Thread: [SOLVED] VUNDO worm infection
View Single Post
Old 06-09-2008, 08:34 PM   #1 (permalink)
Disko_Stu
Registered User
 
Disko_Stu's Avatar
 
Join Date: May 2007
Location: Australia
Posts: 46
OS: Windows XP and Vista


[SOLVED] VUNDO worm infection
Hi All, In the last 2-3 days I've been getting pop-ups from AVG saying "Threat detected" and it mentions 'Trojan vundo'. I have received about a dozen of these notifications in this time, and although I am 'sending them to the vault' they still persist so I believe I may have an infection somewhere! My other problem is that when I booted my computer just this morning I was greeted with Spyware Guard telling me that I had a BHO trying to run. I clicked to remove the BHO and it said that it had been successfully done, but then straight away I would get another message from Spyware Guard telling me the same thing! I clicked to remove it about 20 times before finally giving in and saying to allow it as this was the only way to get rid of the window and I had exam stuff to do for University. Any help would be appreciated :)

I ran Panda's online scan and it came back with nothing at all and didn't even let me save a log, so here is the output i received:

Results: No viruses or spyware were detected.
Suspicious items: No suspicious files detected.
Vulnerabilities: No vulnerabilities detected.

I also ran Deckard System Scan and here are the results. Any help would be great, cheers guys

--------------------------------------------
Deckard's System Scanner v20071014.68
Run by Jeff on 2008-06-10 12:19:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
71: 2008-06-10 02:19:14 UTC - RP311 - Deckard's System Scanner Restore Point
70: 2008-06-09 13:42:43 UTC - RP310 - System Checkpoint
69: 2008-06-07 04:45:15 UTC - RP309 - System Checkpoint
68: 2008-06-05 01:04:54 UTC - RP308 - System Checkpoint
67: 2008-06-03 01:20:12 UTC - RP307 - System Checkpoint


-- First Restore Point --
1: 2008-03-10 00:08:04 UTC - RP241 - System Checkpoint


Performed disk cleanup.

System Drive C: has 6.66 GiB (less than 15%) free.


-- HijackThis (run as Jeff.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:19:51 PM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Jeff\Desktop\Fix\dss.exe
C:\PROGRA~1\HJT\Jeff.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {E25EE903-37EB-467B-B1F0-F71063F6B8C8} - C:\WINDOWS\system32\ljJYQJDv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: Startup.lnk = C:\Documents and Settings\Jeff\My Documents\Startup.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ljJYQJDv - C:\WINDOWS\SYSTEM32\ljJYQJDv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HJT\backups\) -------------------------

backup-20051226-182852-870 O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
backup-20051229-233237-102 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20051229-233237-134 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20051229-233237-203 O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wpkypa.exe reg_run
backup-20051229-233237-311 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20051229-233237-322 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20051229-233237-401 F3 - REG:win.ini: run=C:\WINDOWS\inet20009\winlogon.exe
backup-20051229-233237-405 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20051229-233237-464 O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
backup-20051229-233237-497 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20051229-233237-600 O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20009\3.00.13.dll
backup-20051229-233237-893 O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20009\winlogon.exe
backup-20051229-233237-918 O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20009\winlogon.exe
backup-20051229-233237-924 O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
backup-20051229-233237-940 O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
backup-20060103-150156-592 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20060103-150156-625 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20060103-150156-802 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20060103-150156-813 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20060103-150156-892 O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\wpkypa.exe reg_run
backup-20060103-150156-896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20060103-150156-988 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20060106-193529-958 O20 - Winlogon Notify: msctl32.dll - C:\WINDOWS\system32\msctl32.dll (file missing)
backup-20080610-115414-919 O2 - BHO: (no name) - {E25EE903-37EB-467B-B1F0-F71063F6B8C8} - C:\WINDOWS\system32\ljJYQJDv.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 d346bus - c:\windows\system32\drivers\d346bus.sys
R0 d346prt - c:\windows\system32\drivers\d346prt.sys
R0 SI3112r (Silicon Image SiI 3112 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; SATARaid>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Windows Accelerator>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S0 BTKRNL (Bluetooth Protocol Stack) - c:\windows\system32\drivers\btkrnl.sys (file missing)
S1 i386p - c:\windows\system32\drivers\i386p.sys (file missing)
S2 BTSERIAL (Bluetooth Serial Driver) - c:\windows\system32\drivers\btserial.sys (file missing)
S2 BTSLBCSP (Bluetooth Port Client Driver) - c:\windows\system32\drivers\btslbcsp.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 ewdmaudn - c:\docume~1\jeff\locals~1\temp\ewdmaudn.sys (file missing)
S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
S3 PentaxUsb (PENTAX Optio 60 on USB) - c:\windows\system32\drivers\coachusb.sys <Not Verified; FotoNation Ltd.; USB Driver for Digital Camera>
S3 PentaxVc (PENTAX Optio 60 Video Capture) - c:\windows\system32\drivers\coachvc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 VHidMinidrv (Bluetooth HID Device Service) - c:\windows\system32\drivers\vhidmini.sys <Not Verified; IVT Corporation; IVT BlueSoleil>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor5.0 (Adobe Active File Monitor V5) - c:\program files\adobe\photoshop elements 5.0\photoshopelementsfileagent.exe
R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe

S0 Messenger - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
S2 btwdins (Bluetooth Service) - c:\program files\widcomm\bluetooth software\bin\btwdins.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Scheduled Tasks -------------------------------------------------------------

2005-12-25 14:27:38 298 --a------ C:\WINDOWS\Tasks\XoftSpy.job


-- Files created between 2008-05-10 and 2008-06-10 -----------------------------

2008-06-10 1229 0 d-------- C:\WINDOWS\LastGood
2008-06-10 12:04:54 0 d-------- C:\Program Files\Panda Security
2008-06-10 11:55:01 0 d-------- C:\VundoFix Backups
2008-06-09 15:47:17 32256 --a------ C:\WINDOWS\system32\iifedbbx.dll
2008-06-09 15:46:12 32256 --a------ C:\WINDOWS\system32\rqRLcDvV.dll
2008-06-09 15:44:34 32256 --a------ C:\WINDOWS\system32\ljJYQJDv.dll
2008-06-02 22:31:51 0 d-------- C:\Documents and Settings\Jeff\dwhelper
2008-06-01 20:11:38 0 dr-h----- C:\Documents and Settings\Jeff\Application Data\SecuROM


-- Find3M Report ---------------------------------------------------------------

2008-06-10 12:19:50 0 d-------- C:\Program Files\HJT
2008-06-10 12:17:34 0 d-------- C:\Documents and Settings\Jeff\Application Data\SiteAdvisor
2008-06-10 10:51:10 0 d-------- C:\Program Files\Lx_cats
2008-06-09 15:51:13 0 d-------- C:\Documents and Settings\Jeff\Application Data\AVG7
2008-06-05 18:25:47 0 d-------- C:\Documents and Settings\Jeff\Application Data\Adobe
2008-05-27 23:25:43 0 d-------- C:\Documents and Settings\Jeff\Application Data\OpenOffice.org2
2008-05-09 12:57:47 0 d-------- C:\Documents and Settings\Jeff\Application Data\MozillaControl
2008-04-10 20:49:55 0 d-------- C:\Program Files\NetBeans 6.0.1
2008-04-10 20:47:57 0 d-------- C:\Program Files\Java
2008-03-18 13:22:21 6051 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E25EE903-37EB-467B-B1F0-F71063F6B8C8}]
06/09/2008 03:44 PM 32256 --a------ C:\WINDOWS\system32\ljJYQJDv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [03/29/2005 11:41 AM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [12/16/2004 05:49 PM]
"SoundMan"="SOUNDMAN.EXE" [10/08/2003 07:41 PM C:\WINDOWS\SOUNDMAN.EXE]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [08/06/2003 04:08 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 02:56 PM C:\WINDOWS\system32\bthprops.cpl]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [10/06/2005 12:31 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/18/2005 10:58 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/07/2005 04:45 PM]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [07/21/2005 04:07 PM]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [08/01/2005 10:05 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [07/12/2005 11:36 PM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [05/10/2006 09:12 AM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [09/14/2006 07:55 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [04/16/2008 10:54 AM]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [07/21/2005 03:48 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 09:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 PM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [10/09/2006 01:25 AM]

C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/7/2006 12:36:15 AM]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [3/15/2006 7:44:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
SATARaid.lnk - C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe [8/16/2005 8:08:19 PM]
Startup.lnk - C:\Documents and Settings\Jeff\My Documents\Startup.bat [4/14/2008 8:24:18 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E25EE903-37EB-467B-B1F0-F71063F6B8C8}"= C:\WINDOWS\system32\ljJYQJDv.dll [06/09/2008 03:44 PM 32256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJYQJDv]
ljJYQJDv.dll 06/09/2008 03:44 PM 32256 C:\WINDOWS\system32\ljJYQJDv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ




-- End of Deckard's System Scanner: finished at 2008-06-10 12:20:41 ------------

Also, my system is running unusually slow today too, usually windows pop up straight away and programs like MSN and MS Word open straight away but they're taking added time to open.

I couldn't find an 'edit' button to add this into my initial post
Attached Files
File Type: txt extra.txt (20.2 KB, 0 views)
Last edited by amateur; 06-10-2008 at 05:37 AM. Reason: posts merged to retain 0-reply status
Disko_Stu is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here