republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsMapsAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » [Vundo] Vundo Infection
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
[Trojan] AVWA.DLL Removal »
AuthorAll Replies


lilhurricane
Storm Coming
Premium,Mod
join:2003-01-11
Purple Zone
clubs:
·Comcast

Host:
TV over IP
Software
RCN
Inside Insight
Team Discovery
reply to fundamentalz
Re: [Vundo] Vundo Infection

Let's open that up for easier viewing:

ComboFix 08-05-12.1 - Hady 2008-05-14 20:13:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1177 [GMT -7:00]
Running from: C:\Documents and Settings\Hady\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gihOYJjl.ini
C:\WINDOWS\system32\gihOYJjl.ini2
C:\WINDOWS\system32\iijhhlay.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mSAJknmp.ini
C:\WINDOWS\system32\mSAJknmp.ini2
C:\WINDOWS\system32\tuwmmxdm.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-15 to 2008-05-15 )))))))))))))))))))))))))))))))
.

2008-05-14 20:13 . 2008-05-14 20:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-13 14:59 . 2008-05-13 14:59 d-------- C:\Program Files\Trend Micro
2008-05-12 23:34 . 2008-05-12 23:36 d-------- C:\Program Files\EsetOnlineScanner
2008-05-12 22:36 . 2008-05-12 22:37 d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-21 18:39 . 2008-04-21 18:39 d-------- C:\Program Files\Hamachi
2008-04-21 18:39 . 2008-04-21 21:15 d-------- C:\Documents and Settings\Hady\Application Data\Hamachi
2008-04-21 18:39 . 2008-04-21 18:39 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-16 20:26 . 2008-04-18 20:17 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-16 20:10 . 2008-04-16 20:10 d-------- C:\VundoFix Backups
2008-04-16 20:01 . 2008-04-16 20:03 d-------- C:\Program Files\Windows Live Safety Center
2008-04-16 19:37 . 2008-04-16 19:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-16 19:29 . 2008-04-16 19:55 500 --a------ C:\WINDOWS\wininit.ini
2008-04-16 18:58 . 2008-04-16 18:58 d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 18:58 . 2008-04-16 19:04 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 03:40 . 2008-04-16 15:00 101,165 --a------ C:\WINDOWS\BM671f7a6f.xml
2008-04-15 13:19 . 2008-04-15 13:19 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-15 13:19 . 2008-04-15 13:19 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 03:18 1,639,200 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-15 03:17 52,957,216 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 03:16 716,492 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 03:16 191,216 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-14 20:37 --------- d-----w C:\Program Files\Digsby
2008-05-14 09:22 --------- d-----w C:\Documents and Settings\Hady\Application Data\Azureus
2008-05-01 06:51 --------- d-----w C:\Documents and Settings\Hady\Application Data\Skype
2008-04-30 23:40 --------- d-----w C:\Documents and Settings\Hady\Application Data\skypePM
2008-04-17 03:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 01:27 --------- d-----w C:\Documents and Settings\Hady\Application Data\Move Networks
2008-04-15 20:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 23:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-14 23:38 --------- d-----w C:\Program Files\Skype
2008-04-14 23:38 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-14 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-12 21:34 --------- d-----w C:\Documents and Settings\Hady\Application Data\Digsby
2008-04-10 16:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 16:14 --------- d-----w C:\Program Files\THQ
2008-04-10 16:12 --------- d-----w C:\Program Files\Gadwin Systems
2008-04-09 14:48 --------- d-----w C:\Program Files\Java
2008-04-09 11:29 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-08 22:19 --------- d-----w C:\Documents and Settings\Hady\Application Data\SEGA
2008-04-08 22:18 --------- d-----w C:\Program Files\Sonic
2008-04-08 19:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-08 19:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-29 03:59 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 02:22 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-15 02:22 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-15 02:22 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-03-15 02:09 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-03-15 02:09 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-17 08:08 22,328 ----a-w C:\Documents and Settings\Hady\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29 165784]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 06:15 1359872]
"Steam"="d:\program files\valve\steam.exe" [2008-03-28 20:46 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 01:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-28 12:12 144896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-07-07 15:17 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-31 01:30 286720]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Last.fm Helper.lnk - D:\Program Files\Last.fm\LastFMHelper.exe [2007-11-11 23:05:06 110592]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-09 20:17:59 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\642c49f3]
C:\WINDOWS\system32\yalhhjii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM671f7a6f]
C:\WINDOWS\system32\myancbov.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Valve\\Steam.exe"=
"D:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-07-30 10:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 02:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2008-05-14 20:18:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-14 20:22:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-15 03:22:45

Pre-Run: 13,354,393,600 bytes free
Post-Run: 13,882,781,696 bytes free

163 --- E O F --- 2008-04-11 09:34:09


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:50 PM, on 5/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\DAEMON Tools\daemon.exe
D:\program files\valve\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
D:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Steam] "d:\program files\valve\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - Global Startup: Last.fm Helper.lnk = D:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: »www.ca.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »a1540.g.akamai.net/7/1540/52/200···ugin.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - »www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - »cdn.scan.onecare.live.com/resour···e370.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - »www.nvidia.com/content/DriverDow···lab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - »download.divx.com/player/DivXBro···ugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 8431 bytes
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · · 2008-05-15 02:23:40 · Reply to this
-
Forums » Up and Running » Security » Security Cleanup[Trojan] AVWA.DLL Removal »

Saturday, 30-Aug 00:03:45 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [329] Comcast 250GB Cap Goes Live October 1
· [222] FBI To Allow Warrantless Investigations
· [153] Industry Reacts To Comcast Cap Plans
· [130] AT&T Thanks Democrats For Telecom Immunity
· [123] Time Warner Cable Cripples TiVO, Gets FCC Fine
· [120] Why Run FTTH When You Can Pretend You Do?
· [67] Telus CAPS 'Unlimited' EVDO Data Plans
· [65] Game Publishers Follow The RIAA's Lead
· [60] Qwest Defends Not Running FTTH
· [60] Friday Open Thread
Most people now reading
· Steele vs Paypal - Hoax or Not - You Make the Call [Security]
· [iPhone] Did I Buy A Fake iPhone? [All things Macintosh]
· Comcast has new Acceptable Use Policy besides the 250GB cap [Comcast HSI]
· If anyone wants to see pictures [Home Repair & Improvement]
· Going to Wire My House for CAT5e [Home Repair & Improvement]
· How-to: make ActionTec MI424-WR a network bridge [Verizon Fiber Optics]
· TMobile@Home Review [VOIP Tech Chat]
· Hurricane Gustav [Weather]