Thread: constant popups, few website problems, possible vundo
View Single Post
Old 05-09-2008, 10:26 AM   #1 (permalink)
joolies
Registered User
 
Join Date: May 2008
Posts: 5
OS: vista


constant popups, few website problems, possible vundo
hello.

im having similar problems to other posters. im running on vista. about a week ago i remember getting a popup from my norton antivirus saying something about trojan.vundo. since then ive been getting popups from IE, and some websites i cant browse, eg. searching on google. i could maybe say that my browsing has slowed down, but im not sure.

ive tried vundofix.exe, and it has identified one file, but when i attempt to remove it, it tells me to reboot. it is supposed to open after my pc reboots, but it doesnt. ive scanned using norton antivirus, spybot and ad-aware. i have gone through the 5 steps, and there might have been some improvement, but i dont know.

heres my DSS results. i have a the extra.txt attached, but it was from last night. i tried to get another but it would only give main.txt.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:07 AM, on 10/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Kevin V\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\KEVINV~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8805 bytes

-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-09 21:11:41 0 d-------- C:\ie-spyad_zo
2008-05-09 21:03:30 118784 --a------ C:\Windows\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-09 21:03:30 0 d-------- C:\Program Files\SpywareBlaster
2008-05-09 19:43:41 0 d-------- C:\Program Files\Panda Security
2008-05-09 19:03:45 0 d-------- C:\VundoFix Backups
2008-05-09 18:59:29 0 d-------- C:\Program Files\Trend Micro
2008-05-06 23:37:48 262144 --a------ C:\ntuser.dat
2008-05-06 22:00:54 225280 --a------ C:\Windows\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-05-06 22:00:54 0 d-------- C:\Program Files\VstPlugins
2008-05-06 21:59:37 0 d-------- C:\Program Files\Outsim
2008-05-06 21:58:08 0 d-------- C:\Program Files\Image-Line
2008-05-01 01:52:00 0 d-------- C:\Program Files\TVAnts
2008-05-01 00:14:55 0 d-------- C:\Program Files\SopCast
2008-04-29 18:27:47 0 d-------- C:\Program Files\Hamachi
2008-04-28 22:32:51 1777664 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-28 21:21:55 0 d-------- C:\Program Files\Webteh
2008-04-24 22:37:08 32 --a------ C:\Users\All Users\ezsid.dat
2008-04-24 22:30:24 0 d-------- C:\Program Files\Skype
2008-04-24 22:30:24 0 d-------- C:\Program Files\Common Files\Skype
2008-04-24 22:30:18 0 d-------- C:\Users\All Users\Skype
2008-04-18 22:07:48 0 d-------- C:\Windows\Downloaded Installations
2008-04-18 21:21:41 0 d-------- C:\Program Files\SingTelACT
2008-04-18 21:21:35 0 d-------- C:\Program Files\Common Files\Motive
2008-04-18 21:20:54 0 d-------- C:\Users\All Users\Motive
2008-04-13 23:46:41 0 d-------- C:\Program Files\Common Files\Microsoft Games
2008-04-11 23:04:43 0 d-------- C:\Program Files\PFConfig


-- Find3M Report ---------------------------------------------------------------

2008-05-10 00:29:36 67225 --a------ C:\Users\Kevin V\AppData\Roaming\nvModes.001
2008-05-10 00:29:35 0 d-------- C:\Program Files\Steam
2008-05-08 19:51:24 67225 --a------ C:\Users\Kevin V\AppData\Roaming\nvModes.dat
2008-05-08 17:49:19 0 d-------- C:\Users\Kevin V\AppData\Roaming\Xfire
2008-05-08 16:49:08 0 d-------- C:\Program Files\Common Files\Steam
2008-05-06 21:41:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 09:07:44 0 d-------- C:\Program Files\Xfire
2008-05-01 00:29:01 0 d-------- C:\Program Files\Microsoft Games
2008-05-01 00:28:47 0 d-------- C:\Users\Kevin V\AppData\Roaming\Microsoft Games
2008-04-29 20:19:28 0 d-------- C:\Users\Kevin V\AppData\Roaming\Hamachi
2008-04-28 21:27:34 0 d-------- C:\Users\Kevin V\AppData\Roaming\BSplayer
2008-04-28 21:21:57 0 d-------- C:\Users\Kevin V\AppData\Roaming\BSplayer Pro
2008-04-28 21:15:10 0 d-------- C:\Users\Kevin V\AppData\Roaming\Media Player Classic
2008-04-26 10:00:34 0 d-------- C:\Users\Kevin V\AppData\Roaming\Skype
2008-04-26 09:58:00 0 d-------- C:\Users\Kevin V\AppData\Roaming\skypePM
2008-04-24 22:30:24 0 d-------- C:\Program Files\Common Files
2008-04-24 16:58:44 0 d-------- C:\Users\Kevin V\AppData\Roaming\LimeWire
2008-04-18 22:04:25 0 d-------- C:\Users\Kevin V\AppData\Roaming\Motive
2008-04-05 22:07:09 0 d-------- C:\Users\Kevin V\AppData\Roaming\Ventrilo
2008-03-18 22:20:44 0 d-------- C:\Program Files\BitComet
2008-03-18 22:15:36 0 d-------- C:\Program Files\LimeWire
2008-03-18 17:30:42 0 d-------- C:\Users\Kevin V\AppData\Roaming\SystemRequirementsLab
2008-03-18 17:30:42 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-15 20:18:22 0 d-------- C:\Program Files\GoldWave
2008-03-15 16:10:36 0 d-------- C:\Program Files\AVIcodec
2008-03-15 14:46:20 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-03-15 13:50:45 0 d-------- C:\Program Files\VirtualDub
2008-03-13 10:12:45 0 d-------- C:\Program Files\Windows Mail
2008-03-11 16:19:28 0 d-------- C:\Users\Kevin V\AppData\Roaming\Adobe
2008-03-11 10:32:55 0 d-------- C:\Program Files\Norton Internet Security
2008-03-11 10:32:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-10 20:02:10 0 d-------- C:\Users\Kevin V\AppData\Roaming\Sports Interactive
2008-03-10 20:01:23 0 dr-h----- C:\Users\Kevin V\AppData\Roaming\SecuROM
2008-03-10 19:59:00 0 d--h----- C:\Program Files\Zero G Registry
2008-03-10 19:57:48 0 d-------- C:\Program Files\Sports Interactive
2008-03-10 18:26:42 669184 --a------ C:\Windows\system32\pbsvc.exe
2008-03-10 18:13:26 0 d-------- C:\Program Files\Electronic Arts
2008-03-10 13:37:59 0 d-------- C:\Program Files\Ventrilo
2008-03-10 13:37:37 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-10 13:08:29 0 d-------- C:\Program Files\Java
2008-03-10 12:57:55 174 --ahs---- C:\Program Files\desktop.ini
2008-03-10 12:46:40 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-03-10 12:42:10 0 d-------- C:\Program Files\PowerISO
2008-03-10 12:40:32 0 d-------- C:\Program Files\Windows Calendar
2008-03-10 12:40:21 0 d-------- C:\Program Files\Windows Defender
2008-03-10 12:40:07 0 d-------- C:\Program Files\Windows Sidebar
2008-03-10 12:26:13 0 d-------- C:\Users\Kevin V\AppData\Roaming\DAEMON Tools
2008-03-10 12:03:23 0 d-------- C:\Program Files\XviD
2008-03-10 11:55:33 0 d-------- C:\Users\Kevin V\AppData\Roaming\DivX
2008-03-10 11:51:39 0 d-------- C:\Program Files\Windows Live
2008-03-10 11:51:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-10 11:46:24 0 d-------- C:\Program Files\DivX
2008-03-10 11:46:17 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-03-10 11:40:12 0 d-------- C:\Program Files\Common Files\Java
2008-03-10 11:36:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-10 11:33:16 0 d-------- C:\Users\Kevin V\AppData\Roaming\WinRAR
2008-03-10 11:27:35 0 d-------- C:\Program Files\Lavasoft
2008-03-10 11:22:46 0 d-------- C:\Users\Kevin V\AppData\Roaming\Macromedia
2008-03-10 11:20:59 0 --a------ C:\Windows\nsreg.dat
2008-03-10 11:20:56 0 d-------- C:\Users\Kevin V\AppData\Roaming\Mozilla
2008-03-10 11:07:43 0 d-------- C:\Program Files\Symantec
2008-03-10 03:37:25 0 d-------- C:\Program Files\Fingerprint Reader Suite
2008-03-10 03:36:00 0 d-------- C:\Program Files\Dell
2008-03-10 03:32:11 0 d-------- C:\Program Files\SigmaTel
2008-03-10 03:31:26 0 d-------- C:\Program Files\Marvell
2008-03-10 03:30:58 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-10 03:30:41 0 d-------- C:\Users\Kevin V\AppData\Roaming\TMP
2008-03-10 03:29:14 0 d-------- C:\Program Files\Intel
2008-03-10 03:19:15 0 d-------- C:\Users\Kevin V\AppData\Roaming\Intel
2008-03-10 03:12:21 0 d-------- C:\Users\Kevin V\AppData\Roaming\Identities
2008-03-04 12:33:18 7680 --a------ C:\Windows\system32\ff_vfw.dll
2008-02-21 10:05:44 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-02-21 10:04:16 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 10:04:16 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 10:04:04 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 10:04:04 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:04:04 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:04:04 682496 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 10:03:24 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [24/07/2007 06:02 PM]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [07/09/2007 10:23 AM]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [10/05/2007 01:01 AM]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [16/04/2007 10:50 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 12:59 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [04/10/2007 09:24 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [04/10/2007 09:24 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [04/10/2007 09:24 PM]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [04/10/2007 09:24 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 05:38 PM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 05:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [10/03/2008 12:20 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 AM]
"Steam"="c:\program files\steam\steam.exe" [28/03/2008 09:14 AM]
"cmds"="C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 08:36 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [7/9/2007 4:27:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableCAD"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 16/04/2007 11:04 PM 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2aa276e5]
rundll32.exe "C:\Users\KEVINV~1\AppData\Local\Temp\hyueuwss.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\ljJYQHby.dll,#1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cmds"=rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47aa591a-ee5c-11dc-be9e-001d09397728}]
AutoRun\command- F:\autorun.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-05-10 01:10:34 ------------
Attached Files
File Type: txt main.txt (22.8 KB, 0 views)
joolies is offline