exe O4 - HKLM\..\Run: [rowjbg] C:\WINDOWS\system32\rowjbg.exe O4 - HKLM\..\Run: [ibmaxdqazr] C:\WINDOWS\system32\ibmaxdqazr.exe O4 - HKLM\..\Run: [buheelnesd] C:\WINDOWS\system32\buheelnesd.exe O4 - HKLM\..\Run: [drowzmqy] C:\WINDOWS\system32\drowzmqy.exe O4 - HKLM\..\Run: [ufuhius] C:\WINDOWS\system32\ufuhius.exe O4 - HKLM\..\Run: [eyz] C:\WINDOWS\system32\eyz.exe O4 - HKLM\..\Run: [fjvprbibo] C:\WINDOWS\system32\fjvprbibo.exe O4 - HKLM\..\Run: [xmadbweevd] C:\WINDOWS\system32\xmadbweevd.exe O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\wqngfcgj.dll",realset O4 - HKLM\..\Run: [za] C:\WINDOWS\system32\za.exe O4 - HKLM\..\Run: [wok] C:\WINDOWS\system32\wok.exe O4 - HKLM\..\Run: [yalggvz] C:\WINDOWS\system32\yalggvz.exe O4 - HKLM\..\Run: [nxolkl] C:\WINDOWS\system32\nxolkl.exe O4 - HKLM\..\Run: [cvfdwdc] C:\WINDOWS\system32\cvfdwdc.exe O4 - HKLM\..\Run: [rkuexnyzcedd] C:\WINDOWS\system32\rkuexnyzcedd.exe O4 - HKLM\..\Run: [un] C:\WINDOWS\system32\un.exe O4 - HKLM\..\Run: [umneihg] C:\WINDOWS\system32\umneihg.exe O4 - HKLM\..\Run: [eozlpcykyggt] C:\WINDOWS\system32\eozlpcykyggt.exe O4 - HKLM\..\Run: [omjcf] C:\WINDOWS\system32\omjcf.exe O4 - HKLM\..\Run: [qkyapt] C:\WINDOWS\system32\qkyapt.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (file missing) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Arthur\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin10USA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4228913B-ACC4-4DFF-A6E3-F5D836662BE3}: NameServer = 141.202.1.108,130.200.10.108 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: geeda - C:\WINDOWS\system32\geeda.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: yayvtut - yayvtut.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - d:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Wireless Discovery Service (DSSNVC) - Unknown owner - C:\WINDOWS\repair\dbmsvc.exe O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe O23 - Service: Print Spooler Service (keevikaheee0) - Unknown owner - C:\WINDOWS\system32\umneihg.exe O23 - Service: Service Configurator (Service_v1) - Unknown owner - C:\WINDOWS\Config\service.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.