Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo / mljji.dll Infection [RESOLVED]

Started by plusco , Jan 13 2008 08:29 PM

  • This topic is locked This topic is locked

#1
plusco
Posted 13 January 2008 - 08:29 PM

plusco

    New Member

  • Member
  • Pip
  • 2 posts
Vundo / mljji.dll Infection. I ran Kaspersky AV with some success. However Vundo not leaving that easily.

Included Logs below:

*VundoFix Log
*ComboFix Log
*hijackthis Log

Thanks for the help.

================================================================================
================================

VundoFix V6.6.2

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 11:25:05 AM 1/13/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...
================================================================================
===============================================

ComboFix 08-01-13.1 - Courtney Porter 2008-01-13 12:01:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.194 [GMT -6:00]
Running from: C:\Documents and Settings\Courtney Porter\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Courtney Porter\Application Data\CURITY~1
C:\Documents and Settings\Courtney Porter\Application Data\CURITY~1\??curity\
C:\Documents and Settings\Courtney Porter\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Courtney Porter\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Courtney Porter\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\icroso~1
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInst.exe
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.6\wbuninst.exe
C:\Program Files\web buying\v1.8.6\webbuying .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe
C:\WINDOWS\mrofinu.exe.bin
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ijjlm.ini
C:\WINDOWS\system32\ijjlm.ini2
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-13 12:42 . 2008-01-13 12:42 <DIR> d-------- C:\Temp\tn3
2008-01-13 12:41 . 2008-01-13 12:41 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-13 12:14 . 2008-01-13 12:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-01-13 11:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 11:42 . 2008-01-13 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-13 11:21 . 2008-01-13 12:17 329,728 --a------ C:\WINDOWS\system32\mljji.exe
2008-01-13 11:14 . 2007-10-10 17:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-13 11:14 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-13 11:14 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-13 11:14 . 2007-10-10 17:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-13 11:14 . 2007-10-10 17:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-13 11:14 . 2007-10-10 17:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-13 11:14 . 2007-10-10 17:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-13 11:14 . 2007-10-10 17:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-13 11:14 . 2007-10-10 04:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-13 11:07 . 2008-01-13 11:13 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-13 10:38 . 2008-01-13 10:38 <DIR> d-------- C:\admin
2008-01-13 10:36 . 2008-01-13 10:36 <DIR> d-------- C:\Program Files\CCleaner
2008-01-13 10:24 . 2008-01-13 10:24 2 --a------ C:\WINDOWS\msoffice.ini
2008-01-13 01:31 . 2005-08-19 10:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-13 01:31 . 2005-08-19 10:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-01-13 01:31 . 2005-08-19 10:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-01-09 10:32 . 2008-01-09 10:51 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-09 10:32 . 2008-01-09 10:51 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-09 10:23 . 2008-01-09 10:23 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-09 10:23 . 2008-01-13 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-09 10:22 . 2008-01-13 12:42 1,901,344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-09 10:22 . 2008-01-13 12:17 26,420 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-09 10:22 . 2008-01-13 12:42 24,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-09 10:22 . 2008-01-13 12:17 3,308 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-09 10:19 . 2008-01-09 10:19 <DIR> d-------- C:\KAV
2008-01-08 14:03 . 2008-01-13 01:16 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-08 12:46 . 2008-01-13 01:16 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-08 12:46 . 2008-01-13 01:16 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-08 12:46 . 2008-01-13 01:16 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-08 12:44 . 2008-01-13 01:15 188,416 --a------ C:\WINDOWS\system32\ESDUSBMon .EXE
2008-01-08 12:25 . 2008-01-08 12:25 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2008-01-08 12:18 . 2008-01-09 10:41 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-08 12:14 . 2008-01-13 01:46 <DIR> d-------- C:\WINDOWS\system32\usmvt3
2008-01-08 12:14 . 2008-01-08 12:20 <DIR> d-------- C:\WINDOWS\system32\drivez4
2008-01-08 12:14 . 2008-01-13 01:46 <DIR> d-------- C:\WINDOWS\system32\comp2
2008-01-08 12:14 . 2008-01-08 12:14 <DIR> d-------- C:\WINDOWS\system32\cache3
2008-01-08 12:14 . 2008-01-13 01:46 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2008-01-08 12:14 . 2008-01-08 12:43 <DIR> d--hs---- C:\WINDOWS\Q291cnRuZXkgUG9ydGVy
2008-01-08 12:14 . 2008-01-08 12:14 <DIR> d-------- C:\Temp\cEeer12
2008-01-08 12:14 . 2008-01-13 12:42 <DIR> d-------- C:\Temp
2008-01-08 12:14 . 2008-01-08 12:14 86,016 --a------ C:\WINDOWS\system32\drivers\asc35500.sys
2007-12-24 14:42 . 2007-12-24 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 16:26 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-13 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-13 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 16:17 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 16:15 --------- d-----w C:\Program Files\The Weather Channel FW
2008-01-13 15:22 --------- d-----w C:\Program Files\Dell Support
2008-01-13 15:18 --------- d-----w C:\Program Files\QuickTime
2008-01-07 21:43 --------- d-----w C:\Program Files\TeleTracker Online
2007-11-16 21:02 --------- d-----w C:\Program Files\Coupons
2007-11-16 16:24 --------- d-----w C:\Documents and Settings\Courtney Porter\Application Data\Zango
2007-11-16 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZangoSA
2007-11-16 16:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2004-12-21 23:34 25,214 ----a-w C:\Program Files\dplogo32.ico
.
CODE
<pre>
----a-w 307,200 2008-01-13 07:16:55 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 1,404,928 2008-01-13 07:16:18 C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w 81,920 2008-01-13 07:16:19 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 221,184 2008-01-13 07:16:19 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w 53,248 2008-01-13 07:16:13 C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w 395,776 2008-01-13 07:16:49 C:\Program Files\Dell Support\DSAgnt .exe
----a-w 61,440 2008-01-09 16:41:57 C:\Program Files\Dot1XCfg\Dot1XCfg .exe
----a-w 49,152 2008-01-13 07:16:26 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2 .exe
----a-w 241,664 2008-01-13 07:16:24 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w 32,881 2008-01-13 07:16:13 C:\Program Files\Java\j2re1.4.2_03\bin\jusched .exe
----a-w 218,376 2008-01-13 15:23:10 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
----a-w 26,112 2008-01-13 07:16:20 C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w 15,360 2008-01-13 07:16:55 C:\WINDOWS\system32\ctfmon .exe
----a-w 188,416 2008-01-13 07:15:36 C:\WINDOWS\system32\ESDUSBMon .EXE
----a-w 77,824 2008-01-13 07:16:30 C:\WINDOWS\system32\hkcmd .exe
----a-w 114,688 2008-01-13 07:16:32 C:\WINDOWS\system32\igfxpers .exe
----a-w 94,208 2008-01-13 07:16:29 C:\WINDOWS\system32\igfxtray .exe
----a-w 127,035 2008-01-13 07:16:18 C:\WINDOWS\system32\dla\tfswctrl .exe
----a-w 172,032 2008-01-13 07:16:20 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10 .exe
</pre>



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A074B21-F830-49de-A31B-40463F552DA4}]
2006-08-10 14:04 237184 --a------ C:\Program Files\MyDailyVideo\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5A074B29-F830-49DE-A31B-40463F552DA4}

[HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-40463f552da4}]
[HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-40463F552DA4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{5A074B29-F830-49DE-A31B-40463F552DA4}"= C:\Program Files\MyDailyVideo\bar\bin\askBar.dll [2006-08-10 14:04 237184]

[HKEY_CLASSES_ROOT\clsid\{5a074b29-f830-49de-a31b-40463f552da4}]
[HKEY_CLASSES_ROOT\TypeLib\{5A074B20-F830-49de-A31B-40463F552DA4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-13 09:23 218376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 10:59:36]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 22:44:08]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\vilozonil.html
FriendlyName=

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywww]

R1 asc35500;asc35500;C:\WINDOWS\system32\drivers\asc35500.sys [2008-01-08 12:14]
R2 avp ;avp ;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe" [2008-01-13 09:23]
R2 Esdpdx01;Esdpdx01;C:\WINDOWS\system32\Drivers\ESDPDX01.SYS [2003-12-25 11:00]
R2 WinRT;WinRT;C:\WINDOWS\system32\drivers\WinRT.sys [2002-12-30 12:33]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 dpK00701;U.are.U Fingerprint Reader Upper Driver;C:\WINDOWS\system32\DRIVERS\dpK00701.sys [2004-10-12 14:51]
S3 TMUSB;EPSON USB Device Driver for TM/BA/EU Printers;C:\WINDOWS\system32\DRIVERS\TMUSBXP.SYS [2007-01-19 08:07]
S3 UsbdpFP;U.are.U Fingerprint Reader Class Driver;C:\WINDOWS\system32\DRIVERS\UsbdpFP.sys [2004-10-12 14:53]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 12:42:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 12:46:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 18:46:20
.
2008-01-13 17:16:15 --- E O F ---

================================================================================
==========================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:13 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\WINDOWS\system32\EpStsSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Trend Micro\HijackThis\Killer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://indirect.nextel.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: askBar BHO - {5A074B21-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-40463F552DA4} - C:\Program Files\MyDailyVideo\bar\bin\askBar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Save Image to Folder - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/saveimagestofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:\Program Files\MyDailyVideo\bar\bin\askBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://teletracker....bex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDDD661-2028-4607-A3CE-3F50828625BA}: NameServer = 205.152.37.23,205.152.132.23
O20 - Winlogon Notify: xxyywww - C:\WINDOWS\
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp .exe
O23 - Service: Biometric Authentication Service (DpHost) - Digital Persona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: EPSON ESC/POS Status Service (EPSON ESCPOS Status Service) - SEIKO EPSON Corp. - C:\WINDOWS\SYSTEM32\EpStsSrv.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\vilozonil.html
O24 - Desktop Component 1: (no name) - http://indirect.next...s/header_bg.gif
O24 - Desktop Component 3: (no name) - http://www.fatcow.com/

--
End of file - 6440 bytes
  • 0

Advertisements

#2
plusco
Posted 14 January 2008 - 12:28 PM

plusco

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Please remove. This has been resolved. Thank you.
  • 0

#3
Rorschach112
Posted 14 January 2008 - 12:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP