Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

extremely agressive trojan downloaders and adware[CLOSED]


  • Please log in to reply

#1
thatkoreanguy

thatkoreanguy

    Member

  • Member
  • PipPip
  • 14 posts
sooo... I had turned off spy sweeper so I could run another program better. I had forgotten to turn it back on when I got a trojan from one of the advertisers on spikedhumor(or spiked themselves). I started the process of removing viruses like I usually do(scans, remove programs, etc) and removed the mirir toolbar as well as 3-4 other fake anti-virus software. but somewhere in the process, a trojan downloader as well as some other bugs, trojans, viruses and such got onto my system. I had to go into the registry to re-enable my task manager, my desktop has frozen itself to a blank background, my system is down to a grinding pace and I've been unable to get any program to fully remove all the garbage that has tracked it's way onto it.

I've run ATF, I ran and used ewido suite as well as webroots spysweeper, the first time I used the panda scan, the trojans overwhelmed my computer somehow and restarted my machine and somewhere in the process disabled or deleted my explorer.exe file. I'd start windows and all I would get is a blank screen and when I'd attempt to run the program using the task manager, it'd give me a message that explorer.exe is an unknown program to win32. so I used my windows cd and reinstalled the entire boot process. I seem to be locked out of system restore so I was unable to do that step, and my computer was installed with a windows cd that came with the service pack 2 as part of the install.

edit: on another post I saw that someone suggested using look2me destroyer, combofix, vundofix, and deldomains.inf. I installed and let all the programs run and here is my new look2me, combofix, and hijack this log. hope these extra steps help! thanks.

edit2: I said screw it. I formatted my computer. problem solved :whistling:


look2 me log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 7/26/2007 2:48:03 AM


Attempting to delete infected files...

Making registry repairs.


Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Combofix log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Robert Paik" - 2007-07-26 3:01:50 - ComboFix 07-07-23.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\urqpoml.dll
C:\WINDOWS\system32\urqpoml.dll
C:\WINDOWS\system32\pmnkhff.dll
C:\WINDOWS\system32\pmnkhff.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\LOCALS~1\APPLIC~1\Install.dat
C:\DOCUME~1\NETWOR~1\APPLIC~1\Install.dat
C:\DOCUME~1\ROBERT~1\APPLIC~1.\.rdr.ini
C:\DOCUME~1\ROBERT~1\APPLIC~1\Install.dat
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\mcroso~1
C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\843269341.dll
C:\WINDOWS\system32\8432768741.dll
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\curity~1
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\gmc.exe.exe
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\poof
C:\WINDOWS\system32\T1
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T3\wr725.exe
C:\WINDOWS\system32\T5
C:\WINDOWS\system32\T7
C:\WINDOWS\system32\T9
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxga3me2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\wr.txt
C:\windows\xpupdate.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ASC3550U
-------\LEGACY_CORE
-------\LEGACY_ICF
-------\LEGACY_NET_AGENT
-------\LEGACY_POOF
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\asc3550u
-------\core
-------\ICF
-------\Net Agent
-------\runtime


((((((((((((((((((((((((( Files Created from 2007-06-26 to 2007-07-26 )))))))))))))))))))))))))))))))


2007-07-26 03:00 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 02:59 34,560 --a------ C:\WINDOWS\system32\drivers\runtime2.sys
2007-07-26 02:55 <DIR> d-------- C:\VundoFix Backups
2007-07-25 17:20 <DIR> d-------- C:\WINDOWS\Prefetch
2007-07-25 17:15 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-25 13:23 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-07-25 13:23 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-07-25 12:21 8,576 --a------ C:\WINDOWS\system32\drivers\fiehbohfooef.sys
2007-07-25 10:01 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-25 09:38 <DIR> d---s---- C:\DOCUME~1\ROBERT~1\UserData
2007-07-25 09:15 31,254 --a------ C:\WINDOWS\system32\gebcaya.dll
2007-07-25 02:59 <DIR> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-07-25 02:19 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-07-25 02:12 <DIR> d--hs---- C:\WINDOWS\CSC
2007-07-25 02:03 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-25 02:03 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
2007-07-25 01:42 45,056 --a------ C:\WINDOWS\system32\IeExtenderPlugin.dll
2007-07-25 01:40 663,137 --a------ C:\Temp\bY001.exe
2007-07-25 00:50 <DIR> d-------- C:\WINDOWS\system32\T11
2007-07-25 00:50 <DIR> d-------- C:\Temp\brr
2007-07-25 00:50 <DIR> d-------- C:\Tempc2
2007-07-25 00:50 <DIR> d-------- C:\Temp
2007-07-24 05:23 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-07-24 05:23 21,568 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-24 05:23 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-24 05:23 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-24 05:23 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-07-24 05:23 128,064 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-24 05:23 <DIR> d-------- C:\Program Files\Webroot
2007-07-24 05:23 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-24 05:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-24 05:22 <DIR> d-------- C:\DOCUME~1\ROBERT~1\APPLIC~1\Webroot
2007-07-23 09:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-23 09:55 38,229 --a------ C:\WINDOWS\system32\drivers\StMp3Rec.sys
2007-07-23 09:55 <DIR> d-------- C:\Program Files\iPod
2007-07-23 09:50 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-07-21 11:42 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-07-21 11:42 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-07-21 11:42 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-07-21 11:42 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-07-21 11:42 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-07-21 11:42 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-07-21 11:42 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-07-21 11:42 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-07-21 11:42 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-07-21 11:42 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-07-21 11:42 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-07-21 11:42 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-07-21 03:24 <DIR> d-------- C:\Program Files\ATI Technologies
2007-07-21 03:23 <DIR> d-------- C:\ATI
2007-07-21 03:18 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-21 03:17 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-21 03:17 73,216 --a------ C:\WINDOWS\system32\drivers\atintuxx.sys
2007-07-21 03:17 63,488 --a------ C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-07-21 03:17 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-21 03:17 52,224 --a------ C:\WINDOWS\system32\drivers\atinraxx.sys
2007-07-21 03:17 516,768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-07-21 03:17 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2007-07-21 03:17 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-21 03:17 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-21 03:17 14,336 --a------ C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-07-21 03:17 13,824 --a------ C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-07-21 03:17 104,960 --a------ C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-07-21 03:16 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-07-21 03:16 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-07-21 03:16 229,376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-07-21 03:16 201,728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-07-21 03:16 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-07-20 16:39 <DIR> d-------- C:\DOCUME~1\ROBERT~1\APPLIC~1\.BitTornado
2007-07-20 16:38 <DIR> d-------- C:\Program Files\BitTornado
2007-07-20 04:38 4,348,549 --a------ C:\WINDOWS\popscreen.exe
2007-07-20 04:38 28,672 --a------ C:\WINDOWS\gscr.dll
2007-07-20 04:38 115,360 --a------ C:\WINDOWS\popscreen.scr
2007-07-20 04:05 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-07-20 03:42 <DIR> d-------- C:\Nexon
2007-07-20 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-07-20 03:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-20 02:00 <DIR> d-------- C:\Program Files\Steam
2007-07-20 01:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-20 00:53 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-07-20 00:53 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-07-20 00:53 <DIR> d-------- C:\WINDOWS\nview
2007-07-20 00:49 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-07-20 00:49 <DIR> d-------- C:\NVIDIA
2007-07-20 00:47 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-07-20 00:46 <DIR> d--h----- C:\WINDOWS\ShellNew
2007-07-20 00:46 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-07-20 00:42 <DIR> dr-h----- C:\MSOCache
2007-07-20 00:41 <DIR> d-------- C:\Program Files\Audacity
2007-07-20 00:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-07-20 00:38 <DIR> d--hs---- C:\RECYCLER
2007-07-20 00:37 <DIR> d-------- C:\Program Files\AIM
2007-07-20 00:37 <DIR> d-------- C:\DOCUME~1\ROBERT~1\APPLIC~1\Aim
2007-07-20 00:31 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-20 00:30 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-07-20 00:29 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-07-20 00:26 <DIR> d-------- C:\Program Files\Sonique
2007-07-20 00:24 782,336 --a------ C:\WINDOWS\system32\vsfilter.dll
2007-07-20 00:24 77,824 --a------ C:\WINDOWS\system32\vorbisfile.dll
2007-07-20 00:24 75,264 --a------ C:\WINDOWS\system32\MACDec.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-20 23:39:07 -------- d-----w C:\DOCUME~1\ROBERT~1\APPLIC~1\.BitTornado


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18C91340-73B9-4C1B-82D0-F4939A2EC44C}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{232B3984-BB76-4D5B-8D98-4FE9E94F280E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB1B9F69-4CD2-45FD-9D10-76777C5864C0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAD2B37A-2916-4520-8E87-247AC9B06EE5}]
C:\Program Files\ComPlus Applications\mepovy83122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeadAIM"="rundll32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-10-20 15:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-19 19:44]
"SoniqueQuickStart"="C:\Program Files\Sonique\sqstart.exe" [2007-07-20 00:26]
"Steam"="" []
"Tair"="C:\WINDOWS\system32\CURITY~1\chkntfs.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hDzBHla"= {44318856-EE9B-22FC-BC16-828C6BAEC6FD} - C:\WINDOWS\system32\uiyynn.dll [ ]
"hDzBHla"= {44318856-EE9B-22FC-BC16-828C6BAEC6FD} - Apartment [ ]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

R0 SSFS0509;Spy Sweeper File System Filer Driver: 0509;C:\WINDOWS\system32\Drivers\SSFS0509.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R2 pmem;pmem;C:\WINDOWS\system32\DRIVERS\pmemnt.sys
R3 atinrvxx;ATI WDM Rage Theater Video (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinrvxx.sys
R3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atintuxx.sys
R3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinraxx.sys
R3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
R3 hidusb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 MVDCODEC;ATI WDM Specialized MVD Codec (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinmdxx.sys
R3 PCDCODEC;ATI WDM Specialized PCD Codec (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinpdxx.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S0 cercsr6;cercsr6;C:\WINDOWS\system32\drivers\cercsr6.sys
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys


**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-26 03:05:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-26 3:07:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-26 03:06

--- E O F ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HijackThis Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:08:35 AM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robert Paik\Desktop\Temp\programs\hijack this\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {18C91340-73B9-4C1B-82D0-F4939A2EC44C} - C:\WINDOWS\system32\mlljj.dll (file missing)
O2 - BHO: (no name) - {232B3984-BB76-4D5B-8D98-4FE9E94F280E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AB1B9F69-4CD2-45FD-9D10-76777C5864C0} - (no file)
O2 - BHO: (no name) - {FAD2B37A-2916-4520-8E87-247AC9B06EE5} - C:\Program Files\ComPlus Applications\mepovy83122.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DeadAIM] "rundll32.exe" "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SoniqueQuickStart] "C:\Program Files\Sonique\sqstart.exe" -nostick
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\system32\CURITY~1\chkntfs.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26833761-D3BD-41C6-A74C-DB0C4EA4EFE8}: NameServer = 169.254.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{26833761-D3BD-41C6-A74C-DB0C4EA4EFE8}: NameServer = 169.254.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{26833761-D3BD-41C6-A74C-DB0C4EA4EFE8}: NameServer = 169.254.0.254
O21 - SSODL: hDzBHla - {44318856-EE9B-22FC-BC16-828C6BAEC6FD} - C:\WINDOWS\system32\uiyynn.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4855 bytes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

thanks again. :0)

Edited by thatkoreanguy, 30 July 2007 - 05:07 PM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP