Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser closing with no reason

Started by collateral , Apr 18 2008 08:49 PM

  • Please log in to reply

#16
collateral
Posted 22 April 2008 - 01:57 PM

collateral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
For both programs it just says that an error occurred while trying to uninstall it looks like it was already removed, i clicked yes and they both disappeared... Soon after i got asked to download some programs but i ignored them.

Edited by collateral, 22 April 2008 - 01:58 PM.

  • 0

Advertisements

#17
sarahw
Posted 24 April 2008 - 05:11 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Do you know what the programs you were asked to download are?
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#18
collateral
Posted 11 May 2008 - 09:12 PM

collateral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 08-05-11.1 - HP 2008-05-11 22:43:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.146 [GMT -4:00]
Running from: C:\Users\HP\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\smp.bat
C:\Users\HP\AppData\Roaming\inst.exe
C:\WINDOWS\System32\UDgjlnmp.ini
C:\WINDOWS\System32\UDgjlnmp.ini2
C:\Windows\system32\Ultra.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Zumie Search Service


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-11 18:03 . 2008-05-11 18:03 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-05-11 18:03 . 2008-05-11 18:03 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-05-11 17:56 . 2008-05-11 22:30 <DIR> d-------- C:\Users\HP\AppData\Roaming\Yahoo!
2008-05-11 17:56 . 2008-05-11 17:57 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-11 17:56 . 2008-05-11 17:57 <DIR> d-------- C:\ProgramData\Yahoo!
2008-05-11 13:39 . 2008-05-11 13:39 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-10 23:59 . 2008-05-11 01:01 0 --a------ C:\WINDOWS\System32\drivers\lvuvc.hs
2008-05-10 23:57 . 2008-05-10 23:57 <DIR> d-------- C:\Users\HP\AppData\Roaming\Leadertech
2008-05-10 23:57 . 2008-05-10 23:57 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-05-10 23:56 . 2008-02-05 22:21 4,658,456 --a------ C:\WINDOWS\System32\drivers\lvuvc.sys
2008-05-10 23:56 . 2008-02-05 22:20 628,760 --a------ C:\WINDOWS\System32\drivers\lvrs.sys
2008-05-10 23:56 . 2008-02-05 22:21 490,008 --a------ C:\WINDOWS\System32\LVUI2.dll
2008-05-10 23:56 . 2008-02-05 22:21 465,432 --a------ C:\WINDOWS\System32\LVUI2RC.dll
2008-05-10 23:56 . 2008-02-05 22:18 416,280 --a------ C:\WINDOWS\System32\lvcodec2.dll
2008-05-10 23:56 . 2008-02-05 22:18 195,096 --a------ C:\WINDOWS\System32\lvci11701196.dll
2008-05-10 23:56 . 2008-02-05 21:37 66,482 --a------ C:\WINDOWS\System32\lvcoinst.ini
2008-05-10 23:56 . 2008-02-05 22:21 41,752 --a------ C:\WINDOWS\System32\drivers\LVUSBSta.sys
2008-05-10 23:56 . 2008-02-05 21:40 25,056 --a------ C:\WINDOWS\System32\Repository.reg
2008-05-10 23:54 . 2008-05-10 23:54 <DIR> d-------- C:\Users\All Users\Logitech
2008-05-10 23:54 . 2008-05-10 23:54 <DIR> d-------- C:\Users\All Users\Logishrd
2008-05-10 23:54 . 2008-05-10 23:54 <DIR> d-------- C:\ProgramData\Logitech
2008-05-10 23:54 . 2008-05-10 23:54 <DIR> d-------- C:\ProgramData\Logishrd
2008-05-10 23:54 . 2008-05-10 23:57 <DIR> d-------- C:\Program Files\Logitech
2008-05-10 23:54 . 2008-05-10 23:59 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-04-28 13:41 . 2008-04-28 13:41 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-25 23:23 . 2008-04-25 23:23 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-25 22:33 . 2008-04-25 22:37 <DIR> d-------- C:\WINDOWS\System32\Adobe
2008-04-25 21:17 . 2008-04-25 21:17 109 --a------ C:\WINDOWS\PControl.ini
2008-04-25 21:16 . 2008-04-25 21:17 <DIR> d-------- C:\Active Worlds
2008-04-25 12:32 . 2008-04-29 03:38 <DIR> d-------- C:\WINDOWS\DSL
2008-04-25 12:32 . 2008-04-25 12:32 <DIR> d-------- C:\Program Files\Verizon
2008-04-25 12:32 . 2008-04-25 12:32 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-04-24 10:51 . 2008-04-24 10:55 47 --a------ C:\WINDOWS\WinBIN2ISO.INI
2008-04-23 14:08 . 2008-04-23 14:08 <DIR> d-------- C:\WINDOWS\BBSTORE
2008-04-23 14:08 . 2008-04-23 14:08 219 --a------ C:\WINDOWS\SYSINI.QTW
2008-04-23 14:08 . 2008-04-23 14:08 191 --a------ C:\WINDOWS\QTW.INI
2008-04-23 14:08 . 2008-04-23 14:08 144 --a------ C:\WINDOWS\WININI.QTW
2008-04-23 14:06 . 2008-04-23 14:08 30 --a------ C:\WINDOWS\RESULT.QTW
2008-04-23 14:05 . 1996-08-16 13:49 298,496 --a------ C:\WINDOWS\uninst.exe
2008-04-22 09:26 . 2008-04-22 09:26 <DIR> dr------- C:\WINDOWS\System32\config\systemprofile\Music
2008-04-20 19:23 . 2008-04-20 19:23 0 --ah----- C:\WINDOWS\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-04-19 18:01 . 2008-04-22 16:09 <DIR> d-------- C:\Program Files\Bug Doctor
2008-04-19 17:03 . 2008-05-08 02:34 <DIR> d--h----- C:\$AVG8.VAULT$
2008-04-19 16:56 . 2008-04-19 16:56 5,746 --a------ C:\Users\All Users\LUUnInstall.LiveUpdate
2008-04-19 16:56 . 2008-04-19 16:56 5,746 --a------ C:\ProgramData\LUUnInstall.LiveUpdate
2008-04-19 16:49 . 2008-05-11 13:13 <DIR> d-------- C:\WINDOWS\System32\drivers\Avg
2008-04-19 16:49 . 2008-04-19 16:49 96,520 --a------ C:\WINDOWS\System32\drivers\avgldx86.sys
2008-04-19 16:49 . 2008-04-19 16:49 12,424 --a------ C:\WINDOWS\System32\drivers\avgrkx86.sys
2008-04-19 16:49 . 2008-04-19 17:12 10,520 --a------ C:\WINDOWS\System32\avgrsstx.dll
2008-04-19 16:48 . 2008-04-19 17:13 67,080 --a------ C:\WINDOWS\System32\drivers\avgwfpx.sys
2008-04-19 15:50 . 2008-04-19 15:50 222,720 --a------ C:\WINDOWS\tsoplu.dll
2008-04-19 14:55 . 2008-04-19 14:55 <DIR> d-------- C:\Users\HP\AppData\Roaming\PC Tools
2008-04-19 14:55 . 2008-04-19 15:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-04-19 14:55 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\System32\drivers\iksyssec.sys
2008-04-19 14:55 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\System32\drivers\iksysflt.sys
2008-04-19 14:55 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\System32\drivers\ikfilesec.sys
2008-04-19 14:55 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\System32\drivers\kcom.sys
2008-04-19 14:39 . 2008-04-19 16:48 <DIR> d-------- C:\Users\All Users\avg8
2008-04-19 14:39 . 2008-04-19 16:48 <DIR> d-------- C:\ProgramData\avg8
2008-04-19 14:39 . 2008-04-19 14:39 <DIR> d-------- C:\Program Files\AVG
2008-04-19 11:42 . 2008-04-19 11:42 <DIR> d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-04-19 11:42 . 2008-04-19 11:42 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-04-19 11:42 . 2008-04-19 11:42 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-04-19 04:42 . 2008-04-19 04:42 720,896 --a------ C:\WINDOWS\iun6002.exe
2008-04-19 00:25 . 2008-04-19 16:12 <DIR> d-------- C:\Users\All Users\Grisoft
2008-04-19 00:25 . 2008-04-19 16:12 <DIR> d-------- C:\ProgramData\Grisoft
2008-04-18 23:51 . 2008-04-18 23:51 <DIR> d-------- C:\_OTMoveIt
2008-04-18 23:05 . 2008-04-18 23:05 <DIR> d-------- C:\Users\HP\AppData\Roaming\SUPERAntiSpyware.com
2008-04-18 23:05 . 2008-04-18 23:05 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-18 23:05 . 2008-04-18 23:05 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-18 23:05 . 2008-04-29 17:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-18 23:03 . 2008-04-18 23:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 22:58 . 2008-04-18 22:58 <DIR> d-------- C:\Program Files\Panda Security
2008-04-18 21:19 . 2008-04-18 21:19 <DIR> d-------- C:\Users\HP\AppData\Roaming\Malwarebytes
2008-04-18 21:19 . 2008-04-18 21:19 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-18 21:19 . 2008-04-18 21:19 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-18 20:52 . 2008-04-18 20:52 <DIR> d-------- C:\WINDOWS\Sun
2008-04-18 20:48 . 2008-04-18 20:51 <DIR> d-------- C:\Program Files\Java
2008-04-18 20:47 . 2008-04-18 20:47 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-18 19:58 . 2008-04-18 19:58 94,208 --a------ C:\WINDOWS\System32\drivers\ezplay.sys
2008-04-18 19:58 . 2008-04-18 19:58 94,208 --a------ C:\Users\HP\AppData\Roaming\ezplay.sys
2008-04-18 19:56 . 2008-04-18 20:04 <DIR> d-------- C:\Users\HP\AppData\Roaming\Vso
2008-04-18 19:56 . 2008-04-18 19:56 47,360 --a------ C:\WINDOWS\System32\drivers\pcouffin.sys
2008-04-18 19:56 . 2008-04-18 19:56 47,360 --a------ C:\Users\HP\AppData\Roaming\pcouffin.sys
2008-04-18 19:55 . 2008-04-18 19:55 <DIR> d-------- C:\Program Files\VSO
2008-04-17 10:08 . 2008-04-17 10:08 <DIR> d-------- C:\Users\HP\AppData\Roaming\WeatherBug
2008-04-17 10:08 . 2008-04-17 10:08 <DIR> d-------- C:\Program Files\AWS
2008-04-15 17:25 . 2008-04-25 22:33 2,675 --a------ C:\WINDOWS\mozver.dat
2008-04-15 16:34 . 2008-04-15 16:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-14 22:20 . 2008-04-14 22:20 <DIR> d-------- C:\Users\HP\Roaming
2008-04-14 22:20 . 2008-04-14 22:20 <DIR> d-------- C:\Users\HP\AppData\Roaming\MySpace
2008-04-14 22:20 . 2008-04-14 22:20 <DIR> d-------- C:\Users\Default\Roaming
2008-04-14 22:20 . 2008-04-14 22:20 <DIR> d-------- C:\Program Files\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 21:56 --------- d-----w C:\Program Files\Yahoo!
2008-05-11 03:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-08 14:48 --------- d-----w C:\Program Files\BitComet
2008-04-29 21:29 --------- d-----w C:\Users\HP\AppData\Roaming\dvdcss
2008-04-26 11:58 --------- d---a-w C:\ProgramData\TEMP
2008-04-25 22:41 --------- d-----w C:\ProgramData\Roxio
2008-04-23 18:25 --------- d-----w C:\Program Files\ElcomSoft
2008-04-19 21:00 --------- d-----w C:\Program Files\Norton Internet Security
2008-04-19 20:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-19 20:57 --------- d-----w C:\ProgramData\Symantec
2008-04-19 04:46 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-04-19 04:46 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-04-19 04:46 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-04-19 04:46 --------- d-----w C:\Program Files\Symantec
2008-04-19 04:31 --------- d-----w C:\Program Files\Aurora Video Converter VCD SVCD DVD Creator
2008-04-19 01:19 --------- d-----w C:\Users\HP\AppData\Roaming\Download Manager
2008-04-11 22:19 --------- d-----w C:\Program Files\2nd Speech Center
2008-04-10 21:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-10 03:07 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-10 02:57 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 17:23 --------- d-----w C:\Users\HP\AppData\Roaming\InterVideo
2008-04-08 17:07 --------- d-----w C:\Program Files\Conduit
2008-04-08 16:47 --------- d-----w C:\Program Files\Alcohol Soft
2008-04-08 15:29 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-04-08 13:32 --------- d-----w C:\Program Files\Xvid
2008-04-08 12:49 --------- d-----w C:\Users\HP\AppData\Roaming\Roxio
2008-04-08 04:46 --------- d-----w C:\Program Files\Xilisoft
2008-04-08 04:39 --------- d-----w C:\Program Files\ImTOO
2008-04-08 03:38 --------- d-----w C:\Program Files\No1 DVD Ripper
2008-04-08 03:03 --------- d-----w C:\Users\HP\AppData\Roaming\Ashampoo
2008-04-08 03:00 --------- d-----w C:\ProgramData\ashampoo
2008-04-08 03:00 --------- d-----w C:\Program Files\Ashampoo
2008-04-08 02:15 --------- d-----w C:\Program Files\Blaze Media Pro
2008-04-08 01:48 --------- d--h--w C:\ProgramData\{8886169A-FE81-40A1-ABEC-74CE0C807E74}
2008-04-08 01:02 --------- d-----w C:\Users\HP\AppData\Roaming\muvee Technologies
2008-04-07 20:42 --------- d-----w C:\ProgramData\GamingSquared
2008-04-07 20:42 --------- d-----w C:\Program Files\GamingSquared
2008-04-07 20:42 --------- d-----w C:\Program Files\Free Offers from Freeze.com
2008-04-07 16:56 --------- d-----w C:\Users\HP\AppData\Roaming\Media Player Classic
2008-04-07 16:21 --------- d-----w C:\Users\HP\AppData\Roaming\DivX
2008-04-07 15:39 --------- d-----w C:\Program Files\MpcStar
2008-04-07 15:38 --------- d-----w C:\Program Files\QuickTime
2008-04-07 07:31 --------- d-----w C:\ProgramData\WindowsSearch
2008-04-07 07:19 174 --sha-w C:\Program Files\desktop.ini
2008-04-07 06:56 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-07 06:56 --------- d-----w C:\Program Files\Windows Calendar
2008-04-07 06:55 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-04-07 06:55 --------- d-----w C:\Program Files\Windows Journal
2008-04-07 06:55 --------- d-----w C:\Program Files\Windows Defender
2008-04-07 06:55 --------- d-----w C:\Program Files\Windows Collaboration
2008-04-07 06:03 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-04-07 06:03 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-04-07 02:07 --------- d-----w C:\Users\HP\AppData\Roaming\InstallShield
2008-04-07 02:07 --------- d-----w C:\Program Files\Corel
2008-04-07 02:04 --------- d-----w C:\ProgramData\Apple Computer
2008-04-07 02:04 --------- d-----w C:\Program Files\InterVideo Information Service
2008-04-07 02:04 --------- d-----w C:\Program Files\Common Files\Ulead
2008-04-07 02:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-07 01:56 --------- d-----w C:\ProgramData\InstallShield
2008-04-07 01:55 --------- d-----w C:\Program Files\InterVideo
2008-04-07 01:55 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-04-06 22:22 2,560 ----a-w C:\Windows\System32\bitcometres.dll
2008-04-06 22:18 --------- d-----w C:\Users\HP\AppData\Roaming\Apple Computer
2008-04-06 22:17 --------- d-----w C:\Program Files\iTunes
2008-04-06 22:17 --------- d-----w C:\Program Files\iPod
2008-04-06 22:15 --------- d-----w C:\Program Files\Bonjour
2008-04-06 22:09 --------- d-----w C:\ProgramData\Apple
2008-04-06 22:09 --------- d-----w C:\Program Files\Common Files\Apple
2008-04-06 21:46 --------- d-----w C:\Program Files\RedlightCenter
2008-04-06 21:46 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-04-06 21:10 --------- d-----w C:\Users\HP\AppData\Roaming\IMVU
2008-04-06 20:59 --------- d-----w C:\Program Files\IMVU
2008-04-06 15:12 --------- d-----w C:\Program Files\Veoh Networks
2008-04-06 08:23 --------- d-----w C:\ProgramData\WildTangent
2008-04-06 08:04 --------- d-----w C:\ProgramData\NVIDIA
2008-04-06 04:30 --------- d-----w C:\Program Files\MSXML 4.0
2008-04-06 02:11 --------- d-----w C:\Users\HP\AppData\Roaming\Hewlett-Packard
2008-04-06 02:11 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-04-06 02:09 --------- d-----w C:\Users\HP\AppData\Roaming\Snapfish
2008-04-06 01:59 --------- d-sh--w C:\ProgramData\Templates
2008-04-06 01:59 --------- d-sh--w C:\ProgramData\Start Menu
2008-04-06 01:58 --------- d-sh--w C:\ProgramData\Favorites
2008-04-06 01:58 --------- d-sh--w C:\ProgramData\Documents
2008-04-06 01:58 --------- d-sh--w C:\ProgramData\Desktop
2008-04-06 01:58 --------- d-sh--w C:\ProgramData\Application Data
2008-04-06 00:48 1,845 --sha-r C:\Windows\system32\drivers\103C_HP_CPC_GJ474AA-ABA s3100n_YC_0Pavi_QCNH723_E73NAv3PrA1_49_IHematite-XL_SASUSTek Computer INC._V1.00_B5.04_T070417_WUH0_L409_M895_J250_7AMD_8Athlon 64 X2 Dual Core_92.1_#070725_N10DE0269_Z14F12F20_G10DE0241.MRK
2008-04-06 00:36 --------- d-----w C:\Program Files\DivX
2008-04-06 00:36 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-06 00:21 --------- d-----w C:\ProgramData\Sonic
2008-03-05 20:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 20:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 20:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 19:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 19:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-04-19 17:13 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-04-19 17:13 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-04-19 17:13 2051328]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-29 10:55 1347584]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 11:58 217544]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 03:38 1008184]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:59 115816]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [2007-03-02 17:55 1441792]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 06:59 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 20:15 86016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 20:15 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 20:15 8466432]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 09:42 65536]
"G2"="C:\Program Files\GamingSquared\Gaming2\G2.exe" [2008-03-03 19:26 1215664]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 05:52 4702208 C:\WINDOWS\RtHDVCpl.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-04-19 17:13 1177368]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 13:02 564496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 13:06 2196240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-10 23:57:39 66864]
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [2007-03-02 17:55:02 1441792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"TCP Query User{7430D627-E1DA-4E0B-8D57-622B213EE201}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{F05E5576-E5FF-409C-8141-AA3E486FAAF8}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{97AF2ED7-F7B6-4673-A6D1-B099C1A57597}C:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe"= UDP:C:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
"UDP Query User{9101B05E-5549-4B2A-9CEB-AF048BE7483F}C:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe"= TCP:C:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
"{F4948798-ADA5-4008-A27C-717214ADF924}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{C3CBC5CA-F6C4-4F58-98B8-489F8BBC84AA}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{DB9C0468-7A0B-42F9-A0FD-0AABB42D370F}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{4E7EE807-38BB-47CE-B26E-EFF73A4AF611}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{6473BED6-756C-41F5-A396-B28E3CB53325}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{EE9DC891-6BD7-4015-AC8A-4C09067E1447}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"TCP Query User{671759E2-2F15-43E6-89DB-B827C9906E96}C:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"UDP Query User{4CFD733E-FA0E-4B94-B775-E2112C156286}C:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:C:\program files\intervideo\dvd8\windvd.exe:WinDVD
"{C80FC241-2F2E-427F-B6C8-17FA50121862}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{7856D70A-3C3A-4EC8-B076-A8B65EF2CAC1}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"TCP Query User{88AE6995-0D32-4253-9465-121917DC331C}C:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe"= UDP:C:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
"UDP Query User{686A0D62-C612-4D1F-93A7-ECA226B737B6}C:\\program files\\bitcomet\\plugin_emule\\plugin_emule.exe"= TCP:C:\program files\bitcomet\plugin_emule\plugin_emule.exe:eMule plugin host for BitComet
"TCP Query User{E4537934-B740-4832-8BDA-53BB58FAF1CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D2BAEC2C-2EC4-45E0-BA30-BE65E16FF6EE}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{153BC1F7-0E24-4F89-A2EE-83BCAA0C418C}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{80DCDF8E-C130-48F9-A1E2-B477F228B2E3}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{BCAD6A94-FE66-492F-A07C-FBA942073238}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{DE81FF69-8833-4129-A690-40140DAA93D2}C:\\users\\hp\\documents\\trillian\\trillian.exe"= UDP:C:\users\hp\documents\trillian\trillian.exe:trillian.exe
"UDP Query User{C3149D3B-47CB-4E11-9387-0FB39DB0F816}C:\\users\\hp\\documents\\trillian\\trillian.exe"= TCP:C:\users\hp\documents\trillian\trillian.exe:trillian.exe
"{65A1851C-9CE4-4873-8E09-BE400D9972BC}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{AF1C184E-7520-43FD-8BEF-1EB07EAA5937}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{EFAA2C2E-39A8-4E8B-9100-332221AB0DBB}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{974291A8-CC22-427E-9AC8-CE15560834E2}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B55337D1-2308-49C5-A218-0AF0B07C01C3}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7E625623-1C04-4439-8641-5C363675930D}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{7EBBBFD5-A5AD-4686-A184-46C1EA1970E4}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{734E1BDC-3E2C-488C-B744-2DAA51AEE6BB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D70815A9-5B99-4C2C-AC55-A8E81DBCC8F3}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{7000590A-3038-45E5-BC76-12AC6EF1F507}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-04-19 16:49]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-04-19 16:49]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080415.002\IDSvix86.sys [2008-03-12 11:30]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-04-19 16:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-04-19 17:12]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 07:36]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-04-19 17:13]
R3 LVRS;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs.sys [2008-02-05 22:20]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 09:17]
S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 10:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e986112-035a-11dd-9d2c-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
\shell\LVIPCAP\command - E:\techsupt\CaptureTest\Amcap8.exe

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 22:53:31
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\HP\AppData\Local\Microsoft\Portable Devices\wpdlog00.sqm
C:\Users\HP\AppData\Local\Microsoft\Portable Devices\wpdlog02.sqm
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt

scan completed successfully
hidden files: 3

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\WINDOWS\System32\drivers\XAudio.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-11 23:03:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 03:02:23

Pre-Run: 51,786,035,200 bytes free
Post-Run: 51,701,268,480 bytes free

390 --- E O F --- 2008-05-08 21:56:57
  • 0

#19
collateral
Posted 11 May 2008 - 09:13 PM

collateral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:48 PM, on 5/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\rundll32.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\System32\mobsync.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [G2] "C:\Program Files\GamingSquared\Gaming2\G2.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12140 bytes
  • 0

#20
collateral
Posted 17 May 2008 - 03:48 PM

collateral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just making sure this post didn't get lost
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP