VirtumundoBeGone results
[05/21/2008, 18:24:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Charles Norris\Desktop\VirtumundoBeGone.exe" )
[05/21/2008, 18:24:13] - Detected System Information:
[05/21/2008, 18:24:13] - Windows Version: 5.1.2600, Service Pack 2
[05/21/2008, 18:24:14] - Current Username: Charles Norris (Admin)
[05/21/2008, 18:24:14] - Windows is in SAFE mode with Networking.
[05/21/2008, 18:24:14] - Searching for Browser Helper Objects:
[05/21/2008, 18:24:14] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/21/2008, 18:24:14] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/21/2008, 18:24:14] - BHO 3: {42e4688b-3dfe-4554-86ec-a20dc17acaaf} ()
[05/21/2008, 18:24:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:14] - Checking for HKLM\...\Winlogon\Notify\fabxmtrd
[05/21/2008, 18:24:14] - Key not found: HKLM\...\Winlogon\Notify\fabxmtrd, continuing.
[05/21/2008, 18:24:14] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/21/2008, 18:24:14] - BHO 5: {57DBEE26-C909-4358-94F3-60F9D1F049B5} ()
[05/21/2008, 18:24:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:14] - Checking for HKLM\...\Winlogon\Notify\hgghFxuU
[05/21/2008, 18:24:14] - Key not found: HKLM\...\Winlogon\Notify\hgghFxuU, continuing.
[05/21/2008, 18:24:14] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[05/21/2008, 18:24:14] - BHO 7: {714FEA2B-78FC-4CCC-9144-651EE0FC8E4A} ()
[05/21/2008, 18:24:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:14] - Checking for HKLM\...\Winlogon\Notify\ssqNHwTJ
[05/21/2008, 18:24:14] - Key not found: HKLM\...\Winlogon\Notify\ssqNHwTJ, continuing.
[05/21/2008, 18:24:14] - BHO 8: {72D225A9-E3B8-48DF-8D25-BA53624901E8} ()
[05/21/2008, 18:24:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:14] - Checking for HKLM\...\Winlogon\Notify\pmnnMfFy
[05/21/2008, 18:24:14] - Key not found: HKLM\...\Winlogon\Notify\pmnnMfFy, continuing.
[05/21/2008, 18:24:14] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/21/2008, 18:24:14] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/21/2008, 18:24:15] - BHO 11: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[05/21/2008, 18:24:15] - BHO 12: {E243A8E7-6244-49E0-A361-22DBF30FD46C} ()
[05/21/2008, 18:24:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:15] - Checking for HKLM\...\Winlogon\Notify\hggHyWpp
[05/21/2008, 18:24:15] - Found: HKLM\...\Winlogon\Notify\hggHyWpp - This is probably Virtumundo.
[05/21/2008, 18:24:15] - Assigning {E243A8E7-6244-49E0-A361-22DBF30FD46C} MSEvents Object
[05/21/2008, 18:24:15] - BHO list has been changed! Starting over...
[05/21/2008, 18:24:15] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/21/2008, 18:24:15] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/21/2008, 18:24:15] - BHO 3: {42e4688b-3dfe-4554-86ec-a20dc17acaaf} ()
[05/21/2008, 18:24:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:15] - Checking for HKLM\...\Winlogon\Notify\fabxmtrd
[05/21/2008, 18:24:15] - Key not found: HKLM\...\Winlogon\Notify\fabxmtrd, continuing.
[05/21/2008, 18:24:15] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/21/2008, 18:24:15] - BHO 5: {57DBEE26-C909-4358-94F3-60F9D1F049B5} ()
[05/21/2008, 18:24:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:15] - Checking for HKLM\...\Winlogon\Notify\hgghFxuU
[05/21/2008, 18:24:15] - Key not found: HKLM\...\Winlogon\Notify\hgghFxuU, continuing.
[05/21/2008, 18:24:15] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[05/21/2008, 18:24:15] - BHO 7: {714FEA2B-78FC-4CCC-9144-651EE0FC8E4A} ()
[05/21/2008, 18:24:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:15] - Checking for HKLM\...\Winlogon\Notify\ssqNHwTJ
[05/21/2008, 18:24:15] - Key not found: HKLM\...\Winlogon\Notify\ssqNHwTJ, continuing.
[05/21/2008, 18:24:15] - BHO 8: {72D225A9-E3B8-48DF-8D25-BA53624901E8} ()
[05/21/2008, 18:24:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:15] - Checking for HKLM\...\Winlogon\Notify\pmnnMfFy
[05/21/2008, 18:24:15] - Key not found: HKLM\...\Winlogon\Notify\pmnnMfFy, continuing.
[05/21/2008, 18:24:15] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/21/2008, 18:24:15] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/21/2008, 18:24:15] - BHO 11: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[05/21/2008, 18:24:15] - BHO 12: {E243A8E7-6244-49E0-A361-22DBF30FD46C} (MSEvents Object)
[05/21/2008, 18:24:15] - ALERT: Found MSEvents Object!
[05/21/2008, 18:24:16] - BHO 13: {F9A76A93-D5B8-4492-9710-0D00BF3FE2D8} ()
[05/21/2008, 18:24:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:16] - Checking for HKLM\...\Winlogon\Notify\ddCUoMcY
[05/21/2008, 18:24:16] - Key not found: HKLM\...\Winlogon\Notify\ddCUoMcY, continuing.
[05/21/2008, 18:24:16] - Finished Searching Browser Helper Objects
[05/21/2008, 18:24:16] - *** Detected MSEvents Object
[05/21/2008, 18:24:16] - Trying to remove MSEvents Object...
[05/21/2008, 18:24:17] - Terminating Process: IEXPLORE.EXE
[05/21/2008, 18:24:17] - Terminating Process: RUNDLL32.EXE
[05/21/2008, 18:24:17] - Disabling Automatic Shell Restart
[05/21/2008, 18:24:17] - Terminating Process: EXPLORER.EXE
[05/21/2008, 18:24:17] - Suspending the NT Session Manager System Service
[05/21/2008, 18:24:18] - Terminating Windows NT Logon/Logoff Manager
[05/21/2008, 18:24:18] - Re-enabling Automatic Shell Restart
[05/21/2008, 18:24:18] - File to disable: C:\WINDOWS\system32\hggHyWpp.dll
[05/21/2008, 18:24:18] - Renaming C:\WINDOWS\system32\hggHyWpp.dll -> C:\WINDOWS\system32\hggHyWpp.dll.vir
[05/21/2008, 18:24:18] - File successfully renamed!
[05/21/2008, 18:24:18] - Removing HKLM\...\Browser Helper Objects\{E243A8E7-6244-49E0-A361-22DBF30FD46C}
[05/21/2008, 18:24:18] - Removing HKCR\CLSID\{E243A8E7-6244-49E0-A361-22DBF30FD46C}
[05/21/2008, 18:24:18] - Adding Kill Bit for ActiveX for GUID: {E243A8E7-6244-49E0-A361-22DBF30FD46C}
[05/21/2008, 18:24:18] - Deleting ATLEvents/MSEvents Registry entries
[05/21/2008, 18:24:18] - Removing HKLM\...\Winlogon\Notify\hggHyWpp
[05/21/2008, 18:24:18] - Searching for Browser Helper Objects:
[05/21/2008, 18:24:18] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[05/21/2008, 18:24:18] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[05/21/2008, 18:24:18] - BHO 3: {42e4688b-3dfe-4554-86ec-a20dc17acaaf} ()
[05/21/2008, 18:24:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:19] - Checking for HKLM\...\Winlogon\Notify\fabxmtrd
[05/21/2008, 18:24:19] - Key not found: HKLM\...\Winlogon\Notify\fabxmtrd, continuing.
[05/21/2008, 18:24:19] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/21/2008, 18:24:19] - BHO 5: {57DBEE26-C909-4358-94F3-60F9D1F049B5} ()
[05/21/2008, 18:24:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:19] - Checking for HKLM\...\Winlogon\Notify\hgghFxuU
[05/21/2008, 18:24:19] - Key not found: HKLM\...\Winlogon\Notify\hgghFxuU, continuing.
[05/21/2008, 18:24:19] - BHO 6: {5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)
[05/21/2008, 18:24:19] - BHO 7: {714FEA2B-78FC-4CCC-9144-651EE0FC8E4A} ()
[05/21/2008, 18:24:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:19] - Checking for HKLM\...\Winlogon\Notify\ssqNHwTJ
[05/21/2008, 18:24:19] - Key not found: HKLM\...\Winlogon\Notify\ssqNHwTJ, continuing.
[05/21/2008, 18:24:19] - BHO 8: {72D225A9-E3B8-48DF-8D25-BA53624901E8} ()
[05/21/2008, 18:24:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:19] - Checking for HKLM\...\Winlogon\Notify\pmnnMfFy
[05/21/2008, 18:24:19] - Key not found: HKLM\...\Winlogon\Notify\pmnnMfFy, continuing.
[05/21/2008, 18:24:19] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/21/2008, 18:24:19] - BHO 10: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/21/2008, 18:24:19] - BHO 11: {CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object)
[05/21/2008, 18:24:19] - BHO 12: {F9A76A93-D5B8-4492-9710-0D00BF3FE2D8} ()
[05/21/2008, 18:24:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/21/2008, 18:24:19] - Checking for HKLM\...\Winlogon\Notify\ddCUoMcY
[05/21/2008, 18:24:20] - Key not found: HKLM\...\Winlogon\Notify\ddCUoMcY, continuing.
[05/21/2008, 18:24:20] - Finished Searching Browser Helper Objects
[05/21/2008, 18:24:20] - Finishing up...
[05/21/2008, 18:24:20] - A restart is needed.
[05/21/2008, 18:24:20] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[05/21/2008, 18:24:25] - Attempting to Restart via STOP error (Blue Screen!)
Panda Acive Scan Results
;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-05-21 22:01:10
PROTECTIONS: 1
MALWARE: 24
SUSPECTS: 0
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
Trend Micro PC-cillin Internet Security 12.7.1019 No Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00039204 adware/cws Adware No 0 Yes No c:\documents and settings\charles norris\favorites\health
00055522 Eicar.Mod Virus No 0 No No C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Charles Norris\Desktop\VirtumundoBeGone.exe[²ƒÇ]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Charles Norris\Local Settings\Temp\nsm5.tmp
00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Charles Norris\Cookies\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Charles Norris\Cookies\[email protected][1].txt
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Charles Norris\Desktop\VirtumundoBeGone.exe
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\RECYCLER\S-1-5-21-206477445-1129975854-549022975-1005\Dc1.exe[327882R2FWJFW\NirCmdC.cfexe]
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096599.EXE
02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096585.sys
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096542.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\cvwhwotd.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096538.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ckhebday.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mroksvyt.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096526.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096525.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\oqejusfw.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096535.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096522.exe
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\udjnyyun.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\xfyyvhbl.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\arbypqqd.exe.vir
02947657 Trj/Agent.ITR Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096545.exe
02975133 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP365\A0085214.dll
02976804 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP365\A0085105.dll
02976834 Generic Trojan Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mnrdjaje.dll.vir
02976834 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096534.dll
02978676 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096537.dll
02978676 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\omqtscgc.dll.vir
02978749 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\nnmunkuq.dll.vir
02978749 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096536.dll
02980300 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0087643.dll
02980337 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096527.dll
02980337 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\dlvthvut.dll.vir
02980347 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\twwnoley.dll.vir
02980347 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096541.dll
02980934 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\fmxofrtd.dll.vir
02980934 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096529.dll
02981909 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096533.dll
02981909 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mglfkdni.dll.vir
02983888 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0093467.dll
02983889 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\orhgwgjp.dll.vir
02983889 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP372\A0096539.dll
02983998 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\imbxdxxi.dll
02983998 Spyware/Virtumonde Spyware No 1 Yes No C:\WINDOWS\system32\cywasjat.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location qQ
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description qQ
;===============================================================================
================================================================================
=
===================
182048 HIGH MS07-069 qQ
;===============================================================================
================================================================================
=
===================
HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:28 PM, on 5/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\GE Security\AKeyPCSyncService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ge security supra\syncservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Print Audit Inc\Print Audit 5\Client\pa5clint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.trendmls.com/Default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintAudit5] C:\Program Files\Print Audit Inc\Print Audit 5\Client\pa5clint.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ecc0f1c2] rundll32.exe "C:\WINDOWS\system32\xkhqeacv.dll",b
O4 - HKLM\..\Run: [BMeff3c25e] Rundll32.exe "C:\WINDOWS\system32\sypapihm.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: agents_laptop.bat
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft
Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) -
http://www.pqprintce...ntquick1611.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} (Scanner.SysScanner) -
http://i.dell.com/im.../SYSSCANNER.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1188007322140
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1188007306171
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} -
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) -
http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft
Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: ActiveKEY PCSync (AKeyPCSyncService) - GE Security Inc - C:\Program Files\GE
Security\AKeyPCSyncService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic
Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic
Shared\RoxioUpnpService9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. -
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program
Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12977 bytes
Edited by NAVYVET, 21 May 2008 - 08:25 PM.