Thread: trojan, vundo, pop-ups, no updates
View Single Post
Old 06-13-2008, 08:04 AM   #1 (permalink)
cerebrum
Registered User
 
Join Date: Jun 2008
Location: tx
Posts: 7
OS: XP


trojan, vundo, pop-ups, no updates
I have used Lavasoft ad-aware and Norton, both are showing Trojan.win32 and vundo. I get pop-ups when in active many from ip 88.88.88.88 and many from expired ebay auctions. pop-ups are only when I am inactive and browser is open. No pop-ups when browser is closed. I can't use windows update and apps that need internet connection can't access web.

Using Anti-spy Info I have 6 dll, 4 of which are browser extensions all rated at72 - 99 threat level and are recording key strokes.

I have exported txt files from panda and from norton if they will help.
Dss generated main.txt but not the extra.txt

Deckard's System Scanner v20071014.68
Run by RAC on 2008-06-12 20:00:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as RAC.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:58 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Documents and Settings\RAC\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RAC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...age/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\iifdDwtt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {f1e473b7-03bf-b49b-5834-ea600690cbcd} - {dcbc0960-06ae-4385-b94b-fb307b374e1f} - C:\WINDOWS\system32\evmryhhl.dll
O2 - BHO: (no name) - {DF0C7BE5-5A0C-4A66-94ED-C8E9CEC86E36} - C:\WINDOWS\system32\qoMGyYPF.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F607B6E2-4AFF-4B65-B3C7-C5D3FC96E7AD} - C:\WINDOWS\system32\hgGyaYQh.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [30816dda] rundll32.exe "C:\WINDOWS\system32\xunfynoa.dll",b
O4 - HKLM\..\Run: [BM33b25e46] Rundll32.exe "C:\WINDOWS\system32\vqbncibq.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\Justdo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {69518E7C-D986-4E77-A49C-49A204746D22} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {69518E7C-D986-4E77-A49C-49A204746D22} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AD2439F5-1E46-42CD-9CB7-CC5D74032497} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD2439F5-1E46-42CD-9CB7-CC5D74032497} - (no file) (HKCU)
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: NDWCab - http://www.neededware.com/NDWCab.CAB
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://195.95.218.82/users/zoom/web/...m::/update.exe
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0031.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/13c3dce5...p/RdxIE601.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130582841078
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://www.andersonfloors.com:8000/i...image40930.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yaho...opper1_6us.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.21.10/ttinst.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5D81DDE-E2A9-40AB-B7B9-FBA8A1FB4FCD}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{04476BFC-2143-428B-91EB-327F1F3C2404}: NameServer = 69.50.184.84,195.225.176.37
O20 - Winlogon Notify: iifdDwtt - C:\WINDOWS\SYSTEM32\iifdDwtt.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O22 - SharedTaskScheduler: Network Load Monitor - {CC3E6789-0120-1A20-04B0-087AFF6D2EA4} - blank (file missing)
O22 - SharedTaskScheduler: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\ColdFusionSearchService\k2\_nti40\bin\k2admin.exe (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 13865 bytes

-- Files created between 2008-05-12 and 2008-06-12 -----------------------------

2008-06-12 08:59:40 80896 --a------ C:\WINDOWS\system32\xunfynoa.dll
2008-06-12 08:57:01 98816 --a------ C:\WINDOWS\system32\evmryhhl.dll
2008-06-12 08:56:42 89600 --a------ C:\WINDOWS\system32\vqbncibq.dll
2008-06-11 23:30:31 0 d-------- C:\cabs
2008-06-11 08:54:42 95744 --a------ C:\WINDOWS\system32\wjjueatj.dll
2008-06-11 08:54:28 80896 --a------ C:\WINDOWS\system32\eorvoqwx.dll
2008-06-11 08:53:48 89600 --a------ C:\WINDOWS\system32\rsfhnhak.dll
2008-06-11 00:38:50 0 d-------- C:\ZonedOut
2008-06-10 0935 109056 --a------ C:\WINDOWS\system32\jnbgbgwq.dll
2008-06-10 09:04:33 100352 --a------ C:\WINDOWS\system32\ywrqqsoq.dll
2008-06-10 08:58:23 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 08:56:41 0 d-------- C:\Program Files\SpywareBlaster
2008-06-10 08:51:08 684887 --ahs---- C:\WINDOWS\system32\hQYayGgh.ini2
2008-06-10 08:50:56 347136 --a------ C:\WINDOWS\system32\hgGyaYQh.dll
2008-06-10 08:36:29 0 d-------- C:\ie-spyad_zo
2008-06-09 12:42:02 0 d-------- C:\Program Files\Panda Security
2008-06-08 23:45:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-08 20:58:44 92160 --a------ C:\WINDOWS\system32\orpyhlnr.dll
2008-06-08 20:56:54 108544 --a------ C:\WINDOWS\system32\kmlallfp.dll
2008-06-08 20:55:35 741551 --ahs---- C:\WINDOWS\system32\FPYyGMoq.ini2
2008-06-08 13:51:49 92160 --a------ C:\WINDOWS\system32\spjurjcn.dll
2008-06-08 13:49:42 752781 --ahs---- C:\WINDOWS\system32\xxbayccf.ini2
2008-06-07 1928 10 --a------ C:\WINDOWS\popcinfo.dat
2008-06-07 18:36:42 733176 --ahs---- C:\WINDOWS\system32\DNUCcMoq.ini2
2008-06-07 18:35:19 57344 --a------ C:\WINDOWS\system32\awtqrqnK.dll
2008-06-07 18:31:51 0 d-------- C:\Program Files\Justdo Software
2008-06-07 18:31:51 0 d-------- C:\Program Files\Common Files\Justdo
2008-06-07 18:31:20 57344 --a------ C:\WINDOWS\system32\iifdDwtt.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-12 19:57:30 0 d-------- C:\Documents and Settings\RAC\Application Data\uTorrent
2008-06-11 23:23:52 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-11 00:57:04 0 d-a------ C:\Documents and Settings\RAC\Application Data\yahoo!
2008-06-10 15:24:53 7471 --a----c- C:\WINDOWS\nrgev.dat
2008-06-10 12:09:27 0 d-------- C:\Program Files\XLink Kai Evolution VII
2008-06-10 11:34:03 0 d-------- C:\Program Files\Symantec
2008-06-10 10:23:39 0 d-a------ C:\Program Files\Common Files
2008-06-09 00:23:40 0 d--h----- C:\Program Files\Common Files\Uninstall Information
2008-06-08 23:45:47 0 d-------- C:\Program Files\Lavasoft
2008-06-08 23:45:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-07 18:31:49 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-06 14:13:05 0 d-------- C:\Program Files\FlashFXP
2008-06-01 13:59:54 0 d-------- C:\Documents and Settings\RAC\Application Data\Adobe
2008-06-01 13:47:24 0 d-------- C:\Program Files\Maxthon2
2008-05-19 18:10:04 598 --a------ C:\Documents and Settings\RAC\Application Data\AutoGK.ini
2008-05-13 14:21:01 0 d-------- C:\Program Files\DVDlabPro2
2008-04-17 23:39:16 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-04-17 2357 0 d-------- C:\Program Files\Maxthon
2008-04-15 21:36:05 0 d-------- C:\Documents and Settings\RAC\Application Data\Intuit
2008-04-15 21:22:29 0 d-------- C:\Program Files\Common Files\Intuit
2008-04-15 21:21:02 0 d-------- C:\Program Files\TurboTax


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487C9905-26A8-42C8-8033-C58AD3D2AEC3}]
06/07/2008 06:31 PM 57344 --a------ C:\WINDOWS\system32\iifdDwtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dcbc0960-06ae-4385-b94b-fb307b374e1f}]
06/12/2008 08:57 AM 98816 --a------ C:\WINDOWS\system32\evmryhhl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DF0C7BE5-5A0C-4A66-94ED-C8E9CEC86E36}]
C:\WINDOWS\system32\qoMGyYPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F607B6E2-4AFF-4B65-B3C7-C5D3FC96E7AD}]
06/10/2008 08:50 AM 347136 --a------ C:\WINDOWS\system32\hgGyaYQh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [04/07/2003 01:19 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/22/2006 06:34 PM]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [10/26/2007 03:42 PM]
"AGRSMMSG"="AGRSMMSG.exe" [04/13/2004 02:49 PM C:\WINDOWS\AGRSMMSG.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [04/07/2003 01:07 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [01/14/2007 02:11 AM]
"30816dda"="C:\WINDOWS\system32\xunfynoa.dll" [06/12/2008 08:59 AM]
"BM33b25e46"="C:\WINDOWS\system32\vqbncibq.dll" [06/12/2008 08:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [10/26/2006 10:21 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [02/05/2008 09:30 AM]
"Sonic RecordNow!"="" []

C:\Documents and Settings\RAC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/29/2005 4:48:51 PM]
DESKTOP.INI [9/3/2002 10:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 10:00:00 AM]
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE [8/10/2006 5:28:47 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CC3E6789-0120-1A20-04B0-087AFF6D2EA4}"= blank [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{487C9905-26A8-42C8-8033-C58AD3D2AEC3}"= C:\WINDOWS\system32\iifdDwtt.dll [06/07/2008 06:31 PM 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdDwtt]
iifdDwtt.dll 06/07/2008 06:31 PM 57344 C:\WINDOWS\SYSTEM32\iifdDwtt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGyaYQh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^RAC^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"E:\Program Files\D-Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysmonnt]
C:\WINDOWS\System32\sysmonnt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsFZ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"Themes"=2 (0x2)
"Spooler"=3 (0x3)

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-06-12 20:05:04 ------------
cerebrum is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here