Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo Trojan persisting despite multiple attempts to clean

Started by angelpoo , Sep 28 2009 04:11 AM

  • Please log in to reply

#1
angelpoo
Posted 28 September 2009 - 04:11 AM

angelpoo

    Member

  • Member
  • PipPip
  • 21 posts
I have a Dell 4600 running Windows XP. Most of the time I use Mozilla Firefox, occasionally using Internet Explorer 6 for limited sites (but just switched to IE8 after starting to have some problems). In the past week, the virus scanners and anti-spyware programs on my computer have reported the Vundo Trojan and despite trying to clear it with McAfee VirusScan, Malwarebytes, SuperAnti-Spyware, and Spybot, it keeps being redetected, causing me to think that it really hasn't been cleared by any of the aforementioned programs.

I followed the instructions in Geeks to Go's Malware and Spyware Cleaning Guide. Below are the logs from OTL and MBAM. Unfortunately, I tried to run Rootkit Detection, but it would not get past "initializing," so there is no log for that one.

Computer frequently seems to be using 100% of CPU available memory (per task manager). Also, there are much more frequent popup ads now. I very much appreciate your help!



OTL logfile created on: 9/27/2009 11:44:31 PM - Run 2
OTL by OldTimer - Version 3.0.16.0 Folder = C:\Install Programs
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 23.44 Mb Available Physical Memory | 4.59% Memory free
2.42 Gb Paging File | 1.78 Gb Available in Paging File | 73.43% Paging File free
Paging file location(s): C:\pagefile.sys 2000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 9.44 Gb Free Space | 25.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 31.49 Gb Total Space | 6.16 Gb Free Space | 19.55% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 117.56 Gb Total Space | 38.25 Gb Free Space | 32.54% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL
Current User Name: Bryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 14:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\FrameworkService.exe
PRC - [2006/02/14 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\mcshield.exe
PRC - [2005/12/07 03:55:00 | 00,229,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\naPrdMgr.exe
PRC - [2006/06/08 20:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\vstskmgr.exe
PRC - [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/07/11 07:22:40 | 00,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
PRC - [2007/01/04 11:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/09/22 08:00:00 | 00,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\SHSTAT.EXE
PRC - [2005/12/07 03:55:00 | 00,131,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\UpdaterUI.exe
PRC - [2003/10/07 09:48:56 | 00,147,514 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
PRC - [2008/08/13 18:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/06/28 07:45:56 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/06/20 22:36:22 | 01,207,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/09/12 07:58:48 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/06/20 22:36:00 | 00,187,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2007/01/04 11:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
PRC - [2009/09/27 23:16:10 | 00,518,144 | ---- | M] (OldTimer Tools) -- C:\Install Programs\OTL.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE

========== Win32 Services (SafeList) ==========

SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/09/03 11:53:00 | 00,048,368 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2008/04/13 14:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/09/07 16:55:02 | 00,503,608 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2005/12/07 03:55:00 | 00,098,304 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Framework\FrameworkService.exe -- (McAfeeFramework [Auto | Running])
SRV - [2006/02/14 20:00:00 | 00,221,191 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\mcshield.exe -- (McShield [Auto | Running])
SRV - [2006/06/08 20:00:00 | 00,029,184 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\McAfee\vstskmgr.exe -- (McTaskManager [Auto | Running])
SRV - [2006/12/14 02:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2003/03/03 08:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 15:19:00 | 00,077,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 01:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2003/03/09 10:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/12/14 02:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2006/07/11 07:22:40 | 00,857,088 | ---- | M] (TiVo Inc.) -- C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe -- (TivoBeacon2 [Auto | Running])
SRV - [2007/01/04 11:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gocomics....6?view_all=true
IE - URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.latimes.com/"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:2.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/14 14:21:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 19:01:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/21 07:21:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/27 23:12:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/12 08:07:47 | 00,000,000 | ---D | M]

[2008/08/06 22:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions
[2008/08/06 22:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 08:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions
[2009/09/04 07:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/07 08:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2009/09/12 08:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/19 08:57:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\mozilla\Firefox\Profiles\z9lh81r9.default\extensions\[email protected]
[2009/09/27 08:19:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/12 08:00:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/21 07:22:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/03 20:51:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/15 00:07:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/09/12 07:58:17 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/12 07:58:20 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/09/12 07:59:35 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/15 01:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/11/18 19:25:59 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/18 19:26:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/18 19:26:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/18 19:26:00 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/18 19:26:01 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/18 19:26:01 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/18 19:26:01 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/09/03 11:53:00 | 00,030,912 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/08/27 16:48:15 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/27 16:48:15 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/27 16:48:15 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/27 16:48:15 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/27 16:48:15 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/27 16:48:15 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/27 16:48:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (335519 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 11498 more lines...
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [gelakateg] C:\WINDOWS\System32\kiramega.DLL ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Common Framework\UpdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe (Network Associates, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\SHSTAT.EXE (Network Associates, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/06 06:58:55 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/06 06:58:55 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/06 06:58:55 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: accountonline.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: alamo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allheart.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: allheart.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: amazon.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: americanexpress.com ([www99] https in Trusted sites)
O15 - HKCU\..Trusted Domains: americastestkitchen.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: att.com ([*.wireless] * in Trusted sites)
O15 - HKCU\..Trusted Domains: avis.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: barnesandnoble.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: blogger.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: blogger.com ([photos] * in Trusted sites)
O15 - HKCU\..Trusted Domains: blogger.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: blogspot.com ([happyoblivion] http in Trusted sites)
O15 - HKCU\..Trusted Domains: centralpacificbank.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: centralpacificbank.com ([secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: circuitcity.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: coffeebean.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cwtv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: cwtv.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: delta.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ebsco.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: fandango.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: farecast.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: footlocker.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: fsmb.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gamestop.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: geico.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([*.soccernet.espn] * in Trusted sites)
O15 - HKCU\..Trusted Domains: go.com ([soccernet.espn] * in Trusted sites)
O15 - HKCU\..Trusted Domains: gocomics.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: gocomics.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([gmail] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([mail] https in Trusted sites)
O15 - HKCU\..Trusted Domains: handhelditems.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hawaiianair.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hawaiipacifichealth.org ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hawaiisuperferry.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hmsa.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ifilm.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: kayak.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mapmyfitness.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: medscape.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nba.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nike.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: nytimes.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: officemax.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: opentable.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: opentable.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: palm.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: payscale.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: points.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rewardsnetwork.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rewardsnetwork.com ([mpdining] https in Trusted sites)
O15 - HKCU\..Trusted Domains: roadrunnersports.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sacbee.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sacbee.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: starbucks.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: steeles.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: surveymonkey.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tirerack.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: titantv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tv.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: tvguide.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: ucomics.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: victoriassecret.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: walmart.com ([photos] * in Trusted sites)
O15 - HKCU\..Trusted Domains: xanga.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: zap2it.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: 71 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} http://www.streamaud...d/ccpm_0237.cab (ChainCast VMR Client Proxy)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file://D:\components\Liquid.ocx (Liquid.LiquidHelper)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...74/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/p...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} http://updates.lifes...ll/pinstall.cab (Install Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229589277421 (MUWebControl Class)
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} http://sioncampus.ne...00/isetupml.cab (InstallShield International Setup Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://citycams.co.h...sCamControl.ocx (CamImage Class)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://us.dl1.yimg.c.../ymmapi_416.dll (YahooYMailTo Class)
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} http://cdn.digitalci...m/video/kdx.cab (Secure Delivery)
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A790} http://www.microsoft...w/0/BerbCln.CAB (BerbCln Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://zone.msn.com/...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (YAddBook Class)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,15/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} http://www.live365.c...ers/play365.cab (Live365Player Class)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://f1.pg.photos....plorer1_9us.cab (PhotosCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download.game...nts/y/tt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Poker http://download.game...nts/y/pt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Word Racer http://download.game...nts/y/wt0_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bw+0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {97291b7f-e871-4e23-b864-408166da98e1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {97291B7F-E871-4E23-B864-408166DA98E1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\suyamadu.dll) - C:\WINDOWS\System32\suyamadu.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\gitisowe.dll) - C:\WINDOWS\System32\gitisowe.dll File not found
O20 - AppInit_DLLs: (c:\windows\system32\niyihese.dll) - C:\WINDOWS\System32\niyihese.dll File not found
O20 - AppInit_DLLs: (hobopuke.dll) - C:\WINDOWS\System32\hobopuke.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\kiramega.dll) - C:\WINDOWS\System32\kiramega.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O21 - SSODL: fasidovaz - {f8773ae1-0241-41b0-9118-a019f8b51fb8} - C:\WINDOWS\System32\niyihese.dll File not found
O21 - SSODL: gonebisef - {93436d0e-9b61-4b81-a04b-f69ebcd19039} - C:\WINDOWS\System32\kiramega.dll ()
O21 - SSODL: jakazihug - {1f6c23c2-cb07-4718-a20f-7efe13ad5d09} - C:\WINDOWS\System32\suyamadu.dll File not found
O22 - SharedTaskScheduler: {1f6c23c2-cb07-4718-a20f-7efe13ad5d09} - tokatiluy - C:\WINDOWS\System32\suyamadu.dll File not found
O22 - SharedTaskScheduler: {93436d0e-9b61-4b81-a04b-f69ebcd19039} - jugezatag - C:\WINDOWS\System32\kiramega.dll ()
O22 - SharedTaskScheduler: {f8773ae1-0241-41b0-9118-a019f8b51fb8} - tokatiluy - C:\WINDOWS\System32\niyihese.dll File not found
O24 - Desktop Components:0 () - http://images.ucomic...04/bl041209.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{442b31b4-9607-11de-a5da-0007e96316f5}\Shell - "" = AutoRun
O33 - MountPoints2\{442b31b4-9607-11de-a5da-0007e96316f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{442b31b4-9607-11de-a5da-0007e96316f5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/09/27 08:34:30 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 08:34:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/27 08:34:25 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/27 08:22:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/27 08:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/27 00:16:43 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/26 23:43:37 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/26 22:58:01 | 00,000,000 | ---D | C] -- C:\VundoFix
[2009/09/25 22:31:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/17 12:43:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache

========== Files - Modified Within 14 Days ==========

[2009/09/27 23:49:04 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vitofuti
[2009/09/27 23:46:02 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009/09/27 23:37:06 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/09/27 23:36:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/09/27 23:36:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/27 23:36:00 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/27 22:48:37 | 00,088,576 | -HS- | M] () -- C:\WINDOWS\System32\kiramega.dll
[2009/09/27 22:48:37 | 00,036,864 | -HS- | M] () -- C:\WINDOWS\System32\popiwoba.dll
[2009/09/27 10:53:19 | 00,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2009/09/27 10:48:54 | 00,088,576 | ---- | M] () -- C:\WINDOWS\System32\ranuvozo.dll
[2009/09/27 08:34:30 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/27 07:07:50 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/26 22:48:33 | 00,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2009/09/25 22:29:32 | 00,604,160 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\TV.doc
[2009/09/24 07:55:33 | 00,335,519 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/09/19 08:47:40 | 00,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 23:50:48 | 00,331,459 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090924-075532.backup
[2009/09/18 21:56:55 | 00,588,288 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\~MASTER CALENDAR 2007-08.doc
[2009/09/18 00:14:33 | 00,077,136 | ---- | M] () -- C:\Documents and Settings\Bryan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/14 15:13:39 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/14 07:44:45 | 00,046,592 | ---- | M] () -- C:\Documents and Settings\Bryan\Desktop\Weight & Fat.xls

========== LOP Check ==========

[2009/09/27 00:13:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2003/08/26 20:13:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2008/02/25 21:47:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/08/12 22:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2009/07/21 12:00:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Home Designer Pro 9.0 Trial Version
[2003/08/13 11:12:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0527
[2005/01/01 20:05:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/01/04 10:02:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2003/08/06 14:50:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2005/06/03 08:37:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/12/02 14:56:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/09/25 08:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/30 09:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turning Technologies
[2009/09/27 00:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/30 16:20:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/09/27 00:09:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data
[2007/09/09 02:05:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\.BitTornado
[2007/06/28 20:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\acccore
[2006/05/29 15:34:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Ahead
[2006/11/09 16:47:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Aim
[2003/08/13 18:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ArcSoft
[2003/08/13 16:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\CyberLink
[2006/12/10 13:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ExecutiveSoftware
[2003/11/13 16:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Freedom
[2009/07/12 10:44:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\GetRightToGo
[2009/07/12 11:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Home Designer Pro 9.0 Trial Version
[2009/09/24 19:46:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Home Designer Suite 8.0
[2005/09/22 00:13:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ICAClient
[2004/03/18 17:54:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\ICQ
[2008/04/04 00:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Kontiki
[2004/03/18 19:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Leadertech
[2005/03/09 16:59:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Motive
[2009/09/18 00:06:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bryan\Application Data\Move Networks
[2003/08/22 12:51:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\MSN6
[2004/03/09 11:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Roxio
[2009/07/02 23:16:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\SmartDraw
[2008/05/10 18:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Smilebox
[2006/12/02 12:07:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Snapfish
[2007/08/22 00:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Softplicity
[2008/11/18 08:16:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Turning Technologies
[2008/06/11 00:28:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\U3
[2007/03/14 00:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Viewpoint
[2009/01/01 13:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bryan\Application Data\Windows Desktop Search
[2009/09/27 07:07:50 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2002/08/29 00:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/01/05 17:59:42 | 00,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1096948708.job
[2009/09/27 23:36:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/27 23:46:02 | 00,000,366 | ---- | M] () -- C:\WINDOWS\Tasks\Symantec NetDetect.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 14:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 14:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >












Malwarebytes' Anti-Malware 1.41
Database version: 2865
Windows 5.1.2600 Service Pack 3

9/27/2009 2:19:21 PM
mbam-log-2009-09-27 (14-19-21).txt

Scan type: Full Scan (C:\|E:\|G:\|)
Objects scanned: 507598
Time elapsed: 4 hour(s), 9 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\SYSTEM32\seruyone.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hobopuke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mozuzolo.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{146b5157-5a13-4490-aa8a-acf6bf7c56b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gelakateg (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{146b5157-5a13-4490-aa8a-acf6bf7c56b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zepidipub (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\seruyone.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\seruyone.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\SYSTEM32\seruyone.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\hobopuke.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\mozuzolo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\jewipaje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ranuvozo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\wekavube.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\zesulalu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by angelpoo, 28 September 2009 - 04:14 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP