Jump to content

Can't eliminate Vundo


Recommended Posts

Hi, I use Malwarebytes on a regular basis but can't get rid of this Vundo infection. Here are my three logs for review. Please help!

Malwarebytes' Anti-Malware 1.31

Database version: 1554

Windows 5.1.2600 Service Pack 3

12/29/2008 1:54:31 PM

mbam-log-2008-12-29 (13-54-31).txt

Scan type: Quick Scan

Objects scanned: 50312

Time elapsed: 5 minute(s), 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda Scan:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-29 14:49:56

PROTECTIONS: 2

MALWARE: 44

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

McAfee Internet Security Suite 2007 9.0 No Yes

McAfee VirusScan Plus 13.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms juan

00029434 spyware/virtumonde Spyware No 1 Yes No hkey_local_machine\software\microsoft\ms track system

00035911 adware/broadcastpc Adware No 0 Yes No hkey_local_machine\software\bpt

00035911 adware/broadcastpc Adware No 0 Yes No c:\program files\bpt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@trafficmp[2].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@trafficmp[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@atdmt[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@atdmt[3].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@tradedoubler[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@247realmedia[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@tribalfusion[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@tribalfusion[4].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@mediaplex[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@www.myaffiliateprogram[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@www.myaffiliateprogram[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@com[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@xiti[1].txt

00167730 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@ehg.hitbox[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@azjmp[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@azjmp[3].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@azjmp[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@statcounter[1].txt

00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@counter.hitslink[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@perf.overture[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@ad.yieldmanager[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@ad.yieldmanager[3].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@apmebf[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@apmebf[4].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@serving-sys[4].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@bs.serving-sys[3].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@www.burstbeacon[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@www.burstbeacon[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@weborama[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@adtech[2].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@server.iad.liveperson[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@advertising[3].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@ads.pointroll[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@overture[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@realmedia[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@realmedia[3].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@zedo[2].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@phg.hitbox[1].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@phg.hitbox[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@adrevolver[3].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@adrevolver[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@go[3].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@go[4].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@target[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@target[2].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@did-it[1].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@adviva[3].txt

00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@adviva[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@ads.addynamix[1].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@citi.bridgetrack[3].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@citi.bridgetrack[2].txt

00497423 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1229\A0060885.dll

00497423 Spyware/Virtumonde Spyware Yes 2 Yes No C:\WINDOWS\System32\ysgzfa.dll

00497423 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\SYSTEM32\shafvjlj.dll

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Michelle\Cookies\michelle@enhance[2].txt

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location #n

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description #n

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

HiJack Scan:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:53:11 PM, on 12/29/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\WINDOWS\system32\svchost.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe

C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe

C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe

C:\Program Files\eFax Messenger 4.0\J2GTray.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: {7958cd2c-96f5-0259-8f64-201bdb3f9a94} - {49a9f3bd-b102-46f8-9520-5f69c2dc8597} - C:\WINDOWS\system32\ysgzfa.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [statusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe

O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: Download with &Etomi - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000

O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Filter hijack: text/html - {6a264b8e-b188-4917-8941-5496b24c8ddb} - C:\WINDOWS\system32\mst120.dll

O20 - AppInit_DLLs: ysgzfa.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe

--

End of file - 8813 bytes

Link to post
Share on other sites

Greetings and welcome to the forum.

To get you fixed up please follow the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

That is the forum the experts frequent to assist with logs.

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.