Thread: mvnaaaaa.exe and assorted trojans
View Single Post
Old 02-19-2007, 03:58 PM   #1 (permalink)
kraakus
Registered User
 
Join Date: Feb 2007
Posts: 5
OS: XP Pro


mvnaaaaa.exe and assorted trojans
My son recently went to some skanky porn site (found out by looking at IE History) and AVG started detecting trojans.

xpladv499(1).wmf
slide499(1).wmf
loaderadv499_5(1).exe

Went through the 5 step prior to posting.
AVG does detect anything anymore, but Panda ActiveScan does detect Spyware Cookies.

Appreciate any help.


ComboScan v20070212.14 run by Default on 2007-02-19 at 17:15:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as Default.com) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:16:43 PM, on 2/19/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SiteAdvisor\6009\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1151985757\ee\AOLSoftware.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\SiteAdvisor\6009\SiteAdv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Documents and Settings\Default\Desktop\comboscan.exe
C:\DOCUME~1\Default\LOCALS~1\Temp\~zjpqpmy.tmp\Default.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.netcenter.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.f840.mail.yahoo.com/ym/Sho...ad=b&box=Inbox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINDOWS\SYSTEM32\TwcToolbarBho.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SYSTEM32\TwcToolbarIe7.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1151985757\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mvnaaaaa] C:\WINDOWS\System32\mvnaaaaa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [mvnaaaaa] C:\WINDOWS\System32\mvnaaaaa.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6009\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 ati2mpaa - System32\DRIVERS\ati2mpaa.sys
1 Avg7Core (AVG7 Kernel) - \SystemRoot\System32\Drivers\avg7core.sys
1 Avg7RsW (AVG7 Wrap Driver) - \SystemRoot\System32\Drivers\avg7rsw.sys
1 Avg7RsXP (AVG7 Resident Driver XP) - \SystemRoot\System32\Drivers\avg7rsxp.sys
1 AvgClean (AVG7 Clean Driver) - \SystemRoot\System32\Drivers\avgclean.sys
2 AvgTdi (AVG Network Redirector) - \SystemRoot\System32\Drivers\avgtdi.sys
2 BrPar - \SystemRoot\System32\drivers\BrPar.sys
3 CO_Mon - \??\C:\WINDOWS\System32\Drivers\CO_Mon.sys
3 cwcspud (Crystal SoundFusion(tm) Driver) - system32\drivers\cwcspud.sys
3 cwcwdm (Crystal SoundFusion(tm) WDM Driver) - system32\drivers\cwcwdm.sys
3 GEARAspiWDM - System32\Drivers\GEARAspiWDM.sys
3 ltmodem5 (LT Modem Driver) - System32\DRIVERS\ltmdmnt.sys
3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
3 NtApm (NT Apm/Legacy Interface Driver) - System32\DRIVERS\NtApm.sys
0 PxHelp20 - System32\Drivers\PxHelp20.sys
3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - System32\DRIVERS\RTL8139.SYS
0 srescan - System32\ZoneLabs\srescan.sys
3 usbscan - System32\DRIVERS\usbscan.sys
3 USBSTOR (USB Mass Storage Driver) - System32\DRIVERS\USBSTOR.SYS
1 vsdatant - System32\vsdatant.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
2 Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
2 AVGEMS (AVG E-mail Scanner) - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
3 IDriverT (InstallDriver Table Manager) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
3 iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3 SCardDrv (Smart Card Helper) - %SystemRoot%\System32\SCardSvr.exe
2 SiteAdvisor Service - C:\Program Files\SiteAdvisor\6009\SAService.exe
2 UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\System32\wdfmgr.exe
2 uploadmgr (Upload Manager) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 vsmon (TrueVector Internet Monitor) - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe -service


-- Scheduled Tasks --------------------------------------------------------------

2007-02-16 11:00:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2007-02-07 23:00:02 502 -----n--- C:\WINDOWS\Tasks\Tune-up Application Start.job<TUNE-U~1.JOB>


-- Files created between 2007-01-19 and 2007-02-19 ------------------------------

2007-02-19 17:16:14 0 d-------- C:\Program Files\HijackThis<HIJACK~1>
2007-02-19 16:47:10 0 dr------- C:\Documents and Settings\Default\Application Data\Brother
2007-02-19 16:37:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-19 16:35:27 0 d-------- C:\WINDOWS\LastGood
2007-02-19 16:22:56 0 d-------- C:\Program Files\SpywareGuard<SPYWAR~2>
2007-02-19 16:11:38 118784 --a------ C:\WINDOWS\System32\MSSTDFMT.DLL<Unsigned: Microsoft Corporation>
2007-02-19 16:11:36 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-18 20:47:58 28672 --a------ C:\WINDOWS\System32\drivers\CO_Mon.sys<Unsigned: n/a>
2007-02-18 19:51:40 0 d-------- C:\WINDOWS\McAfee.com
2007-02-18 12:37:46 0 d-------- C:\Documents and Settings\Default\.housecall6.6<HOUSEC~1.6>
2007-02-18 10:58:09 0 d-------- C:\WINDOWS\System32\ActiveScan<ACTIVE~1>
2007-02-14 12:23:56 0 --a------ C:\ylxewb.exe<Unsigned: n/a>
2007-02-14 12:23:39 0 --a------ C:\vrnx.exe<Unsigned: n/a>
2007-02-14 12:23:22 0 --a------ C:\shciiuml.exe<Unsigned: n/a>
2007-02-14 12:23:04 0 --a------ C:\gufk.exe<Unsigned: n/a>
2007-02-14 12:22:46 0 --a------ C:\psodgona.exe<Unsigned: n/a>
2007-02-14 12:22:29 0 --a------ C:\mxxv.exe<Unsigned: n/a>
2007-02-14 12:22:11 0 --a------ C:\wmopnqy.exe<Unsigned: n/a>
2007-02-14 12:21:54 0 --a------ C:\rrcxhj.exe<Unsigned: n/a>
2007-02-08 16:27:30 36864 --a------ C:\WINDOWS\System32\BRVPDNTA.DLL<Unsigned: brother Industries Ltd>
2007-02-08 16:27:30 40960 --a------ C:\WINDOWS\System32\BRVPD95A.DLL<Unsigned: brother industries, ltd >
2007-02-08 16:27:30 196608 --a------ C:\WINDOWS\System32\Brdiag2.exe<Unsigned: brother Industries, Ltd>
2007-02-08 16:27:29 26624 --a------ C:\WINDOWS\System32\BRGSRC32.DLL<Unsigned: n/a>
2007-02-08 16:27:29 4608 --a------ C:\WINDOWS\System32\BRGSRC16.DLL<Unsigned: n/a>
2007-02-08 16:27:28 73728 --a------ C:\WINDOWS\System32\BRRBTOOL.EXE<Unsigned: Brother Industries Ltd>
2007-02-08 16:27:28 77824 --a------ C:\WINDOWS\System32\BROSNMP.DLL<Unsigned: n/a>
2007-02-08 16:27:28 24223 --a------ C:\WINDOWS\System32\brlm03a.dll<Unsigned: brother Industries Ltd>
2007-02-08 16:27:26 19537 -----n--- C:\WINDOWS\System32\drivers\BRPAR.SYS<Unsigned: Brother Industries Ltd.>
2007-02-08 16:27:23 0 d-------- C:\Program Files\Brownie
2007-02-08 16:26:59 34 --a------ C:\WINDOWS\System32\BD2040.DAT
2007-02-08 16:26:28 0 d-------- C:\Program Files\Brother
2007-02-08 16:26:27 188416 --a------ C:\WINDOWS\System32\Pdrvinst.dll<Unsigned: brother>
2007-02-08 16:26:27 81920 --a------ C:\WINDOWS\System32\BrWebIns.dll<Unsigned: brother>
2007-02-08 16:26:26 65536 --a------ C:\WINDOWS\System32\BRWEBUP.EXE<Unsigned: brother>
2007-02-07 11:40:15 0 d-------- C:\WINDOWS\.jagex_cache_32<JAGEX_~1>
2007-02-01 18:04:54 0 d-------- C:\Program Files\Microsoft Works<MICROS~3>
2007-02-01 0013 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-01-31 16:39:48 0 d--hs---- C:\FOUND.000
2007-01-25 15:01:28 0 d-------- C:\WINDOWS\.file_store_32<FILE_S~1>
2007-01-21 15:08:49 46352 --a------ C:\WINDOWS\setdebug.exe<Unsigned: Microsoft Corporation>
2007-01-21 15:08:46 171280 --a------ C:\WINDOWS\System32\jit.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:08:42 139536 --a------ C:\WINDOWS\System32\javaee.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:08:38 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-01-21 15:08:32 313856 --a------ C:\WINDOWS\System32\dx3j.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:38 113 --a------ C:\WINDOWS\System32\zonedon.reg
2007-01-21 15:07:38 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2007-01-21 15:07:37 171792 --a------ C:\WINDOWS\System32\wjview.exe<Unsigned: Microsoft Corporation>
2007-01-21 15:07:37 286992 --a------ C:\WINDOWS\System32\vmhelper.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:36 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:34 947472 --a------ C:\WINDOWS\System32\msjava.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:33 154384 --a------ C:\WINDOWS\System32\msawt.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:33 172304 --a------ C:\WINDOWS\System32\jview.exe<Unsigned: Microsoft Corporation>
2007-01-21 15:07:32 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe<Unsigned: Microsoft Corporation>
2007-01-21 15:07:31 404752 --a------ C:\WINDOWS\System32\javart.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:30 63248 --a------ C:\WINDOWS\System32\javaprxy.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:30 187152 --a------ C:\WINDOWS\System32\javacypt.dll<Unsigned: Microsoft Corporation>
2007-01-21 15:07:26 49424 --a------ C:\WINDOWS\System32\clspack.exe<Unsigned: Microsoft Corporation>
2007-01-21 15:02:32 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-01-21 14:55:05 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-01-21 14:54:10 26112 --a------ C:\WINDOWS\System32\xpsp1hfm.exe<Unsigned: Microsoft Corporation>
2007-01-21 14:54:10 0 d--h----- C:\WINDOWS\$xpsp1hfm$<$XPSP1~1>
2007-01-19 10:55:02 188960 --a------ C:\WINDOWS\system\WINGDE.DLL<Unsigned: Microsoft Corporation>
2007-01-19 10:55:02 92208 --a------ C:\WINDOWS\system\WING.DLL<Unsigned: Microsoft Corporation>
2007-01-19 10:55:02 0 d-------- C:\LBTMATH
2007-01-19 08:24:22 0 d-------- C:\WINDOWS\System32\bits


-- Find3M Report ----------------------------------------------------------------

2007-02-19 08:50:22 0 --a------ C:\Documents and Settings\Default\Application Data\sversion.ini
2007-02-09 02:19:18 27776 --a------ C:\WINDOWS\System32\drivers\avg7rsxp.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-09 02:19:16 18432 --a------ C:\WINDOWS\System32\drivers\avgmfx86.sys<Unsigned: GRISOFT, s.r.o.>
2007-02-09 02:19:16 839936 --a------ C:\WINDOWS\System32\drivers\avg7core.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-15 17:49:36 0 d-------- C:\Documents and Settings\Default\Application Data\Viewpoint<VIEWPO~1>
2006-12-24 01:34:34 0 d-------- C:\Documents and Settings\Default\Application Data\acccore
2006-12-24 01:32:50 0 d-------- C:\Program Files\Common Files\Nullsoft
2006-12-24 01:31:50 0 d-------- C:\Program Files\AIM6


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFREE.EXE\""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"mvnaaaaa"="C:\\WINDOWS\\System32\\mvnaaaaa.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="systray.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1151985757\\ee\\AOLSoftware.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"Motive SmartBridge"="C:\\PROGRA~1\\verizon\\SMARTB~1\\MotiveSB.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"mvnaaaaa"="C:\\WINDOWS\\System32\\mvnaaaaa.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"Easykey"="C:\\Program Files\\Easy Keyboard\\Easykey.exe"
"SoundFusion"="RunDll32 cwcprops.cpl,CrystalControlWnd"
"ATIGART"="c:\\ati\\gart\\atigart.exe"
"AtiPTA"="Atiptaaa.exe"
"AtiCwd32"="Aticwd32.exe"
"AtiQiPcl"="AtiQiPcl.exe"
"SO5 Integrator Pass Two"="C:\\OFFICE51\\SOINTGR.EXE"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-02-19 at 17:19:08 -------------------------
Attached Files
File Type: txt Supplementary.txt (7.6 KB, 3 views)
kraakus is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here