Jump to content

RyoKazuki

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by RyoKazuki

  1. Ah, ok, thanks for your help. I just wanted to make sure it wasn't malware. I'll go check out the PC Help forum then.
  2. I haven't seen what causes it, but I just notice the missing space. I wasn't sure if it was an infection or not either, but I figure I would check it out to see if it was. Malwarebytes' Anti-Malware 1.19 Database version: 924 Windows 5.1.2600 Service Pack 2 12:23:19 AM 7/6/2008 mbam-log-7-6-2008 (00-23-19).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 107230 Time elapsed: 43 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:24:59 AM, on 7/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\SYSTEM32\Rpcnet.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\conime.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\AeriaGames\DOMO\Main\DOMO.exe c:\program files\aim6\anotify.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Movies Extractor Scout - {C1ADE8AE-BD07-40DD-82EA-BD01406CA617} - C:\Program Files\Movies Extractor Scout\flashextract.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170267702531 O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab55708.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11047 bytes
  3. Hello, I was here not too long ago to get help removing vundo from my computer. I think vundo is gone, but recently I've been having the problem where my hard drive space would plummet and then go back up again. I'm not sure what this is from but I would greatly appreciate it if I could do something about it. Here are the scans. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:31:35 PM, on 7/3/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Kerio\Personal Firewall\persfw.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\SYSTEM32\Rpcnet.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Apoint\HidFind.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\AeriaGames\DOMO\Main\DOMO.exe c:\program files\aim6\anotify.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Movies Extractor Scout - {C1ADE8AE-BD07-40DD-82EA-BD01406CA617} - C:\Program Files\Movies Extractor Scout\flashextract.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170267702531 O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab55708.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11058 bytes ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-07-03 20:21:37 PROTECTIONS: 1 MALWARE: 15 SUSPECTS: 1 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== AVG Anti-Virus Free 8.0 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.tribalfusion.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\libill\Application Data\Mozilla\Firefox\Profiles\3kseioz7.default\cookies.txt[.com.com/] 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.azjmp.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.serving-sys.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.serving-sys.com/] 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.bs.serving-sys.com/] 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[www.burstbeacon.com/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxpi9uhx.default\cookies.txt[server.iad.liveperson.net/hc/61298727] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxpi9uhx.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxpi9uhx.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[server.iad.liveperson.net/hc/28464961] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[server.iad.liveperson.net/hc/19452074] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@advertising[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@ads.pointroll[1].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.ads.pointroll.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.realmedia.com/] 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.realmedia.com/] 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.bravenet.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@adultfriendfinder[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.adultfriendfinder.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.did-it.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.atwola.com/] 00303898 Dialer.HQY Dialers No 0 Yes No C:\!KillBox\ntagent.web( 1) 00303898 Dialer.HQY Dialers No 0 Yes No C:\!KillBox\ntagent.web 00303898 Dialer.HQY Dialers No 0 Yes No C:\i386\Rpcnet.dll 00303898 Dialer.HQY Dialers No 0 Yes No C:\i386\Rpcnet.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location ;=============================================================================== ================================================================================ = =================== Yes C:\Program Files\Trend Micro\HijackThis\backups\BACKUP-20080618-135345-401.0LL ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.19 Database version: 919 Windows 5.1.2600 Service Pack 2 9:22:11 PM 7/3/2008 mbam-log-7-3-2008 (21-22-10).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 106744 Time elapsed: 53 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. Thank you very much, you've been a great help. Been trying for about a week to get rid of this darn thing. Hopefully my comp will continue to be clean. I'll be sure to stop back in if I have any trouble though.
  5. It's running fine for me for now. I should be clean upon restart, correct?
  6. Scanning Report Wednesday, June 18, 2008 14:13:59 - 17:16:13 Computer name: KURURU Scanning type: Scan system for malware, rootkits Target: C:\ Result: 2 malware found W32/Malware (virus) * C:\WINDOWS\system32\ctmweb.exe (Submitted) * C:\i386\ctmweb.exe (Submitted) Statistics Scanned: * Files: 460291 * System: 3898 * Not scanned: 300 Actions: * Disinfected: 0 * Renamed: 0 * Deleted: 0 * None: 2 * Submitted: 2 Files not scanned: * `(φIBERFIL.SYS C:\PAGEFILE.SYS * C:\WINDOWS\SYSTEM32\BIOS1.ROM * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\SPTD8349.SYS * C:\WINDOWS\SYSTEM32\DRIVERS\VAXSCSI.SYS * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG * C:\WINDOWS\SYSTEM32\CONFIG\SAM * C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG * C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG * C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB * C:\WINDOWS\PCHEALTH\ERRORREP\USERDUMPS\WINLOGON.EXE.20080418-034452-00.HDMP * C:\PROGRAM FILES\PCSX2_0.9.4\BIOS\PS2 BIOS 30004R V6 PAL.NVM * C:\PROGRAM FILES\PCSX2_0.9.4\BIOS\SCPH10000.NVM * C:\PROGRAM FILES\PCSX2_0.9.4\BIOS\SCPH39001.NVM * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MASTER.MDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MASTLOG.LDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MODEL.MDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MODELLOG.LDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MSDBDATA.MDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MSDBLOG.LDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\TEMPDB.MDF * C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\TEMPLOG.LDF * C:\I386\BIOS1.ROM * C:\DOCUMENTS AND SETTINGS\RYO_2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9GV09UPO.DEFAULT\CACHE\_CACHE_001_ * C:\DOCUMENTS AND SETTINGS\RYO_2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9GV09UPO.DEFAULT\CACHE\_CACHE_002_ * C:\DOCUMENTS AND SETTINGS\RYO_2\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9GV09UPO.DEFAULT\CACHE\_CACHE_003_ * C:\DOCUMENTS AND SETTINGS\RYO\NTUSER.DAT * C:\DOCUMENTS AND SETTINGS\RYO\NTUSER.DAT.LOG * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161873976177.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161874676363.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875105532.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875136968.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875168439.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875199893.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875231494.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875263107.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875295900.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875327660.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875359018.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875390669.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875422164.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_Polyna.zip\1161875453572.jpg * C:\Documents and Settings\Ryo\My Documents\My Games\Oblivion\Osaka\Polina_-_P:\Z Options Scanning engines: * F-Secure USS: 2.30.0 * F-Secure Hydra: 2.8.8110, 2008-06-18 * F-Secure AVP: 7.0.171, 2008-06-18 * F-Secure Pegasus: 1.20.0, 2008-04-14 * F-Secure Blacklight: 1.0.68 Scanning options: * Scan all files * Scan inside archives * Use Advanced heuristics Copyright
  7. Hello, my comp has recently been infected and I've tried several different ways to get rid of it. I have the MBAM log, the panda active scan log, and the Hijack This log. Hope someone can help me. Malwarebytes' Anti-Malware 1.17 Database version: 864 7:00:23 PM 6/17/2008 mbam-log-6-17-2008 (19-00-23).txt Scan type: Quick Scan Objects scanned: 56548 Time elapsed: 11 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-06-17 23:08:50 PROTECTIONS: 1 MALWARE: 27 SUSPECTS: 0 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== AVG Anti-Virus Free 8.0 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@trafficmp[1].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@atdmt[2].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\libill\Application Data\Mozilla\Firefox\Profiles\3kseioz7.default\cookies.txt[.atdmt.com/] 00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@247realmedia[1].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@tribalfusion[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.tribalfusion.com/] 00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@ccbill[1].txt 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\libill\Application Data\Mozilla\Firefox\Profiles\3kseioz7.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.com.com/] 00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.com.com/] 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@xiti[1].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@azjmp[2].txt 00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.azjmp.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@ad.yieldmanager[2].txt 00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[www.burstbeacon.com/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxpi9uhx.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[server.iad.liveperson.net/hc/19452074] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[server.iad.liveperson.net/] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxpi9uhx.default\cookies.txt[server.iad.liveperson.net/hc/61298727] 00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qxpi9uhx.default\cookies.txt[server.iad.liveperson.net/] 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@advertising[3].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@advertising[2].txt 00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@ads.pointroll[2].txt 00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@hc2.humanclick[1].txt 00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@realmedia[2].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@questionmarket[3].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@questionmarket[1].txt 00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@bravenet[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@adultfriendfinder[1].txt 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo_2\Application Data\Mozilla\Firefox\Profiles\9gv09upo.default\cookies.txt[.did-it.com/] 00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.did-it.com/] 00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_network_monitor 00219235 adware/commad Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_cmdservice 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Application Data\Mozilla\Firefox\Profiles\kcgw6zzy.default\cookies.txt[.atwola.com/] 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Local Settings\Temp\Cookies\ryo@atwola[1].txt 00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@atwola[2].txt 00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@www.drivecleaner[2].txt 00296582 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Local Settings\Temp\Cookies\ryo@www.drivecleaner[2].txt 00296583 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Local Settings\Temp\Cookies\ryo@stats.drivecleaner[2].txt 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@drivecleaner[2].txt 00296584 Cookie/DriveCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Local Settings\Temp\Cookies\ryo@drivecleaner[2].txt 00303898 Dialer.HQY Dialers No 0 Yes No C:\i386\ntagent.web 00303898 Dialer.HQY Dialers No 0 Yes No C:\i386\Rpcnet.dll 00303898 Dialer.HQY Dialers No 0 Yes No C:\i386\Rpcnet.exe 00303898 Dialer.HQY Dialers No 0 Yes No C:\WINDOWS\system32\ntagent.web 01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Ryo\Cookies\ryo@adserver.easyad[1].txt ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location C ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description C ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:05:07 PM, on 6/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Documents and Settings\Ryo_2\My Documents\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\AIM6\aim6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe C:\WINDOWS\SYSTEM32\Rpcnet.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {19F5B2A7-7760-461A-BBCF-4C6C8577E330} - C:\WINDOWS\system32\ddcBTMgd.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: {c08d7fb9-ce87-e1e9-e7e4-a3a60696485c} - {c5846960-6a3a-4e7e-9e1e-78ec9bf7d80c} - C:\WINDOWS\system32\kovuxptx.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Movies Extractor Scout - {C1ADE8AE-BD07-40DD-82EA-BD01406CA617} - C:\Program Files\Movies Extractor Scout\flashextract.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DOCUME~1\Ryo_2\MYDOCU~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.gomyhit.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170267702531 O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - http://www.lojackforlaptops.com/ctmweb/testoc.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab55708.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL, O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Documents and Settings\Ryo_2\My Documents\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: DataSvr2 - Unknown owner - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (file missing) O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\SYSTEM32\Rpcnet.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11572 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.