Thread: Vundo Adclicker removal assistiance logs attached
View Single Post
Old 01-18-2008, 08:40 AM   #1 (permalink)
dacole
Registered User
 
Join Date: Jan 2008
Location: New Bern, North Carolina
Posts: 7
OS: Win XP service pack 2


Vundo Adclicker removal assistiance logs attached
For the past few weeks McAfee has been finding files and removing them, started as Vundo and after I went online to the McAfee site (by clicking the name of Vundo when it came up to tell me it was removed) and followed their suggestions it started coming up with removing Adclicker. Adclicker has been removed several times but I still get strange IE (man how I wish I could remove that program) screens poping up on my computer.

Any help would be greatly appreciated.

I went through and did all the first suggested processes the log from the online scan should be attached to this message as well. Hijack this log follows.

Deckard's System Scanner v20071014.68
Run by Daniel Cole on 2008-01-18 10:32:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-18 15:32:05 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Daniel Cole.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:19 AM, on 1/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Daniel Cole.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {2AFB99E7-FAD7-4AE1-AB07-90F2368E6FD3} - C:\WINDOWS\system32\vtstr.dll
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\mljjihe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: {5c776c71-bde5-73ba-a164-850a4b10af97} - {79fa01b4-a058-461a-ab37-5edb17c677c5} - C:\WINDOWS\system32\dwgotlmi.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [60921b85] rundll32.exe "C:\WINDOWS\system32\fttrnywm.dll",b
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DynDNS Updater] "C:\Program Files\DynDNS Updater\DynDNS.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Startup: Kremlin Sentry.LNK = C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1174406505544
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1174406501873
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: mljjihe - C:\WINDOWS\SYSTEM32\mljjihe.dll
O23 - Service: McAfee Application Installer Cleanup (0123071200665193) (0123071200665193mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\012307~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 11079 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 cis1284 - c:\windows\system32\drivers\cis1284.sys <Not Verified; Canon Information Systems; Canon MultiPASS>
R3 SaiMini - c:\windows\system32\drivers\saimini.sys <Not Verified; Saitek; Configuration Software>
R3 SaiNtBus - c:\windows\system32\drivers\saibus.sys <Not Verified; Saitek; Configuration Software>

S3 bfastfao - c:\docume~1\daniel~1\locals~1\temp\bfastfao.sys (file missing)
S3 PciCon - e:\pcicon.sys (file missing)
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 MPService - c:\program files\canon\multipass\mpservic.exe <Not Verified; Canon Information Systems, Inc.; Canon MultiPASS>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S2 0123071200665193mcinstcleanup (McAfee Application Installer Cleanup (0123071200665193)) - c:\windows\temp\012307~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-01-09 08:20:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-01-01 01:00:01 364 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-12-15 01:02:33 362 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-12-18 and 2008-01-18 -----------------------------

2008-01-18 10:33:07 0 d-------- C:\Program Files\Trend Micro
2008-01-18 00:42:27 0 d-------- C:\Program Files\SpywareBlaster
2008-01-17 23:21:43 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-17 23:21:13 8576 --a------ C:\WINDOWS\system32\drivers\vugysnkjyeid.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-17 17:27:27 86592 --a------ C:\WINDOWS\system32\fttrnywm.dll
2008-01-17 17:18:25 77376 --a------ C:\WINDOWS\system32\dwgotlmi.dll
2008-01-17 17:16:16 70208 --a------ C:\WINDOWS\system32\pjrkwkdk.dll
2008-01-16 10:13:18 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-16 09:45:25 76864 --a------ C:\WINDOWS\system32\gnwwwbba.dll
2008-01-16 09:42:52 70208 --a------ C:\WINDOWS\system32\dkbbgsno.dll
2008-01-15 08:05:42 70208 --a------ C:\WINDOWS\system32\avgdpbvm.dll
2008-01-15 08:00:09 79936 --a------ C:\WINDOWS\system32\qiqkkvnc.dll
2008-01-13 22:31:40 70208 --a------ C:\WINDOWS\system32\bvyrvajh.dll
2008-01-13 22:28:41 79936 --a------ C:\WINDOWS\system32\obyrgrwd.dll
2008-01-12 22:33:13 76864 --a------ C:\WINDOWS\system32\asltreif.dll
2008-01-12 22:30:13 70208 --a------ C:\WINDOWS\system32\itgafiyw.dll
2008-01-11 22:26:42 70208 --a------ C:\WINDOWS\system32\xbgapcwf.dll
2008-01-11 22:26:41 76864 --a------ C:\WINDOWS\system32\aluntvja.dll
2008-01-10 22:29:41 70208 --a------ C:\WINDOWS\system32\txweyxpy.dll
2008-01-10 22:26:41 79424 --a------ C:\WINDOWS\system32\tqqunkch.dll
2008-01-09 22:26:44 79936 --a------ C:\WINDOWS\system32\tiknufti.dll
2008-01-08 22:26:44 77888 --a------ C:\WINDOWS\system32\yxkoyxcy.dll
2008-01-07 22:26:44 76864 --a------ C:\WINDOWS\system32\odkcpnxf.dll
2008-01-06 22:26:45 75840 --a------ C:\WINDOWS\system32\hmprjxvs.dll
2008-01-05 23:53:22 421888 --a------ C:\WINDOWS\Nero PhotoShow.scr
2008-01-05 23:53:22 0 d-------- C:\Documents and Settings\Daniel Cole\Application Data\Simple Star
2008-01-05 22:26:44 78912 --a------ C:\WINDOWS\system32\hwxapxgj.dll
2008-01-05 21:08:39 0 d-------- C:\Documents and Settings\Daniel Cole\Application Data\Ahead
2008-01-05 21:07:18 0 d-------- C:\WINDOWS\InCD
2008-01-05 21:05:09 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-05 20:58:20 0 d-------- C:\Program Files\ahead
2008-01-05 19:52:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-05 19:52:25 364544 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-01-05 19:52:25 471040 --a------ C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-05 19:52:25 262144 --a------ C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-05 19:52:25 1568768 --a------ C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-01-05 19:52:24 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-05 19:52:24 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-01-05 19:52:21 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-04 22:30:52 7165 --a------ C:\WINDOWS\system32\nyidtmbw.dll
2008-01-04 22:24:49 79424 --a------ C:\WINDOWS\system32\irengowx.dll
2008-01-03 22:30:13 78400 --a------ C:\WINDOWS\system32\xqgcrbxh.dll
2008-01-02 22:30:13 78400 --a------ C:\WINDOWS\system32\ycubohor.dll
2008-01-01 22:30:13 77376 --a------ C:\WINDOWS\system32\wrjdhdiq.dll
2007-12-31 23:39:11 0 d-------- C:\Program Files\Common Files\Stardock
2007-12-31 23:28:36 118784 --a------ C:\WINDOWS\system32\DartWeb.dll <Not Verified; Dart Communications; PowerTCP© Tools>
2007-12-31 23:28:36 221184 --a------ C:\WINDOWS\system32\DartSock.dll <Not Verified; Dart Communications; PowerTCP© Tools>
2007-12-31 23:28:36 49152 --a------ C:\WINDOWS\system32\DartObjects.dll <Not Verified; Dart Communications; PowerTCP© Tools>
2007-12-31 23:27:19 0 d-------- C:\Program Files\Stardock
2007-12-31 22:29:47 78912 --a------ C:\WINDOWS\system32\srostxsy.dll


-- Find3M Report ---------------------------------------------------------------

2008-01-18 10:32:46 331411 --ahs---- C:\WINDOWS\system32\rtstv.ini2
2008-01-18 10:32:34 0 d-------- C:\Documents and Settings\Daniel Cole\Application Data\SiteAdvisor
2008-01-18 09:08:40 0 d-------- C:\Program Files\DynDNS Updater
2008-01-18 09:08:24 0 d-------- C:\Program Files\McAfee
2008-01-17 23:41:14 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-01-05 19:52:21 0 d-------- C:\Program Files\Common Files
2007-12-14 01:27:20 85568 --a------ C:\WINDOWS\system32\wteluwnh.dll
2007-12-10 18:48:14 0 d-------- C:\Program Files\a-squared Anti-Malware
2007-12-10 01:32:00 85568 --a------ C:\WINDOWS\system32\ajqgklad.dll
2007-12-09 20:00:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-07 17:02:21 0 d-------- C:\Program Files\DO
2007-12-07 01:11:32 0 d-------- C:\Program Files\Lavasoft
2007-12-07 01:11:30 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 14:05:40 81984 --a------ C:\WINDOWS\system32\hlckvweg.dll
2007-12-04 19:24:10 0 d-------- C:\Documents and Settings\Daniel Cole\Application Data\uTorrent
2007-12-04 14:03:01 80960 --a------ C:\WINDOWS\system32\qtxvsmkh.dll
2007-12-04 0204 80960 --a------ C:\WINDOWS\system32\baanmdvf.dll
2007-12-03 02:10:08 0 d-------- C:\Documents and Settings\Daniel Cole\Application Data\DAEMON Tools Pro
2007-12-03 02:04:25 0 d-------- C:\Program Files\Trillian
2007-12-03 01:51:42 321120 --a------ C:\WINDOWS\system32\vtstr.dll
2007-12-03 01:46:33 34304 --a------ C:\WINDOWS\system32\mljjihe.dll
2007-12-01 00:39:38 0 d-------- C:\Documents and Settings\Daniel Cole\Application Data\Media Player Classic
2007-11-28 22:16:24 4608 --a------ C:\WINDOWS\system32\w95inf32.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-11-28 22:16:24 2272 --a------ C:\WINDOWS\system32\w95inf16.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-11-27 18:08:47 0 d-------- C:\Program Files\Common Files\McAfee
2007-11-22 10:19:27 0 d-------- C:\Program Files\Java
2007-11-18 02:38:49 23552 --a------ C:\WINDOWS\xobglu32.dll
2007-11-18 02:38:49 63488 --a------ C:\WINDOWS\xobglu16.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2AFB99E7-FAD7-4AE1-AB07-90F2368E6FD3}]
12/03/2007 01:51 AM 321120 --a------ C:\WINDOWS\system32\vtstr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}]
12/03/2007 01:46 AM 34304 --a------ C:\WINDOWS\system32\mljjihe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79fa01b4-a058-461a-ab37-5edb17c677c5}]
01/17/2008 05:18 PM 77376 --a------ C:\WINDOWS\system32\dwgotlmi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MP_STATUS_MONITOR"="C:\Program Files\Canon\MultiPASS\monitr32.exe" []
"MPTBox"="C:\Program Files\Canon\MultiPASS\MPTBox.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/21/2007 12:21 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"SkyTel"="SkyTel.EXE" [05/17/2006 01:04 AM C:\WINDOWS\SkyTel.exe]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [06/17/2005 06:02 PM]
"RTHDCPL"="RTHDCPL.EXE" [11/15/2006 12:21 AM C:\WINDOWS\RTHDCPL.exe]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [06/14/2005 02:23 PM]
"nwiz"="nwiz.exe" [08/23/2006 08:03 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/23/2006 08:02 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/23/2006 08:03 PM]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [02/17/2006 10:40 AM]
"JMB36X IDE Setup"="C:\WINDOWS\JM\JMInsIDE.exe" [10/30/2006 07:44 AM]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidSetup.exe" [10/30/2006 07:44 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" []
"Alcmtr"="ALCMTR.EXE" [05/04/2005 01:43 AM C:\WINDOWS\Alcmtr.exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"@"="" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [02/28/2006 06:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [02/28/2006 06:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 06:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [02/28/2006 06:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"60921b85"="C:\WINDOWS\system32\fttrnywm.dll" [01/17/2008 05:27 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"DynDNS Updater"="C:\Program Files\DynDNS Updater\DynDNS.exe" [09/17/2006 10:32 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00 AM]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [09/06/2007 08:08 AM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [11/11/2004 08:50 PM]

C:\Documents and Settings\Daniel Cole\Start Menu\Programs\Startup\
Kremlin Sentry.LNK - C:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe [2/19/2006 9:57:29 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\mljjihe.dll [12/03/2007 01:46 AM 34304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjihe]
mljjihe.dll 12/03/2007 01:46 AM 34304 C:\WINDOWS\system32\mljjihe.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80825ec2-d6d4-11db-9a64-806d6172696f}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83a0b37a-a16e-11dc-9aab-001a9244c33d}]
AutoRun\command- F:\Lunch.exe

*Newly Created Service* - 0123071200665193MCINSTCLEANUP



-- End of Deckard's System Scanner: finished at 2008-01-18 10:33:55 ------------
Attached Files
File Type: txt extra.txt (15.6 KB, 1 views)
File Type: txt panda spy wear report.txt (20.5 KB, 2 views)
dacole is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here