« previous next »
Pages: [1]

Author Topic: zedo AGAIN????  (Read 490 times)

Offline Enid

  • Newbie
  • *
  • Posts: 39
  • Karma: +0/-0
    • View Profile
zedo AGAIN????
« on: January 12, 2009, 01:17:53 AM »
hey quest, im bacq again.
the most recent activity...
i downloaded through azureus... nothing happened
i went to cineplayer to watch dvd... windows intaller/ sonic updater came up. yada yada yada. then came the force of pop-ups.

where should i start again?

>>sigh<< was it the download or was it cineplayer???
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
zedo AGAIN????
« Reply #1 on: January 12, 2009, 01:21:06 AM »
Hi again Enid, can you start by posting a Hijackthis log please
Here's the instructions
http://www.thetechguide.com/forum/index.php?showtopic=22942

In addition, can you also post an Uninstall list from Hijackthis
After you post the Hijackthis log
Close Hijackthis then reopen it
Click on the "Misc tools Section"
Open "Uninstall Manager"
Click the "Save list' button
Save the list to your desktop, then copy/paste back here the contents please
« Last Edit: January 12, 2009, 01:21:27 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Enid

  • Newbie
  • *
  • Posts: 39
  • Karma: +0/-0
    • View Profile
zedo AGAIN????
« Reply #2 on: January 12, 2009, 01:50:30 AM »
[quote name=\'guestolo\' post=\'455825\' date=\'Jan 12 2009, 01:21 AM\']Hi again Enid, can you start by posting a Hijackthis log please
Here's the instructions
http://www.thetechguide.com/forum/index.php?showtopic=22942

In addition, can you also post an Uninstall list from Hijackthis
After you post the Hijackthis log
Close Hijackthis then reopen it
Click on the "Misc tools Section"
Open "Uninstall Manager"
Click the "Save list' button
Save the list to your desktop, then copy/paste back here the contents please[/quote]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:34:42 AM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\GetModule\GetModule33.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [c0882aba] rundll32.exe "C:\WINDOWS\system32\vflliyxu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GetModule33] C:\Program Files\GetModule\GetModule33.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/downloads/toolbar/webinstall.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148173090023
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/DinerDash.1.0.0.89.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.scn-chat.com/includes/MSNChat45.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab53083.cab
O20 - AppInit_DLLs: mrgxoc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9295 bytes

SAVE LIST WILL NOT WORQ. HIGHJACQ SEEMS TO CLOSE AS SOON AS I HIT SAVE.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
zedo AGAIN????
« Reply #3 on: January 12, 2009, 01:55:04 AM »
Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Enid

  • Newbie
  • *
  • Posts: 39
  • Karma: +0/-0
    • View Profile
zedo AGAIN????
« Reply #4 on: January 12, 2009, 02:04:46 AM »
[quote name=\'guestolo\' post=\'455828\' date=\'Jan 12 2009, 01:55 AM\']Download and unzip to your desktop InstalledPrograms.zip
Double click on InstalledPrograms.vbs

Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents[/quote]

INSTALLED SOFTWARE (202) - ENUNEZ4 - 1/12/2009 2:03:15 AM

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
A4 Tech USB2.0 PC Camera F Ver: 1.00.000
ABBYY FineReader 6.0 Sprint Ver: 6.00.1395.41612 Installed: 12/25/2006
Adobe Flash Player ActiveX Ver: 9.0.115.0
Adobe Illustrator 7.0
Adobe Photoshop 7.0 Ver: 7.0
Adobe Reader 7.0.9 Ver: 7.0.9 Installed: 3/12/2007
Adobe Shockwave Player 11 Ver: 11
AIM 6
AIMTunes
AOLIcon Ver: 1.00.0000 Installed: 5/10/2006
Audacity 1.2.6
AutoUpdate Ver: 1.1
AVG 7.5
Azureus Ver: 2.5.0.4
Broadcom Management Programs Ver: 8.65.05 Installed: 5/10/2006
capella-scan 6.1
CCleaner (remove only)
Conexant HDA D110 MDC V.92 Modem
CutePDF Writer 2.7
Dell CinePlayer Ver: 3.0 Installed: 5/10/2006
Dell Digital Jukebox Driver
Dell Driver Reset Tool Ver: 1.02.0000 Installed: 5/10/2006
Dell Game Console
Dell Support Center (Support Software) Ver: 2.2.08100 Installed: 10/1/2008
Dell System Restore Ver: 2.00.0000 Installed: 5/10/2006
Dell Wireless WLAN Card Ver: 4.10.47.3
DellSupport Ver: 6.0.3062 Installed: 4/8/2007
Digital Content Portal Ver: 1.00.0000 Installed: 5/10/2006
Digital Line Detect Ver: 1.15
DivX Codec Ver: 6.6.1
DivX Content Uploader Ver: 1.2.1
DivX Converter Ver: 6.2.1
DivX Player Ver: 6.4.3
DivX Web Player Ver: 1.3.1
Documentation & Support Launcher Ver: 1.00.0000 Installed: 5/10/2006
Documents To Go Ver: 7.006.940 Installed: 12/25/2007
Download Accelerator Plus (DAP) Ver: 8138 (Build 214)
DVD Solution
EducateU Ver: 1.00.0000 Installed: 5/10/2006
ELIcon Ver: 1.00.0000 Installed: 5/10/2006
EPSON TWAIN 5
ESPNMotion Ver: 2.1.6.0011
FLV Player 2.0 (build 25) Ver: 2.0 (build 25)
foobar2000 v0.9.4.3 Ver: 0.9.4.3
Games, Music, & Photos Launcher Ver: 1.00.0000 Installed: 5/10/2006
Get High Speed Internet! Ver: 1.00.0000 Installed: 5/10/2006
HijackThis 2.0.2 Ver: 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864) Ver: 1 Installed: 4/9/2008
Intel® Graphics Media Accelerator Driver
InterActual Player
Internal Network Card Power Management Ver: 1.7.2
Internet Service Offers Launcher Ver: 1.00.0000 Installed: 5/10/2006
Internet Speed Monitor
Java(tm) 6 Update 11 Ver: 6.0.110 Installed: 12/12/2008
K-Lite Codec Pack 4.1.6 (Full) Ver: 4.1.6 Installed: 12/5/2008
KWorld ATSC 310U BDA Drivers
Learn2 Player (Uninstall Only)
Lexmark 7300 Series
LG ODD Auto Firmware Update Ver: 1.01.0412.01
LightScribe  1.4.31.1 Ver: 1.4.31.1 Installed: 1/7/2007
LimeWire 4.10.9 Ver: 4.10.9
Macromedia Dreamweaver MX Ver: 6.0
Macromedia Extension Manager Ver: 1.5
Macromedia Fireworks MX Ver: 6
Macromedia Flash MX Ver: 6
Macromedia FreeHand 10 Ver: 10
Magic ISO Maker v5.4 (build 0251)
Malwarebytes' Anti-Malware  Installed: 12/11/2008
Malwarebytes' RogueRemover  Installed: 10/20/2008
Merriam-Webster Online Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Ver: 1.1.4322 Installed: 7/11/2007
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP Ver: 1 Installed: 1/30/2007
Microsoft Internationalized Domain Names Mitigation APIs  Installed: 1/17/2007
Microsoft National Language Support Downlevel APIs  Installed: 1/17/2007
Microsoft Office Excel MUI (English) 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Office Outlook MUI (English) 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Office PowerPoint MUI (English) 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Office Professional Edition 2003 Ver: 11.0.8173.0 Installed: 12/12/2008
Microsoft Office Proof (English) 2007 Ver: 12.0.6213.1000 Installed: 12/19/2008
Microsoft Office Proof (French) 2007 Ver: 12.0.6213.1000 Installed: 12/19/2008
Microsoft Office Proof (Spanish) 2007 Ver: 12.0.6213.1000 Installed: 12/19/2008
Microsoft Office Proofing (English) 2007 Ver: 12.0.4518.1014 Installed: 12/12/2008
Microsoft Office Shared MUI (English) 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Office Shared Setup Metadata MUI (English) 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Office Standard 2007 Ver: 12.0.6215.1000
Microsoft Office Standard 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Office Word MUI (English) 2007 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft Plus! Digital Media Edition Installer Ver: 1.1.0.3514 Installed: 5/10/2006
Microsoft Plus! Photo Story 2 LE Ver: 1.1.0.3463 Installed: 5/10/2006
Microsoft Reader
Microsoft Software Update for Web Folders  (English) 12 Ver: 12.0.6215.1000 Installed: 12/19/2008
Microsoft User-Mode Driver Framework Feature Pack 1.0  Installed: 1/30/2007
Microsoft Windows XP Video Decoder Checkup Utility
Mixer
Modem Helper Ver: 3.01
MSXML 4.0 SP2 (KB925672) Ver: 4.20.9839.0 Installed: 10/15/2006
MSXML 4.0 SP2 (KB927978) Ver: 4.20.9841.0 Installed: 11/19/2006
MSXML 4.0 SP2 (KB936181) Ver: 4.20.9848.0 Installed: 8/16/2007
MSXML 4.0 SP2 (KB954430) Ver: 4.20.9870.0 Installed: 11/30/2008
Multimedia Launcher
Musicmatch for Windows Media Player Ver: 0.00.000
MySpaceIM Ver: 1.0.0.0
Nero OEM
Netflix Movie Viewer Ver: 1.2.211 Installed: 7/16/2008
NetWaiting Ver: 2.5.23
NetZeroInstallers Ver: 1.0.0 Installed: 5/10/2006
Olympus Digital Wave Player
OMeR
Otto
Palm Ver: 4.1.0420 Installed: 12/25/2007
PCDJ Blue Ver: 5.1.0.1010
PDF reDirect (remove only) Ver: v2.2.5
Peachtree Complete Accounting Educational Version 2005 Ver: 12.00.00 Installed: 8/22/2006
Peachtree Complete Accounting Educational Version 2005  Ver: 12.00.00 Installed: 8/22/2006
PowerISO
Presto! Forms 3.50.01
Presto! PageManager 7.12.02
QuickSet Ver: 7.0.10
QuickTime Ver: 7.1 Installed: 11/4/2006
QuickTime Ver: 7.1 Installed: 11/4/2006
Roxio DLA Ver: 5.2.0 Installed: 5/10/2006
Roxio RecordNow Audio Ver: 2.0.4 Installed: 5/10/2006
Roxio RecordNow Copy Ver: 2.0.4 Installed: 5/10/2006
Roxio RecordNow Data Ver: 2.0.4 Installed: 5/10/2006
SAGE-Online Ver: 5.00.0000 Installed: 11/5/2008
Sandlot Games Client Services
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB928090) Ver: 20070117.120000 Installed: 2/15/2007
Security Update for Windows Internet Explorer 7 (KB929969) Ver: 20061222.120000 Installed: 1/18/2007
Security Update for Windows Internet Explorer 7 (KB931768) Ver: 1 Installed: 5/9/2007
Security Update for Windows Internet Explorer 7 (KB933566) Ver: 1 Installed: 6/13/2007
Security Update for Windows Internet Explorer 7 (KB937143) Ver: 1 Installed: 8/17/2007
Security Update for Windows Internet Explorer 7 (KB938127) Ver: 1 Installed: 8/17/2007
Security Update for Windows Internet Explorer 7 (KB939653) Ver: 1 Installed: 10/12/2007
Security Update for Windows Internet Explorer 7 (KB942615) Ver: 1 Installed: 12/14/2007
Security Update for Windows Internet Explorer 7 (KB944533) Ver: 1 Installed: 2/20/2008
Security Update for Windows Internet Explorer 7 (KB950759) Ver: 1 Installed: 6/12/2008
Security Update for Windows Internet Explorer 7 (KB953838) Ver: 1 Installed: 8/14/2008
Security Update for Windows Internet Explorer 7 (KB956390) Ver: 1 Installed: 10/19/2008
Security Update for Windows Internet Explorer 7 (KB958215) Ver: 1 Installed: 12/12/2008
Security Update for Windows Internet Explorer 7 (KB960714) Ver: 1 Installed: 12/19/2008
Security Update for Windows Media Player (KB952069)  Installed: 12/12/2008
Security Update for Windows XP (KB954600) Ver: 1 Installed: 12/12/2008
Security Update for Windows XP (KB956802) Ver: 1 Installed: 12/12/2008
Shockwave Director 11.0
Sonic Activation Module Ver: 1.0 Installed: 5/10/2006
Sonic Encoders Ver: 1.00 Installed: 8/16/2005
Sonic Update Manager Ver: 3.0.0 Installed: 5/10/2006
Sound Blaster Audigy ADVANCED MB Demo
Spybot - Search & Destroy Ver: 1.6.0 Installed: 10/11/2008
Synaptics Pointing Device Driver Ver: 8.2.4.6
System Requirements Lab
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb958619)
Update for Windows Media Player 10 (KB910393)  Installed: 5/10/2006
Update for Windows XP (KB955839) Ver: 1 Installed: 12/12/2008
Viewpoint Media Player
Vivaldi Plus Via Web (English Version) Ver: 2003 a
Vivaldi Scan Via Web (English Version) Ver: 2003 a
WebCyberCoach 3.2 Dell
WebFldrs XP Ver: 9.50.7523 Installed: 8/16/2005
Winamp Ver: 5.5
Windows Genuine Advantage Notifications (KB905474) Ver: 1.7.0018.5 Installed: 4/2/2007
Windows Genuine Advantage Validation Tool  Installed: 5/21/2006
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 Ver: 20061107.210142 Installed: 1/17/2007
Windows Live installer Ver: 12.0.1471.1025 Installed: 6/15/2008
Windows Live Messenger Ver: 8.5.1302.1018 Installed: 12/5/2008
Windows Live Sign-in Assistant Ver: 4.200.520.1 Installed: 6/15/2008
Windows Media Format 11 runtime
Windows Media Format 11 runtime  Installed: 1/30/2007
Windows Media Player 10 Ver: 9.00.3636 Installed: 5/10/2006
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11  Installed: 1/30/2007
Windows XP Service Pack 3 Ver: 20080414.031525 Installed: 12/6/2008
WinRAR archiver
WordPerfect Office 12 Ver: 12.01 Installed: 5/10/2006
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Toolbar
YAMAHA Digital Music Notebook Ver: 2.5.10.2 Installed: 8/24/2008
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
zedo AGAIN????
« Reply #5 on: January 12, 2009, 02:16:11 AM »
Do a System Scan Only with Hijackthis and put a tick next to the following entries:

O4 - HKLM\..\Run: [c0882aba] rundll32.exe "C:\WINDOWS\system32\vflliyxu.dll",b
O4 - HKCU\..\Run: [GetModule33] C:\Program Files\GetModule\GetModule33.exe
O20 - AppInit_DLLs: mrgxoc.dll
Close down all other open windows
Including this one
Then click on FIX CHECKED
OK any prompts then exit Hijackthis


Access your Add and remove programs and remove the following if possible

Internet Speed Monitor
Viewpoint Media Player

Reboot your comptuer

Back in Windows
Open Malwarebytes' Anti-Malware
  • Click on the Update tab and Check for updates
       
  • If an update is found, it will download and install the latest version.
  • After updating, Select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

With that log from MBAM
Can you also do the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
I only need to see the whole contents of log.txt
NOTE: You may get an error message posting back log.txt
If you do, can you upload it please, if you need instructions to upload, let me know
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Enid

  • Newbie
  • *
  • Posts: 39
  • Karma: +0/-0
    • View Profile
zedo AGAIN????
« Reply #6 on: January 12, 2009, 08:25:56 PM »
Malwarebytes' Anti-Malware 1.32
Database version: 1647
Windows 5.1.2600 Service Pack 3

1/12/2009 7:58:45 PM
mbam-log-2009-01-12 (19-58-45).txt

Scan type: Quick Scan
Objects scanned: 65091
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\bYOGwTNG.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qftbujke.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mlJArono.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\urctsdcs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mrgxoc.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xlbmpz.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18a179a8-4e72-438f-82e1-8a2b743f6a27} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{18a179a8-4e72-438f-82e1-8a2b743f6a27} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljarono (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aad0cf62-fe0d-4c33-8de8-3676accd7b6f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{aad0cf62-fe0d-4c33-8de8-3676accd7b6f} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18a179a8-4e72-438f-82e1-8a2b743f6a27} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{aad0cf62-fe0d-4c33-8de8-3676accd7b6f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0882aba (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byogwtng -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byogwtng  -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Enid\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bYOGwTNG.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\GNTwGOYb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GNTwGOYb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJArono.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\mrgxoc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qftbujke.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ekjubtfq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vflliyxu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxyillfv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urctsdcs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\xlbmpz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bqlqdkxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Enid\Local Settings\Temporary Internet Files\Content.IE5\VQRWV0PB\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Enid\Local Settings\Temporary Internet Files\Content.IE5\VQRWV0PB\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Enid\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Enid\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Enid\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wpv901231601797.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
zedo AGAIN????
« Reply #7 on: January 14, 2009, 02:15:25 PM »
Sorry for the delay
Can you post a fresh hijackthis log and let me know how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Enid

  • Newbie
  • *
  • Posts: 39
  • Karma: +0/-0
    • View Profile
zedo AGAIN????
« Reply #8 on: January 22, 2009, 12:17:41 AM »
[quote name=\'guestolo\' post=\'456029\' date=\'Jan 14 2009, 02:15 PM\']Sorry for the delay
Can you post a fresh hijackthis log and let me know how things are now running[/quote]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:35 AM, on 1/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Creative\Mixer\CTSVolFE.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [CTSVolFE.exe] "C:\Program Files\Creative\Mixer\CTSVolFE.exe" /r
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab53083.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab53083.cab
O16 - DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} (Merriam-Webster Online Toolbar) - http://www.m-w.com/downloads/toolbar/webinstall.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab53083.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1148173090023
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab53852.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/bingame/dash/default/D...sh.1.0.0.89.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.scn-chat.com/includes/MSNChat45.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab53083.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9766 bytes


THINGS SEEM TO BE RUNNING OQ. THANQS AGAIN
Logged
Pages: [1]
« previous next »