Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unknown Trojan on pc

Started by Peelymonster , Dec 29 2006 10:19 AM

  • Please log in to reply

#1
Peelymonster
Posted 29 December 2006 - 10:19 AM

Peelymonster

    Member

  • Member
  • PipPip
  • 31 posts
Hi G2G!

I'm hoping you can help - we got this Trojan about 6 weeks ago. It impacts our internet connectivity and is getting worse and worse. I originally logged this issue in the XP forum, but they directed me to this forum instead. I followed your steps and here are my results:

FYI - In addition to Registry Mechanic, I also run Norton Internet Security 2006, AdAware, Spybot Search & Destroy, CleanUp & CWShredder. None of these have been able to fix this trojan. Here is the name of the Trojan as identified by Norton: Mlsdf8h6764984.exe[color=#FF0000].

Please let me know what I need to do to get this rascal off my pc. Thanks!

Here are the steps I followed as well as the notepad reports:

Remove SprwareQuake - I ran this, but it wasn't on my pc
Remove SpyFalcon - Ran this and the text file is below "SpyFalcon-smitfraudfix 12-28-06"
Remove Winfixer, Virtumonde, Msevents, and Trojan.vundo - I ran this, but it wasn't on my pc
Remove VirusRescue, SpyAxe, SprywareStrike, SpySherrif..... - See same text file as above
(Note, there was a lot of duplication in the steps you outlined)
ATF Cleaner - done
System Restore - done
AVG Anti-Spyware - "Report-Scan-20061228-184638"
SuperAntiSpyware - "SUPERAntiSpyware Scan Log - 12-29-2006 - 06-56-25"
Panda Activescan - "Activescan 12-28-06"
Windows Updates - done
Reboot test - done
Hijack This - "Hijackthis 12-29-06"

=========
SmitFraudFix v2.131

Scan done at 13:23:48.40, Thu 12/28/2006
Run from C:\Documents and Settings\Peel Family - Admin\Desktop\TOOLBOX\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

==========
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:46:38 PM 12/28/2006

+ Scan result:



C:\System Volume Information\_restore{3046FB0E-23DA-444A-B309-38C3377047CB}\RP932\A0143109.dll -> Adware.Viewpoint : No action taken.
:mozilla.211:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.185:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.186:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.187:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.188:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.200:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.217:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.218:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.219:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.223:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.54:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.191:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.192:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.199:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Peel Family - Admin\Cookies\peel family - admin@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.198:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
:mozilla.220:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.221:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.222:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.189:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.190:C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt -> TrackingCookie.Sexlist : No action taken.


::Report end

==========
SUPERAntiSpyware Scan Log
Generated 12/29/2006 at 06:56 AM

Application Version : 3.4.1000

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Complete Scan
Total Scan Time : 07:11:44

Memory items scanned : 161
Memory threats detected : 0
Registry items scanned : 4699
Registry threats detected : 3
File items scanned : 140436
File threats detected : 2

Trojan.Downloader-Gen/SK
HKLM\System\ControlSet001\Services\ti7kz85x
C:\WINDOWS\SYSTEM32\MLSDF8H6764984.EXE
HKLM\System\ControlSet002\Services\ti7kz85x
HKLM\System\CurrentControlSet\Services\ti7kz85x

Adware.Viewpoint Toolbar
C:\SYSTEM VOLUME INFORMATION\_RESTORE{3046FB0E-23DA-444A-B309-38C3377047CB}\RP939\A0145191.DLL
==========

Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator.PEEL\Application Data\Mozilla\Firefox\Profiles\vg5jhmrr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Administrator.PEEL\Application Data\Mozilla\Firefox\Profiles\vg5jhmrr.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator.PEEL\Application Data\Mozilla\Firefox\Profiles\vg5jhmrr.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\wcb52s5w.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\wcb52s5w.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Michelle\Application Data\Mozilla\Firefox\Profiles\wcb52s5w.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Peel Family - Admin\Cookies\peel family - admin@com[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peel Family - Admin\Desktop\TOOLBOX\Smitfraudfix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peel Family - Admin\Desktop\TOOLBOX\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peel Family - Admin\Desktop\TOOLBOX\smitRem.exe[smitRem/Process.exe]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Peel Family - Admin\My Documents\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Peel Family - Admin\My Documents\cookies.txt[.azjmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Peel Family - Admin\My Documents\cookies.txt[.realmedia.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Peel Family - Admin\My Documents\Unzipped\SmitfraudFix\SmitfraudFix\Process.exe
Spyware:Cookie/360i Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt[ct.360i.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/360i Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt[ct.360i.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\BPeely\91hfzphe.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Belnk Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/360i Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[ct.360i.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/360i Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[ct.360i.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[anm.co.uk/]
Spyware:Cookie/WebPower Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.webpower.com/]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.xiti.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/SexList Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.sexlist.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DPeely\qn707lp4.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Xiti Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.xiti.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/WebPower Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.webpower.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Rightmedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[rightmedia.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Niteowlinstall\qajv5mp9.slt\cookies.txt[.hitbox.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0b\gecko\usr\Profiles\BPeely\xauzqhum.slt\cookies.txt[.atwola.com/]
Dialer:Dialer.AMP Not disinfected C:\Program Files\Internet Explorer\k.exe
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\Program Files\KaZaA\bdcore.dll
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\adtech2006.exe
============
Logfile of HijackThis v1.99.1
Scan saved at 9:44:33 AM, on 12/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\Peel Family - Admin\Desktop\TOOLBOX\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB Adapter\AIRPLUS.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Administrator.PEEL\Desktop\TOOLBOX - Fix Programs\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [cdromsys.exe] CdROM Drivers
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [cdromsys.exe] CdROM Drivers
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgall..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\Peel Family - Admin\Desktop\TOOLBOX\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ipxmontr - Unknown owner - C:\WINDOWS\ipxmontr.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP