[Vundo] Vundo keeps coming back

CajunTek Insane Cajun Premium,MVM join:2003-08-08 Arlington, TX ·RoadRunner Cable	reply to bronc0fan Re: [Vundo] Vundo keeps coming back said by bronc0fan : Thanks for your help, everything running fine so far. No problem... Glad we could help!!! -- da Cajun Darn I hate Malware
	to forum · permalink · · 2008-07-08 08:42:26 ·
bronc0fan Boogie Premium join:2002-02-26 Colorado Springs, CO clubs:	reply to CajunTek Thanks for your help, everything running fine so far.
	to forum · permalink · · 2008-07-08 07:59:37 ·
CajunTek Insane Cajun Premium,MVM join:2003-08-08 Arlington, TX	reply to bronc0fan Your logs are now clean.. It looks like between mbam and combofix we got it. Are you still having problems? If so let us know and we can try other measures. -- da Cajun Darn I hate Malware
	to forum · permalink · · 2008-07-08 07:21:56 ·
bronc0fan Boogie Premium join:2002-02-26 Colorado Springs, CO clubs:	reply to CajunTek OK here are the 3 logs you need: Malwarebytes' Anti-Malware 1.20 Database version: 931 Windows 5.1.2600 Service Pack 2 9:49:16 PM 7/7/2008 mbam-log-7-7-2008 (21-49-16).txt Scan type: Quick Scan Objects scanned: 53811 Time elapsed: 6 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\pmevclms.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smlcvemp.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. ******* ComboFix 08-07-05.1 - Owner 2008-07-07 22:07:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1271 [GMT -6:00] Running from: C:\Documents and Settings\Owner.MAINCPU\Desktop\ComboFix.exe * Created a new restore point [color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\BM131879de.txt C:\WINDOWS\pskt.ini C:\WINDOWS\system32\akgimlto.dll C:\WINDOWS\system32\faobkbeb.dll C:\WINDOWS\system32\gnfnjeib.ini C:\WINDOWS\system32\igweyqxn.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nherhfnm.ini C:\WINDOWS\system32\OrAycccf.ini C:\WINDOWS\system32\OrAycccf.ini2 C:\WINDOWS\system32\qdykemlv.dll C:\WINDOWS\system32\qgfxyz.dll C:\WINDOWS\system32\usugkjvi.ini C:\WINDOWS\system32\uyrfzd.dll C:\WINDOWS\system32\vicpjlfp.ini C:\WINDOWS\system32\wqknvsil.ini C:\WINDOWS\system32\xxtwnrnn.ini D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))) . 2008-07-07 21:36 . 2008-07-07 21:36 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-07 21:36 . 2008-07-07 21:36 d-------- C:\Documents and Settings\Owner.MAINCPU\Application Data\Malwarebytes 2008-07-07 21:36 . 2008-07-07 21:36 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-07 21:36 . 2008-07-07 17:42 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-07 21:36 . 2008-07-07 17:42 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-07 18:41 . 2008-07-07 18:51 d-------- C:\HJT 2008-07-06 20:52 . 2008-07-06 20:52 d-------- C:\VundoFix Backups 2008-07-06 02:14 . 2008-07-06 02:14 d-------- C:\Program Files\Windows Defender 2008-07-05 10:11 . 2008-07-05 10:22 d-------- C:\Program Files\SpywareBlaster 2008-07-05 09:48 . 2008-07-05 09:48 d-------- C:\Program Files\Trend Micro 2008-06-23 19:32 . 2008-06-23 19:32 d-------- C:\Program Files\Lavasoft 2008-06-23 19:32 . 2008-06-23 19:33 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-23 19:31 . 2008-06-23 19:31 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-21 23:44 . 2008-07-05 10:11 110,369 --a------ C:\WINDOWS\BM131879de.xml 2008-06-21 11:35 . 2008-06-21 11:35 d-------- C:\Program Files\Sony Setup 2008-06-21 11:29 . 2008-06-21 11:29 d-------- C:\Program Files\Free RAR Extract Frog 2008-06-11 05:51 . 2008-06-13 07:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-11 05:51 . 2008-06-13 07:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-08 16:28 . 2008-06-08 16:28 d-------- C:\Documents and Settings\Owner.MAINCPU\Application Data\DivX 2008-06-08 16:07 . 2008-06-08 16:07 d-------- C:\Documents and Settings\Owner.MAINCPU\Temp 2008-06-08 09:19 . 2008-05-22 16:22 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-08 04:13 --------- d-----w C:\Program Files\BOINC 2008-07-08 04:10 --------- d-----w C:\Documents and Settings\Owner.MAINCPU\Application Data\DNA 2008-07-08 03:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-08 00:12 --------- d-----w C:\Program Files\Java 2008-07-07 23:32 --------- d-----w C:\Program Files\McAfee 2008-07-04 20:42 1,252 ----a-w C:\Documents and Settings\Owner.MAINCPU\Application Data\wklnhst.dat 2008-07-01 04:44 --------- d-----w C:\Program Files\Oberon Media 2008-06-27 04:42 --------- d-----w C:\Documents and Settings\Owner.MAINCPU\Application Data\Move Networks 2008-06-27 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom 2008-06-24 05:55 --------- d-----w C:\Documents and Settings\Owner.MAINCPU\Application Data\SiteAdvisor 2008-06-23 03:56 --------- d-----w C:\Program Files\Gateway Games 2008-06-10 03:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-10 03:12 --------- d-----w C:\Program Files\CyberLink 2008-06-09 01:24 --------- d-----w C:\Documents and Settings\Owner.MAINCPU\Application Data\Azureus 2008-06-08 22:08 --------- d-----w C:\Program Files\Azureus 2008-06-08 15:19 --------- d-----w C:\Program Files\DivX 2008-06-07 04:57 --------- d-----w C:\Program Files\DNA 2008-06-06 03:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus 2008-05-30 23:12 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-05-22 11:50 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2007-01-26 12:40 92,064 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmmdm.sys 2007-01-26 12:40 9,232 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmmdfl.sys 2007-01-26 12:40 79,328 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmserd.sys 2007-01-26 12:40 66,656 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmbus.sys 2007-01-26 12:40 6,208 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmcmnt.sys 2007-01-26 12:40 5,936 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmwhnt.sys 2007-01-26 12:40 4,048 ----a-w C:\Documents and Settings\Owner.MAINCPU\mqdmcr.sys 2007-01-26 12:40 25,600 ----a-w C:\Documents and Settings\Owner.MAINCPU\usbsermptxp.sys 2007-01-26 12:40 22,768 ----a-w C:\Documents and Settings\Owner.MAINCPU\usbsermpt.sys 2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10 4662776] "McAfee QuickClean Imonitor"="C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe" [2005-12-01 07:01 110592] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 10:15 50528] "ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 18:30 885248] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 19:40 68856] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:54 5674352] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-06-06 22:57 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 16:51 7323648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-20 08:31 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] C:\Documents and Settings\Owner.MAINCPU\Start Menu\Programs\Startup\ BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-07-04 22:06:20 3846912] Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-12-26 19:49:39 106496] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-08-09 10:08:14 2348584] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664] HP Image Zone Fast Start.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.iac2"= C:\PROGRA~1\REPLAY~1\iac25_32.ax "msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= "C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"= R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-02-01 17:24] R2 IOPort;IOPort;C:\WINDOWS\system32\IOPORT.SYS [1998-11-27 19:57] R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 15:38] S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys [2006-11-28 23:46] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 11:31] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2008-07-04 20:28:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-07-08 01:34:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job" - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe "2008-06-15 07:37:58 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2008-06-01 07:01:09 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-07-08 04:14:45 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-06-08 14:44:03 C:\WINDOWS\Tasks\MSK_ABImport_Weekly_Owner.job" - C:\WINDOWS\system32\rundll32.exe= . - - - - ORPHANS REMOVED - - - - BHO-{670AE285-CD19-4F60-8539-5D4C9A533969} - C:\WINDOWS\system32\fcccyArO.dll BHO-{E23136A1-1AC4-4D1B-926F-5D537CFFF359} - C:\WINDOWS\system32\tuvwVoLd.dll ShellExecuteHooks-{E23136A1-1AC4-4D1B-926F-5D537CFFF359} - C:\WINDOWS\system32\tuvwVoLd.dll Notify-tuvwVoLd - tuvwVoLd.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2008-07-07 22:12:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Program Files\McAfee\MSK\msksrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\HP\digital imaging\bin\hpqgalry.exe C:\Program Files\BOINC\boinc.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.05_windows_intelx86 C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe . ********************************************************************** . Completion time: 2008-07-07 22:17:50 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-08 04:16:46 Pre-Run: 211,091,800,064 bytes free Post-Run: 212,021,428,224 bytes free 215 --- E O F --- 2008-07-07 05:15:03 ****** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:29:01 PM, on 7/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\ResChanger 2005\ResChanger2005.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DNA\btdna.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\BOINC\boinc.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.05_windows_intelx86 C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »us.rd.yahoo.com/customize/ie/def···rch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.gateway.com/g/startpage.html···M=GT5228 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - »www.pogo.com/cdl/launcher/PogoWe···ller.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - »floridakeysmedia.tv/axiscam/Code···trol.ocx O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10410 bytes -- »Team Discovery "Long live rock, be it dead or alive" --The Who. Americans are getting stronger. 20 years ago, it took 2 people to carry $10 worth of groceries; now a 5 year old can do it.
	to forum · permalink · · 2008-07-08 00:35:44 ·
CajunTek Insane Cajun Premium,MVM join:2003-08-08 Arlington, TX ·RoadRunner Cable	reply to bronc0fan 1. Please download MalwareBytes Anti-malware (MBAM) from one of the following links: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html http://www.besttechie.net/tools/mbam-setup.exe Once downloaded, close all programs and Windows on your computer (including this one.) Double-click on the icon on your desktop named Download_mbam-setup.exe. This will start the installation of MBAM onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button. MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer. MBAM will now start scanning your computer for malware. This process can take quite a while, so we suggest you go and do something else and periodically check on the status of the scan. When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click Show Results. Make sure all entries have a checkmark at their far left. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window. Remember where you saved the log file, as we will want to see it later. 2. Download and Run -- ComboFix© Download this file -- to your Desktop -- from any of these sources: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe • Disconnect from the Internet. • Disable your Antivirus software -- this includes any Script Blocking Feature it may have. Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser. • A window will open with a warning. Accept any disclaimers to start the fix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes. Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. 3. Run HijackThis again, and save the log file. In your next post we need to see: • Your MBAM log results; • The contents of C:\Combofix.txt; • The new HijackThis log. -- da Cajun Darn I hate Malware
	to forum · permalink · · 2008-07-07 22:44:34 ·
bronc0fan Boogie Premium join:2002-02-26 Colorado Springs, CO clubs:	Hello all! I can't seem to get rid of this Vundo. Windows Defender detected it after I got logged on and removed it (C:/win32/vundo.gen!R) This is the second day I have got this, although I've must have had it for a week now with computer issues such as: Internet Explorer 6 running very slow or locking up; the Windows Security Updates is shut off; and after booting up Windows, I get no display although my monitor's power light is on. The symptoms come at the end of the evening before I log off for the night i.e. getting ads for all kinds of anti-virus software on my browser, ads to join Fubar, and other spam. My computer's operating system is Windows XP Media Center Version 2002 SP2. I have also copy and pasted the VundoFix and Hijack This logs for you. Scan started at 8:52:13 PM 7/6/2008 Listing files found while scanning.... No infected files were found. VundoFix V7.0.6 Scan started at 11:46:41 PM 7/6/2008 Listing files found while scanning.... No infected files were found. VundoFix V7.0.6 Scan started at 6:58:09 AM 7/7/2008 Listing files found while scanning.... No infected files were found. VundoFix V7.0.6 Scan started at 6:18:33 PM 7/7/2008 Listing files found while scanning.... No infected files were found. *Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:35:11 PM, on 7/7/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\ResChanger 2005\ResChanger2005.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DNA\btdna.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\BOINC\boincmgr.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\BOINC\boinc.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_rice_6.17_windows_intelx86 C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_6.05_windows_intelx86 C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Program Files\McAfee\VirusScan\McShield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\SiteAdvisor\6261\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »us.rd.yahoo.com/customize/ie/def···rch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »www.gateway.com/g/startpage.html···M=GT5228 O1 - Hosts: 102.54.94.97 rhino.acme.com # source server O1 - Hosts: 38.25.63.10 x.acme.com # x client host O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {670AE285-CD19-4F60-8539-5D4C9A533969} - C:\WINDOWS\system32\fcccyArO.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {E23136A1-1AC4-4D1B-926F-5D537CFFF359} - C:\WINDOWS\system32\tuvwVoLd.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\ST67S5EF.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\SLUNC1E7.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\OFGJULUT.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\M38NM1KH.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\4XMBG927.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\0XIJK9U7.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.IE5\03M54JM7.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\HSPERF~1.SH! C:\DOCUME~1\OWNER~1.MAI\LOCALS~1\TEMPOR~1\Content.IE5\ZYPSHBZZ\SIZE_1~1.SH! C:\DOCUME~1\OWNER~1.MAI\LOCALS~1\TEMPOR~1\Content.IE5\UM75XND7\SIZE_1~1.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\ST67S5EF.SH! c:\DOCUME~1\OWNER~1.MAI\LOCALS~1\temp\TEMPOR~1.SH!\Content. O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - »go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - »www.pogo.com/cdl/launcher/PogoWe···ller.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - »download.mcafee.com/molbin/share···sctl.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - »floridakeysmedia.tv/axiscam/Code···trol.ocx O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: tuvwVoLd - tuvwVoLd.dll (file missing) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11824 bytes **** I ran VundoFix before coming to this forum and it came up with nothing. Thanks for any help! -- »Team Discovery "Long live rock, be it dead or alive" --The Who. Americans are getting stronger. 20 years ago, it took 2 people to carry $10 worth of groceries; now a 5 year old can do it.
	to forum · permalink · · 2008-07-07 21:22:36 ·


Saturday, 05-Dec 20:04:39	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF