Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Popups and Trojan.Virtumonde Popups and Trojan.Virtumonde
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 12-26-2007, 09:39 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: XPsp2 MCE


Popups and Trojan.Virtumonde
I recently started getting popups in IE7 and Firefox on my WinXpSP2 MCE PC, in addition to some other odd behaviour (Firewire camcorder not recognized by system). BTW, my AV is Avast and I'm running MS Windows Defender. Avast reported """Sign of "Win32:Small-IKZ [Trj]" has been found in "C:\a.exe\[UPX]" file."" I believe I instructed to Avast to repair this, but can't remember exactly.

I downloaded and installed PC Tools Spyware Doctor to try to remedy the situation. Although scans detected and supposedly cleaned Trojan.Virtumonde, after subsequent reboots Spyware Doctor's active scan continues to detect malware trying to access c:\windows\system32\mllmm.dll and c:\windows\system32\vtuts.dll.

I then downloaded, installed and ran SpyBot S&D and AdAware to help the situation. Although both apps found various ad/spy/malware, my problems persist.

I continued to research the problem and came across this site. I followed the 5 steps as outlined, and am including DSS's main.txt below and its extra.txt attached. I am also attaching Panda's ActionScan results attached.

Deckard's System Scanner v20071014.68
Run by john on 2007-12-26 10:53:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2007-12-26 15:53:33 UTC - RP731 - Deckard's System Scanner Restore Point
12: 2007-12-26 05:50:51 UTC - RP730 - Ad-Aware Restore Point 2007-12-26 00:50:36
11: 2007-12-26 05:23:48 UTC - RP729 - Installed Ad-Aware 2007
10: 2007-12-26 04:10:09 UTC - RP728 - Configured Proshots Studio Software v6
9: 2007-12-26 0416 UTC - RP727 - Removed Java(TM) 6 Update 2


-- First Restore Point --
1: 2007-12-23 05:50:41 UTC - RP719 - Made by Registry Mechanic O


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as john.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:30 AM, on 12/26/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\ehome\ehtray .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui .exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Zinio\ZinioDeliveryManager .exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon .exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\Downloads\anit Spyware tools\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\john.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AA75F03-498B-4E97-9E3B-AE0354CDD384} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [MaxBackSchedule] C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://costco.pnimedia.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158373244343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...v2.0.0.10.cab?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rumball.home
O17 - HKLM\Software\..\Telephony: DomainName = rumball.home
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C924F3-0DB3-4872-84C1-405FA1730952}: Domain = rumball.home
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C924F3-0DB3-4872-84C1-405FA1730952}: NameServer = 192.168.1.1,209.91.128.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rumball.home
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 16911 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys <Not Verified; NoteBurn Software; NoteBurn>
R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok(R)>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S0 ftsata2 - c:\windows\system32\drivers\ftsata2.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: WD External HDD Button & Lights
Device ID: 1394\WD&EXTERNAL_HDD_BUTTON_&_LIGHTS\583F85BE9EA99000
Manufacturer:
Name: WD External HDD Button & Lights
PNP Device ID: 1394\WD&EXTERNAL_HDD_BUTTON_&_LIGHTS\583F85BE9EA99000
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-12-26 09:16:19 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-17 16:12:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-26 and 2007-12-26 -----------------------------

2007-12-26 10:38:00 0 d-------- C:\Program Files\SpywareBlaster
2007-12-26 09:35:50 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2007-12-26 09:32:00 8576 --a------ C:\WINDOWS\system32\drivers\mnumukeunypf.sys <Not Verified; Panda Software International; RKPavProc Driver>
2007-12-26 00:23:51 0 d-------- C:\Program Files\Lavasoft
2007-12-26 00:23:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 00:22:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 23:57:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 23:21:52 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-25 12:24:27 0 d-------- C:\Program Files\Trend Micro
2007-12-24 08:02:23 326656 --a------ C:\WINDOWS\system32\mllmm.exe
2007-12-24 08:02:20 6971 --ahs---- C:\WINDOWS\system32\mmllm.ini2
2007-12-24 01:01:48 334336 --a------ C:\WINDOWS\system32\vtuts.dll
2007-12-23 08:15:11 323072 --a------ C:\WINDOWS\system32\mllmm.dll
2007-12-23 01:07:22 0 d-------- C:\VundoFix Backups
2007-12-23 00:18:03 364544 --a------ C:\WINDOWS\system32\WDBtnMgr .exe <Not Verified; Western Digital Technologies, Inc.; WD Button Manager>
2007-12-23 00:17:42 1622016 --a------ C:\WINDOWS\system32\nwiz .exe
2007-12-22 23:52:33 0 d-------- C:\Program Files\Spyware Doctor
2007-12-22 23:52:33 0 d-------- C:\Documents and Settings\john\Application Data\PC Tools
2007-12-22 23:34:45 116224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-12-22 23:34:43 23552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2007-12-22 23:34:43 0 d-------- C:\Program Files\PDFCreator
2007-12-22 14:32:09 0 d-------- C:\WINDOWS\pss
2007-12-21 19:20:48 6746 --ahs---- C:\WINDOWS\system32\stutv.ini2
2007-12-21 01:30:37 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-21 01:21:12 0 d-------- C:\WINDOWS\system32\daSgo05
2007-12-21 01:08:24 0 d-------- C:\2b0db1cb0fc7d5adcb9370e6
2007-12-19 21:57:18 386560 --a------ C:\WINDOWS\system32\ad2mpegin.dll <Not Verified; MainConcept AG; MainConcept (Adobe2)® MPEG File Decoder>
2007-12-19 21:55:41 640512 --a------ C:\WINDOWS\system32\ad2mcmpgdec.dll <Not Verified; MainConcept AG; MainConcept (Adobe2)® MPEG Stream Decoder>
2007-12-17 19:04:26 0 d-------- C:\Program Files\IrfanView
2007-12-09 19:45:40 110592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL <Not Verified; ENJsoft Corporation; SelfMusicVideo>
2007-12-09 19:43:26 299008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2007-12-09 19:43:25 0 d-------- C:\Program Files\Lame MP3 Codec
2007-12-09 19:43:15 65024 --a------ C:\WINDOWS\IFinst26.exe
2007-12-09 19:43:12 0 d-------- C:\Program Files\Xvid
2007-12-09 19:31:42 0 d-------- C:\Documents and Settings\john\Application Data\DataCast
2007-12-09 19:31:40 57344 --a------ C:\WINDOWS\system32\MTXSYNCICON.dll <Not Verified; Marktek Inc.; MTXSYNCICON Module>
2007-12-09 19:31:40 40960 --a------ C:\WINDOWS\system32\MTTELECHIP.dll <Not Verified; Telechips Inc.,; TCC730 USB>
2007-12-09 19:31:40 155648 --a------ C:\WINDOWS\system32\MSFLib.dll <Not Verified; Teruten Inc.; MSFLib>
2007-12-09 19:31:40 245760 --a------ C:\WINDOWS\system32\MSCLib.dll <Not Verified; Teruten Inc.; MSCLib>
2007-12-09 19:31:39 364544 --a------ C:\WINDOWS\system32\MASetupWizard.dll <Not Verified; (?)????; MASetupWizard Module>
2007-12-09 19:31:39 24576 --a------ C:\WINDOWS\system32\MASetupCleaner.exe <Not Verified; (?)????; MASetupCleaner ?? ????>
2007-12-09 19:31:38 57344 --a------ C:\WINDOWS\system32\MK_Lyric.dll <Not Verified; Marktek; Marktek MK_Lyric>
2007-12-09 19:31:38 45056 --a------ C:\WINDOWS\system32\MaXMLProto.dll <Not Verified; (?) ????; XML ?? ???? ?????>
2007-12-09 19:31:38 106609 --a------ C:\WINDOWS\system32\MaJUtilLib.dll <Not Verified; (?) ????, ??? ???; MaJUtilLib ?? ?? ?????>
2007-12-09 19:31:38 49152 --a------ C:\WINDOWS\system32\MaJGUILib.dll <Not Verified; (?) ????; MaJGUILib ?? ?? ?????>
2007-12-09 19:31:38 45056 --a------ C:\WINDOWS\system32\MACXMLProto.dll <Not Verified; (?) ????; ????? ???? ?????>
2007-12-09 19:31:34 40960 --a------ C:\WINDOWS\system32\MAMACExtract.dll <Not Verified; ???????; ??????? MAMACExtract>
2007-12-09 19:31:34 0 d-------- C:\Program Files\MarkAny
2007-12-09 19:31:28 118784 --a------ C:\WINDOWS\system32\MaDRM.dll <Not Verified; (?)????; MaDRM ?? ?? ????? with PKI>
2007-12-09 19:31:23 921600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2007-12-09 19:31:23 188416 --a------ C:\WINDOWS\system32\vorbis.dll
2007-12-09 19:31:23 110592 --a------ C:\WINDOWS\system32\tg_dump.dll <Not Verified; ENJsoft Corporation; SelfMusicVideo Filter>
2007-12-09 19:31:23 200704 --a------ C:\WINDOWS\system32\muzwmts.dll <Not Verified; (c) MusicCity; P3WMTSplitter Filter>
2007-12-09 19:31:23 167936 --a------ C:\WINDOWS\system32\muzapp.exe <Not Verified; Musiccity Co.Ltd.; MUZAoDApp Module>
2007-12-09 19:31:23 471040 --a------ C:\WINDOWS\system32\muzapp.dll <Not Verified; Musiccity Co.Ltd.; MUZAoDAppCtrl Module>
2007-12-09 19:31:23 135168 --a------ C:\WINDOWS\system32\muzaf1.dll <Not Verified; Musiccity Co.Ltd.; muzaf1>
2007-12-09 19:31:23 0 d-------- C:\Program Files\Samsung
2007-12-09 19:31:22 237568 --a------ C:\WINDOWS\system32\OggDS.dll <Not Verified; ; Ogg DirectShow(tm) Filter Collection>
2007-12-09 19:31:22 45056 --a------ C:\WINDOWS\system32\Ogg.dll
2007-12-07 08:11:01 0 d-------- C:\Program Files\PicturesPro
2007-11-30 00:32:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage


-- Find3M Report ---------------------------------------------------------------

2007-12-26 10:12:44 0 d-------- C:\Program Files\Zinio
2007-12-26 10:12:26 0 d-------- C:\Program Files\Windows Defender
2007-12-26 10:11:55 0 d-------- C:\Program Files\Sony Handheld
2007-12-26 10:11:11 0 d-------- C:\Program Files\QuickTime
2007-12-26 10:08:48 0 d-------- C:\Program Files\NoteBurner
2007-12-26 10:05:22 0 d-------- C:\Program Files\iTunes
2007-12-26 10:04:25 0 d-------- C:\Program Files\HP DigitalMedia Archive
2007-12-26 10:00:52 0 d-------- C:\Program Files\Google
2007-12-26 10:00:15 0 d-------- C:\Program Files\DISC
2007-12-26 09:59:37 0 d-------- C:\Program Files\Common Files\Zinio
2007-12-26 09:58:53 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-12-26 00:22:43 0 d-------- C:\Program Files\Common Files
2007-12-25 23:17:30 0 d-------- C:\Program Files\GemMaster
2007-12-25 23:15:07 0 d-------- C:\Program Files\WildTangent
2007-12-25 23:11:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 12:42:28 0 d-------- C:\Program Files\Java
2007-12-25 12:39:39 0 d-------- C:\Program Files\Dcads Advanced Toolbar
2007-12-25 12:39:17 0 d-------- C:\Program Files\Elaborate Bytes
2007-12-24 09:45:21 98464 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-12-23 16:29:53 0 d-------- C:\Program Files\MagicDVDCopier
2007-12-23 08:57:47 0 d-------- C:\Documents and Settings\john\Application Data\SiteAdvisor
2007-12-23 00:28:38 2086912 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-22 22:16:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-21 09:26:41 0 d-------- C:\Program Files\PC-Doctor 5 for Windows
2007-12-21 01:50:27 0 d-------- C:\Documents and Settings\john\Application Data\FrostWire
2007-12-19 21:17:05 0 d-------- C:\Documents and Settings\john\Application Data\ContentGuard
2007-12-18 06:03:44 0 d-------- C:\Program Files\HP
2007-12-12 20:33:24 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-12 06:36:26 0 d-------- C:\Documents and Settings\john\Application Data\Skype
2007-12-12 06:32:45 0 d-------- C:\Documents and Settings\john\Application Data\VMware
2007-11-30 00:37:36 0 d-------- C:\Documents and Settings\john\Application Data\OfficeUpdate12
2007-11-28 18:49:57 38447 --a------ C:\Documents and Settings\john\Application Data\Comma Separated Values (Windows).ADR
2007-11-28 06:29:24 0 d-------- C:\Documents and Settings\john\Application Data\Azureus
2007-11-21 22:20:31 0 d-------- C:\Documents and Settings\john\Application Data\Dcads Advanced Toolbar
2007-11-21 20:21:42 0 d-------- C:\Program Files\PayPal
2007-11-21 15:04:20 0 d-------- C:\Documents and Settings\john\Application Data\Photodex
2007-11-19 11:43:27 0 d-------- C:\Program Files\Motorola Phone Tools
2007-11-19 11:32:33 0 d-------- C:\Program Files\Avanquest update
2007-11-16 17:08:32 0 d-------- C:\Documents and Settings\john\Application Data\Corel
2007-11-16 1707 0 d-------- C:\Program Files\Corel
2007-11-15 14:51:51 0 d-------- C:\Documents and Settings\john\Application Data\Wireshark
2007-11-15 12:58:02 0 d-------- C:\Program Files\Wireshark
2007-11-15 12:57:55 0 d-------- C:\Program Files\WinPcap
2007-11-07 22:05:01 0 d-------- C:\Program Files\Hewlett-Packard
2007-11-07 10:58:33 0 d-------- C:\Documents and Settings\john\Application Data\WinRAR
2007-11-07 10:37:21 0 d-------- C:\Program Files\Azureus
2007-11-05 17:53:36 0 d-------- C:\Program Files\iPod
2007-11-05 12:33:47 1324 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-11-05 12:30:17 0 d-------- C:\Program Files\Picasa2
2007-10-29 19:20:53 0 d-------- C:\Program Files\Gallery Remote
2007-10-27 09:40:35 0 d-------- C:\Documents and Settings\john\Application Data\GoodSync
2007-10-18 05:20:41 20 --ahs---- C:\ArcDeviceInfo
2007-10-17 12:23:24 10752 --a------ C:\WINDOWS\system32\WhoisCL.exe <Not Verified; NirSoft; WhoisCL>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6AA75F03-498B-4E97-9E3B-AE0354CDD384}]
12/23/07 08:15 AM 323072 --a------ C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/05 10:56 PM]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [08/03/05 01:19 AM C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/31/06 01:35 PM]
"nwiz"="nwiz.exe" [12/23/07 12:28 AM C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [12/21/07 07:20 PM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [12/21/07 07:20 PM]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [12/21/07 07:20 PM]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [12/21/07 07:20 PM]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [12/21/07 07:20 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/21/07 07:20 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/26/07 09:13 AM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [12/21/07 07:20 PM]
"KBD"="C:\HP\KBD\KBD.EXE" [12/21/07 07:20 PM]
"MaxBackSchedule"="C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe" [12/21/07 07:20 PM]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [12/21/07 07:20 PM]
"mssSort"="C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe" [12/21/07 07:20 PM]
"zzzHPSETUP"="E:\Setup.exe" []
"Share-to-Web Namespace Daemon"="c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [12/21/07 07:20 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/26/07 09:13 AM]
"RTHDCPL"="RTHDCPL.EXE" [12/19/06 11:12 AM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/05 06:43 PM C:\WINDOWS\Alcmtr.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/21/07 07:20 PM]
"WD Button Manager"="WDBtnMgr.exe" []
"DISCover"="C:\Program Files\DISC\DISCover.exe" [12/21/07 07:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/21/07 07:21 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/21/07 07:21 PM]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [12/21/07 07:21 PM]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [12/21/07 07:21 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [12/21/07 07:21 PM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [12/26/07 09:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/04 11:00 PM]
"Zinio DLM"="C:\Program Files\Zinio\ZinioDeliveryManager.exe" [12/26/07 09:13 AM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [12/26/07 09:13 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [12/26/07 09:13 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\john\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/05 8:16:50 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/23/05 10:05:26 PM]
ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [01/31/06 4:48:52 PM]
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [12/02/06 2:15:33 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/05 8:40:44 PM]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [10/19/06 10:25:15 PM]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [05/31/06 9:51:07 AM]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [10/18/07 5:20:01 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [11/23/04 04:51 PM 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01bc8dd6-7858-11dc-b801-001731c5d190}]
AutoRun\command- P:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d9abc0a-aa3a-11db-b7da-001731c5d190}]
1\Command- L:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- L:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d9abc10-aa3a-11db-b7da-001731c5d190}]
1\Command- P:\.\RECYCLER\RECYCLER\autorun.exe
2\Command- P:\.\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

*Newly Created Service* - MNUMUKEUNYPF
*Newly Created Service* - SDTHOOK



-- End of Deckard's System Scanner: finished at 2007-12-26 10:56:19 ------------


Thank you.

John
Attached Files
File Type: txt extra.txt (31.3 KB, 0 views)
File Type: txt Activescan2007-12-26.txt (5.0 KB, 1 views)
Last edited by SportSter : 12-26-2007 at 09:41 AM.
SportSter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-26-2007, 10:22 AM   #2 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: XPsp2 MCE


Re: Popups and Trojan.Virtumonde
I forgot to add that before coming across this site and going through the 5 steps, I found instructions for using vundofix.exe to clean this trojan. It detected and cleaned, had me reboot and cleaned some more. I have attached the vundofix.txt here also.

John


VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 1:07:22 AM 12/23/07

Listing files found while scanning....

C:\windows\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.exe
C:\windows\system32\mmllm.ini
C:\windows\system32\mmllm.ini2
C:\WINDOWS\system32\pmnopop.dll
C:\WINDOWS\system32\ssttq.exe
C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.exe
C:\WINDOWS\system32\WDBtnMgr.exe

Beginning removal...

Attempting to delete C:\windows\system32\mllmm.dll
C:\windows\system32\mllmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllmm.exe
C:\WINDOWS\system32\mllmm.exe Has been deleted!

Attempting to delete C:\windows\system32\mmllm.ini
C:\windows\system32\mmllm.ini Has been deleted!

Attempting to delete C:\windows\system32\mmllm.ini2
C:\windows\system32\mmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnopop.dll
C:\WINDOWS\system32\pmnopop.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ssttq.exe
C:\WINDOWS\system32\ssttq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.dll
C:\WINDOWS\system32\vtuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuts.exe
C:\WINDOWS\system32\vtuts.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\WDBtnMgr.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnopop.dll
C:\WINDOWS\system32\pmnopop.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 1:55:35 AM 12/23/07

Listing files found while scanning....

No infected files were found.
Attached Files
File Type: txt VundoFix.txt (2.0 KB, 4 views)
Last edited by Ried : 12-26-2007 at 09:54 PM.
SportSter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-26-2007, 09:56 PM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista


Re: Popups and Trojan.Virtumonde
Hello John and welcome to TSF,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-27-2007, 05:21 AM   #4 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: XPsp2 MCE


Re: Popups and Trojan.Virtumonde
Hi Ried,

Thanks so much for taking on my case! I really appreciate your help. I work in IT full-time as a Network Analyst but this malware stuff has me beat!

Below is the contents of my Combofix.txt followed by my hijackthis.log for your review.

ComboFix 07-12-27.1 - john 2007-12-27 6:36:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1320 [GMT -5:00]
Running from: C:\Downloads\anit Spyware tools\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zinio\ZinioDeliveryManager.exe
C:\Temp\bkR11
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.exe
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\vtuts.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-27 06:42 . 2007-12-27 06:42 323,072 --------- C:\WINDOWS\system32\mllmm.dll
2007-12-27 06:42 . 2007-12-27 06:43 319 --ahs---- C:\WINDOWS\system32\mmllm.ini
2007-12-26 10:53 . 2007-12-26 10:53 <DIR> d-------- C:\Deckard
2007-12-26 10:38 . 2007-12-26 10:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-26 10:38 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-12-26 09:35 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2007-12-26 09:32 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\mnumukeunypf.sys
2007-12-26 00:23 . 2007-12-26 00:23 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-26 00:23 . 2007-12-26 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 00:22 . 2007-12-26 00:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 23:57 . 2007-12-26 00:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 23:21 . 2007-12-26 10:26 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-25 23:21 . 2007-12-26 09:20 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-25 23:21 . 2007-12-26 09:20 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-25 23:21 . 2007-12-26 09:20 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-25 12:24 . 2007-12-25 12:24 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-23 01:07 . 2007-12-23 01:28 <DIR> d-------- C:\VundoFix Backups
2007-12-23 00:56 . 2007-12-23 00:56 326,656 --a------ C:\WINDOWS\system32\RCX42.tmp
2007-12-23 00:18 . 2007-12-23 00:56 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr .exe
2007-12-23 00:17 . 2007-12-27 06:42 1,622,016 --a------ C:\WINDOWS\system32\nwiz .exe
2007-12-22 23:52 . 2007-12-27 06:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-22 23:52 . 2007-12-22 23:52 <DIR> d-------- C:\Documents and Settings\john\Application Data\PC Tools
2007-12-22 23:52 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-22 23:52 . 2007-12-22 23:53 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-22 23:52 . 2007-12-22 23:53 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-22 23:52 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-22 23:52 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-22 23:34 . 2007-12-22 23:35 <DIR> d-------- C:\Program Files\PDFCreator
2007-12-22 23:34 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2007-12-22 23:34 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2007-12-22 22:20 . 2007-12-22 22:20 337,920 --a------ C:\WINDOWS\system32\RCX43.tmp
2007-12-22 16:20 . 2007-12-22 16:20 337,920 --a------ C:\WINDOWS\system32\RCX41.tmp
2007-12-22 15:50 . 2007-12-22 15:50 337,920 --a------ C:\WINDOWS\system32\RCXDC.tmp
2007-12-22 15:50 . 2007-12-27 06:42 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 14:21 . 2007-12-22 14:21 337,920 --a------ C:\WINDOWS\system32\RCX40.tmp
2007-12-21 01:30 . 2007-12-21 01:30 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-21 01:21 . 2007-12-21 01:21 <DIR> d-------- C:\WINDOWS\system32\daSgo05
2007-12-19 21:57 . 2005-09-21 01:54 386,560 --a------ C:\WINDOWS\system32\ad2mpegin.dll
2007-12-19 21:55 . 2005-09-21 01:54 640,512 --a------ C:\WINDOWS\system32\ad2mcmpgdec.dll
2007-12-17 19:04 . 2007-12-17 19:12 <DIR> d-------- C:\Program Files\IrfanView
2007-12-09 21:29 . 2007-12-09 21:29 65 --a------ C:\WINDOWS\FISHUI.INI
2007-12-09 19:45 . 2007-08-23 21:06 110,592 --a------ C:\WINDOWS\system32\TG_DUMP0708.DLL
2007-12-09 19:43 . 2007-12-09 19:43 <DIR> d-------- C:\Program Files\Xvid
2007-12-09 19:43 . 2007-12-09 19:43 <DIR> d-------- C:\Program Files\Lame MP3 Codec
2007-12-09 19:43 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
2007-12-09 19:43 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
2007-12-09 19:43 . 2007-12-09 19:43 65,024 --a------ C:\WINDOWS\IFinst26.exe
2007-12-09 19:43 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-12-09 19:43 . 2007-12-09 19:44 40 --a------ C:\SYSTEM.VER
2007-12-09 19:31 . 2007-12-09 19:31 <DIR> d-------- C:\Program Files\Samsung
2007-12-09 19:31 . 2007-12-09 19:31 <DIR> d-------- C:\Program Files\MarkAny
2007-12-09 19:31 . 2007-12-09 19:31 <DIR> d-------- C:\Documents and Settings\john\Application Data\DataCast
2007-12-07 08:11 . 2007-12-07 08:11 <DIR> d-------- C:\Program Files\PicturesPro
2007-12-01 12:09 . 2007-12-01 12:10 386 --a------ C:\WINDOWS\setup.iss
2007-11-30 00:32 . 2007-11-30 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 11:42 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-12-27 11:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2007-12-27 11:38 --------- d-----w C:\Program Files\Zinio
2007-12-27 11:38 --------- d-----w C:\Program Files\Windows Defender
2007-12-27 11:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-27 00:33 --------- d-----w C:\Documents and Settings\john\Application Data\SiteAdvisor
2007-12-26 15:11 --------- d-----w C:\Program Files\Sony Handheld
2007-12-26 15:11 --------- d-----w C:\Program Files\QuickTime
2007-12-26 15:08 --------- d-----w C:\Program Files\NoteBurner
2007-12-26 15:05 --------- d-----w C:\Program Files\iTunes
2007-12-26 15:04 --------- d-----w C:\Program Files\HP DigitalMedia Archive
2007-12-26 15:00 --------- d-----w C:\Program Files\Google
2007-12-26 15:00 --------- d-----w C:\Program Files\DISC
2007-12-26 14:59 --------- d-----w C:\Program Files\Common Files\Zinio
2007-12-26 14:58 --------- d---a-w C:\Program Files\Common Files\LightScribe
2007-12-26 04:17 --------- d-----w C:\Program Files\GemMaster
2007-12-26 04:15 --------- d-----w C:\Program Files\WildTangent
2007-12-26 04:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 17:42 --------- d-----w C:\Program Files\Java
2007-12-25 17:39 --------- d-----w C:\Program Files\Elaborate Bytes
2007-12-25 17:39 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
2007-12-23 21:29 --------- d-----w C:\Program Files\MagicDVDCopier
2007-12-23 05:28 2,086,912 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-23 03:16 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-21 14:26 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2007-12-21 06:50 --------- d-----w C:\Documents and Settings\john\Application Data\FrostWire
2007-12-20 02:17 --------- d-----w C:\Documents and Settings\john\Application Data\ContentGuard
2007-12-18 11:03 --------- d-----w C:\Program Files\HP
2007-12-13 01:33 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-12-12 11:36 --------- d-----w C:\Documents and Settings\john\Application Data\Skype
2007-12-12 11:32 --------- d-----w C:\Documents and Settings\john\Application Data\VMware
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-30 05:37 --------- d-----w C:\Documents and Settings\john\Application Data\OfficeUpdate12
2007-11-28 11:29 --------- d-----w C:\Documents and Settings\john\Application Data\Azureus
2007-11-22 03:20 --------- d-----w C:\Documents and Settings\john\Application Data\Dcads Advanced Toolbar
2007-11-22 01:21 --------- d-----w C:\Program Files\PayPal
2007-11-21 20:04 --------- d-----w C:\Documents and Settings\john\Application Data\Photodex
2007-11-20 20:36 118,784 ----a-w C:\WINDOWS\system32\MaDRM.dll
2007-11-20 20:35 40,960 ----a-w C:\WINDOWS\system32\MAMACExtract.dll
2007-11-19 16:43 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-11-19 16:32 --------- d-----w C:\Program Files\Avanquest update
2007-11-16 22:08 --------- d-----w C:\Documents and Settings\john\Application Data\Corel
2007-11-16 22:06 --------- d-----w C:\Program Files\Corel
2007-11-16 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2007-11-15 19:51 --------- d-----w C:\Documents and Settings\john\Application Data\Wireshark
2007-11-15 17:58 --------- d-----w C:\Program Files\Wireshark
2007-11-15 17:57 --------- d-----w C:\Program Files\WinPcap
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 03:05 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-08 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-07 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Azureus
2007-11-07 15:37 --------- d-----w C:\Program Files\Azureus
2007-11-05 22:53 --------- d-----w C:\Program Files\iPod
2007-11-05 17:30 --------- d-----w C:\Program Files\Picasa2
2007-11-04 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-31 19:09 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 00:20 --------- d-----w C:\Program Files\Gallery Remote
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 14:40 --------- d-----w C:\Documents and Settings\john\Application Data\GoodSync
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-22 12:58 92,064 ----a-w C:\Documents and Settings\john\mqdmmdm.sys
2007-07-22 12:58 9,232 ----a-w C:\Documents and Settings\john\mqdmmdfl.sys
2007-07-22 12:58 79,328 ----a-w C:\Documents and Settings\john\mqdmserd.sys
2006-09-15 18:42 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95D6068D-0AFE-4F53-AAD4-4AD935637EA6}]
2007-12-27 06:42 323072 --------- C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@={b75ab0c8-03d5-4592-9821-a48d54d66b14}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-09 23:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-12-23 00:28 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2007-12-21 19:20]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2007-12-21 19:20]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2007-12-21 19:20]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2007-12-21 19:20]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2007-12-21 19:20]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-21 19:20]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2007-12-21 19:20]
"KBD"="C:\HP\KBD\KBD.EXE" [2007-12-21 19:20]
"MaxBackSchedule"="C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe" [2007-12-21 19:20]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-12-21 19:20]
"mssSort"="C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe" [2007-12-21 19:20]
"zzzHPSETUP"="E:\Setup.exe" []
"Share-to-Web Namespace Daemon"="c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2007-12-21 19:20]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 11:12 C:\WINDOWS\RTHDCPL.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 19:20]
"WD Button Manager"="WDBtnMgr.exe" []
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2007-12-21 19:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-21 19:21]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-21 19:21]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2007-12-21 19:21]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-12-21 19:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-21 19:21]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 16:18]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-05-31 08:52:59]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
ColorVisionStartup.lnk - C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe [2006-01-31 16:48:52]
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [2006-12-02 14:15:33]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 20:40:44]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-10-19 22:25:15]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-31 09:51:07]
WD Backup Monitor.lnk - C:\Program Files\My Book\WD Backup\uBBMonitor.exe [2007-10-18 05:20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\mllmm.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\mllmm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys [2007-05-16 11:42]
S3 cvspydr2;ColorVision Spyder 2;C:\WINDOWS\system32\DRIVERS\cvspydr2.sys [2002-04-02 15:30]
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 13:31]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 19:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01bc8dd6-7858-11dc-b801-001731c5d190}]
\Shell\AutoRun\command - P:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 21:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-27 06:44:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 06:43:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\mllmm.dll
.
Completion time: 2007-12-27 6:44:07 - machine was rebooted
.
2007-12-20 21:31:27 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:17 AM, on 12/27/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:8080
F3 - REG:win.ini: load=C:\WINDOWS\system32\mllmm.exe
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [MaxBackSchedule] C:\Program Files\Maxtor\Maxtor Quick Start\maxbackservice.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [mssSort] C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://costco.pnimedia.com
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158373244343
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...pv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/ac...v2.0.0.10.cab?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rumball.home
O17 - HKLM\Software\..\Telephony: DomainName = rumball.home
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C924F3-0DB3-4872-84C1-405FA1730952}: Domain = rumball.home
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6C924F3-0DB3-4872-84C1-405FA1730952}: NameServer = 192.168.1.1,209.91.128.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rumball.home
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 14138 bytes


John
SportSter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!