Re: [Spyware] HJT Log - Repeated Virtumonde.dll Entries

Author	All Replies
longhorntx	reply to LoPhatPhuud Re: [Spyware] HJT Log - Repeated Virtumonde.dll Entries Excellent instructions - I really appreciate the help! As per your reply, below are the 3 logs you asked for. I'm not sure whether such a large post will be accepted so I will post them in 3 separate replies. I'd be grateful for further guidance. Thanks! MBAM Malwarebytes' Anti-Malware 1.17 Database version: 862 1:07:09 AM 6/17/2008 mbam-log-6-17-2008 (01-07-09).txt Scan type: Quick Scan Objects scanned: 46999 Time elapsed: 9 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 3 Registry Keys Infected: 13 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 10 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\jhtmaauh.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\wineij32.dll (Dialer) -> Unloaded module successfully. C:\WINDOWS\system32\urqRHbCr.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineij32 (Dialer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a0b4ffea-d466-49a8-9bb0-b7bbd2fcb449} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a0b4ffea-d466-49a8-9bb0-b7bbd2fcb449} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrhbcr (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0cff259 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a0b4ffea-d466-49a8-9bb0-b7bbd2fcb449} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMc3fcc1c5 (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\huaacjiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qijcaauh.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jhtmaauh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\huaamthj.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wineij32.dll (Dialer) -> Delete on reboot. C:\WINDOWS\system32\urqRHbCr.dll (Trojan.Vundo) -> Delete on reboot. C:\Documents and Settings\Zohair\Local Settings\Temp\gos61.tmp (Dialer) -> Quarantined and deleted successfully. C:\xmp.bat (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\gwufpxvm.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
longhorntx	to forum · permalink · 2008-06-16 17:52:46 ·
longhorntx	ComboFix ComboFix 08-06-15.4 - Zohair 2008-06-17 1:22:35.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.615 [GMT 4:00] Running from: C:\Documents and Settings\Zohair\Desktop\ComboFix.exe * Created a new restore point [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\Documents and Settings\Zohair\Application Data\macromedia\Flash Player\#SharedObjects\XT26SNWX\www.broadcaster.com C:\Documents and Settings\Zohair\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Zohair\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\WINDOWS\BMc3fcc1c5.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\adeqdyko.ini C:\WINDOWS\system32\ceMpAJlm.ini C:\WINDOWS\system32\ceMpAJlm.ini2 C:\WINDOWS\system32\KUtBLRqr.ini C:\WINDOWS\system32\KUtBLRqr.ini2 C:\WINDOWS\system32\luyqxyto.dll C:\WINDOWS\system32\vesiqnqo.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))) . 2008-06-17 00:49 . 2008-06-17 00:49 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-06-17 00:49 . 2008-06-17 00:49 d-------- C:\Documents and Settings\Zohair\Application Data\Malwarebytes 2008-06-17 00:49 . 2008-06-17 00:49 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-06-17 00:49 . 2008-06-10 19:02 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-06-17 00:49 . 2008-06-10 19:02 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-06-16 17:00 . 2008-06-16 17:00 d-------- C:\Program Files\Trend Micro 2008-06-15 16:40 . 2008-06-15 16:36 691,545 --a------ C:\WINDOWS\unins000.exe 2008-06-15 16:40 . 2008-06-15 16:40 2,544 --a------ C:\WINDOWS\unins000.dat 2008-06-11 19:59 . 2005-08-25 19:47 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec 2008-06-11 19:59 . 2005-08-25 19:39 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc 2008-06-11 19:59 . 2005-08-25 19:32 d-------- C:\Documents and Settings\Administrator\Application Data\Intel 2008-06-11 19:59 . 2005-08-25 19:51 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek 2008-06-11 19:59 . 2008-06-11 19:59 d-------- C:\Documents and Settings\Administrator 2008-06-10 22:12 . 2008-06-13 16:24 1,948 --a------ C:\WINDOWS\system32\tmp.reg 2008-06-10 21:51 . 2008-06-10 22:31 d--h----- C:\$AVG8.VAULT$ 2008-06-10 21:04 . 2008-06-17 01:11 d-------- C:\WINDOWS\system32\drivers\Avg 2008-06-10 21:04 . 2008-06-10 21:04 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-06-10 21:04 . 2008-06-10 21:04 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-06-10 21:04 . 2008-06-10 21:04 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-06-10 21:04 . 2008-06-10 21:04 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-06-10 21:00 . 2008-06-10 21:00 d-------- C:\Program Files\AVG 2008-06-10 21:00 . 2008-06-10 21:00 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-06-10 21:00 . 2008-06-10 21:00 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll 2008-06-10 21:00 . 2008-06-10 21:00 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys 2008-06-10 20:20 . 2008-06-10 20:24 354 --ahs---- C:\WINDOWS\system32\ckrtknfr.ini 2008-06-08 22:55 . 2008-06-08 22:55 d-------- C:\Program Files\Creative Labs 2008-06-08 22:55 . 1999-07-06 14:13 40,960 --a------ C:\WINDOWS\system32\eax.dll 2008-06-08 22:47 . 2008-06-08 22:47 d-------- C:\Program Files\Square Soft, Inc 2008-06-07 23:13 . 2008-06-09 01:18 d-------- C:\Documents and Settings\Zohair\Application Data\IDM 2008-06-07 23:07 . 2008-06-08 16:20 d-------- C:\Program Files\Internet Download Manager 2008-06-06 23:37 . 2008-03-01 17:06 1,159,680 --a------ C:\WINDOWS\system32\disk.dll 2008-06-04 16:22 . 2008-06-04 16:22 52,224 --a------ C:\WINDOWS\ipuninst.exe 2008-05-27 00:48 . 2008-05-27 00:48 d-------- C:\Documents and Settings\Zohair\Application Data\HP 2008-05-27 00:07 . 2006-10-10 08:29 95,232 -ra------ C:\WINDOWS\system32\HPcam_03.dll 2008-05-27 00:00 . 2008-05-27 00:00 d-------- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2008-05-27 00:00 . 2008-05-27 00:01 d-------- C:\Documents and Settings\All Users\Application Data\HP 2008-05-26 23:59 . 2008-05-27 00:01 d-------- C:\Program Files\Common Files\HP 2008-05-26 23:58 . 2008-05-27 00:00 d-------- C:\Program Files\HP 2008-05-26 23:57 . 2008-05-27 00:03 131,589 --a------ C:\WINDOWS\hpiins06.dat 2008-05-26 23:57 . 2007-05-04 01:05 0 --------- C:\WINDOWS\hpimdl06.dat 2008-05-26 23:55 . 2004-08-04 08:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-05-26 23:55 . 2001-08-18 06:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 21:31 --------- d-----w C:\Documents and Settings\Zohair\Application Data\DMCache 2008-06-16 20:43 --------- d-----w C:\Documents and Settings\Zohair\Application Data\U3 2008-06-15 18:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-15 12:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-06-08 17:12 --------- d-----w C:\Program Files\VERTX Systems 2008-06-08 17:09 --------- d-----w C:\Program Files\FrostWire 2008-06-08 17:07 --------- d-----w C:\Program Files\Common Files\AOL 2008-06-02 00:54 --------- d-----w C:\Program Files\DivX 2008-05-27 23:24 --------- d-----w C:\Documents and Settings\Zohair\Application Data\Skype 2008-05-26 20:47 --------- d-----w C:\Documents and Settings\Zohair\Application Data\Apple Computer 2008-05-12 20:52 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-12 20:50 --------- d-----w C:\Documents and Settings\Zohair\Application Data\AdobeUM 2008-04-18 18:04 --------- d-----w C:\Program Files\Safari 2008-04-18 18:00 --------- d-----w C:\Program Files\Apple Software Update 2007-11-29 19:14 1,024 -c--a-w C:\Documents and Settings\All Users\Application Data\1pdfmer.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6477B014-238E-48CC-83A6-F08C6F6BEC9D}] C:\WINDOWS\system32\rqRLBtUK.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A0B4FFEA-D466-49A8-9BB0-B7BBD2FCB449}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2C48084-27F4-4333-8BB1-3D13A694F845}] C:\WINDOWS\system32\mlJApMec.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 20:34 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-06-07 23:13 2594224] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 23:59 385024] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 06:00 344064] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 01:33 155648] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-10 21:03 1177368] "@"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2004-08-04 14:00 53760 C:\WINDOWS\system32\narrator.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-08-25 19:36:32 24576] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Fly] smart.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-08 01:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqRHbCr] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk backup=C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Zohair^Start Menu^Programs^Startup^Adobe Gamma Loader.exe] path=C:\Documents and Settings\Zohair\Start Menu\Programs\Startup\Adobe Gamma Loader.exe backup=C:\WINDOWS\pss\Adobe Gamma Loader.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] C:\Program Files\BearShare\BearShare.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2007-03-27 17:24 49152 C:\WINDOWS\VM301Snap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc3fcc1c5] C:\WINDOWS\system32\luyqxyto.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU] --a--c--- 2005-08-25 19:15 61440 c:\dell\bldbubg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0cff259] C:\WINDOWS\system32\huaacjiq.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Citrus Alarm Clock] --a------ 2001-10-22 06:50 513024 C:\Program Files\Citrus Alarm Clock\citrusac.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a--c--- 2004-08-04 14:00 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a--c--- 2007-09-18 18:16 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] --a--c--- 2005-03-04 20:26 606208 C:\Program Files\Dell\QuickSet\quickset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a--c--- 2005-05-15 11:04 332800 C:\Program Files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] --a------ 2004-12-06 10:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] C:\WINDOWS\Domino.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] C:\Program Files\Common Files\AOL\1161809212\ee\AOLSoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-03-12 05:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] --a------ 2008-06-07 23:13 2594224 C:\Program Files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a--c--- 2004-07-28 01:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a--c--- 2004-07-28 01:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate] --a--c--- 2005-01-19 02:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] --a--c--- 2005-01-19 02:47 458752 C:\Program Files\Logitech\Video\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] --a--c--- 2005-01-19 02:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2004-10-08 20:52 221184 C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service] --a------ 2007-04-08 20:44 303104 C:\Program Files\Essentials Codec Pack\update.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 20:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash] --a--c--- 2004-11-11 19:26 26112 C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-29 08:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2007-05-02 09:07 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE] -----c--- 2002-02-04 22:32 53248 C:\Program Files\REGSHAVE\REGSHAVE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RK Launcher] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2006-10-14 03:20 20058152 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-07-12 13:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a--c--- 2005-09-03 07:12 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-05-02 09:07 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-31 01:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinRoll] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yz Shadow] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Hamachi\\hamachi.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\winver.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-06-10 21:04] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-10 21:04] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-10 21:03] R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-06-10 21:03] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-10 21:04] R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 01:38] R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-10 21:00] S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-06-10 21:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a27379c6-95a6-11da-bd8e-00123fe46057}] \Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da78f652-2f19-11dd-80b8-0013ce306b8e}] \Shell\AutoRun\command - F:\nkkg1.com \Shell\explore\Command - F:\nkkg1.com \Shell\open\Command - F:\nkkg1.com . Contents of the 'Scheduled Tasks' folder "2008-06-13 18:04:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2008-06-17 01:31:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\UT VPN Client\cvpnd.exe C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Program Files\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Apoint\ApntEx.exe . ************************************************************************ . Completion time: 2008-06-17 1:43:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-16 21:42:56 Pre-Run: 17,822,248,960 bytes free Post-Run: 17,869,479,936 bytes free 324 --- E O F --- 2008-05-29 13:48:12
longhorntx	to forum · permalink · 2008-06-16 17:54:37 ·
longhorntx	HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:16 AM, on 6/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\Program Files\UT VPN Client\cvpnd.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = »us.rd.yahoo.com/customize/ie/def···ahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = »www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = server01:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: (no name) - {6477B014-238E-48CC-83A6-F08C6F6BEC9D} - C:\WINDOWS\system32\rqRLBtUK.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {F2C48084-27F4-4333-8BB1-3D13A694F845} - C:\WINDOWS\system32\mlJApMec.dll (file missing) O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - »messenger.zone.msn.com/binary/ms···6986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - »www.fileplanet.com/fpdlmgr/cabs/···.100.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - »messenger.zone.msn.com/binary/So···6986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - »messenger.zone.msn.com/EN-AU/a-U···UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - »upload.facebook.com/controls/Fac···ader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - »messenger.zone.msn.com/binary/ZI···6649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - »messenger.zone.msn.com/binary/Me···6907.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - »messenger.zone.msn.com/binary/Wo···7176.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - »messenger.zone.msn.com/binary/Mi···6986.cab O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: Fly - smart.dll (file missing) O20 - Winlogon Notify: urqRHbCr - C:\WINDOWS\ O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: University of Texas at Austin VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UT VPN Client\cvpnd.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9376 bytes
longhorntx	to forum · permalink · 2008-06-16 17:55:29 ·


Thursday, 03-Dec 08:41:21	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF