|
| | | New Member
Group: Forum Members
Last Login: 5/21/2008 2:47 PM
Posts: 13, Visits: 22 |
| I went through your checkoff list of things to do (thank you so much), and things cleaned up quite a bit...but there is still something that keeps popping back up. Here is my log file, can you help....
----------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:19 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070813
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070813
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: {d537c473-0cc5-b17a-6f24-ef1d8073ae7b} - {b7ea3708-d1fe-42f6-a71b-5cc0374c735d} - C:\WINDOWS\system32\bwxrcw.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMdb9b2288] Rundll32.exe "C:\WINDOWS\system32\dxneqsth.dll",s
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 3466 bytes
|
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,045, Visits: 54,734 |
| Welcome
It appears you've no virus protection installed,which is somewhat suicidal.
Please download/install Avira AntiVir Personal - FREE Antivirus:
http://www.free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.
You have Service Pack 2 installed so i'm presuming you're using the Windows Firewall.
You may be behind a hardware firewall(Router/NAT),but it would'nt hurt to install a third party software firewall to henhance protection.
A word of warning regarding the Windows Firewall in Service Pack 2,it only filters INCOMING traffic.
That means if malware happens to compromise your PC,it will be able to SEND OUT out your credit card data,and any other personal information.
I suggest you install a more robust third party firewall from below that filters both INCOMING and OUTGOING traffic.
Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/
PC Tools Firewall Plus:
http://www.pctools.com/mirror/fwinstall.exe
Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/
Outpost Firewall Free:
http://www.agnitum.com/products/outpostfree/index.php
You may want to take the time to read the following:
Understanding and Using Firewalls
http://www.bleepingcomputer.com/tutorials/tutorial60.html
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall
Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also post a new Hijackthis log please.
________________________________________
ASAP & UNITE member since 2006
 
|
| |
| | | New Member
Group: Forum Members
Last Login: 5/21/2008 2:47 PM
Posts: 13, Visits: 22 |
|
Avira AntiVir Personal
Report file date: Saturday, August 23, 2008 16:14
Scanning for 1568528 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: VICTORIAS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 17:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 16:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 21:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 16:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 22:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 8/14/2008 23:13:15
ANTIVIR3.VDF : 7.0.6.59 242688 Bytes 8/23/2008 23:13:16
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 17:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 8/23/2008 23:13:29
AESCN.DLL : 8.1.0.23 119156 Bytes 8/23/2008 23:13:28
AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 17:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 8/23/2008 23:13:27
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 8/23/2008 23:13:25
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 8/23/2008 23:13:24
AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 17:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 8/23/2008 23:13:20
AEEMU.DLL : 8.1.0.7 430452 Bytes 8/23/2008 23:13:19
AECORE.DLL : 8.1.1.8 172406 Bytes 8/23/2008 23:13:18
AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 17:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 17:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 18:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 8/23/2008 23:13:17
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 20:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 17:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 21:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 02:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 21:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 21:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 22:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 22:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Saturday, August 23, 2008 16:14
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '55' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\files\28aug07\desktop\files\websites\ldgp01.com\CUTE_FTP\cute3532.exe
[DETECTION] Contains recognition pattern of the DR/Aureate.A.26 dropper
[NOTE] The file was moved to '49249bb3.qua'!
C:\files\28aug07\desktop\files\websites\ldgp01.com\storage\linkbot\Macrobot\macrobot.exe
[0] Archive type: CAB SFX (self extracting)
--> \data1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\files\28aug07\desktop\files\websites\ldgp01.com\storage\linkbot\Metabot\metabot.exe
[0] Archive type: CAB SFX (self extracting)
--> \data1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\cimyniug.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '491da02a.qua'!
C:\WINDOWS\system32\fmeinsru.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4915a036.qua'!
C:\WINDOWS\system32\hbxmftnk.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4928a02c.qua'!
C:\WINDOWS\system32\xajkvhjs.dll
[DETECTION] Is the TR/Monderb.esa Trojan
[NOTE] The file was moved to '491aa043.qua'!
End of the scan: Saturday, August 23, 2008 16:40
Used time: 26:03 Minute(s)
The scan has been done completely.
10078 Scanning directories
227056 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
227047 Files not concerned
2904 Archives were scanned
6 Warnings
5 Notes
------------------------------------------------------------
------------------------------------------------------------
ComboFix 08-08-23.01 - Victoria 2008-08-23 19:55:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1703 [GMT -7:00]
Running from: C:\Documents and Settings\Victoria\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMdb9b2288.txt
C:\WINDOWS\BMdb9b2288.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\anwsfsuv.ini
C:\WINDOWS\system32\apyomkpo.dll
C:\WINDOWS\system32\clmiapak.ini
C:\WINDOWS\system32\dxneqsth.dll
C:\WINDOWS\system32\eoirfasi.ini
C:\WINDOWS\system32\eqrtnrvd.ini
C:\WINDOWS\system32\erxhzh.dll
C:\WINDOWS\system32\evllwjev.ini
C:\WINDOWS\system32\heueciyi.ini
C:\WINDOWS\system32\ihrxfnnc.ini
C:\WINDOWS\system32\iPAbHRqr.ini
C:\WINDOWS\system32\iPAbHRqr.ini2
C:\WINDOWS\system32\jcbshqmy.ini
C:\WINDOWS\system32\klaahx.dll
C:\WINDOWS\system32\kyyjaqwr.dll
C:\WINDOWS\system32\mclyijkm.ini
C:\WINDOWS\system32\mhvxpxdl.dll
C:\WINDOWS\system32\nvyduvov.dll
C:\WINDOWS\system32\oykxfcie.ini
C:\WINDOWS\system32\rnfenb.dll
C:\WINDOWS\system32\siveffnm.dll
C:\WINDOWS\system32\ujzqna.dll
C:\WINDOWS\system32\vejwllve.dll
C:\WINDOWS\system32\vetbpmdf.dll
C:\WINDOWS\system32\ygmnscer.ini
C:\WINDOWS\system32\yugijimp.dll
C:\WINDOWS\system32\yymautey.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-24 to 2008-08-24 )))))))))))))))))))))))))))))))
.
2008-08-23 16:12 . 2008-08-23 16:12d--------C:\Program Files\Avira
2008-08-23 16:12 . 2008-08-23 16:12d--------C:\Documents and Settings\All Users\Application Data\Avira
2008-08-22 16:51 . 2008-08-22 16:51d--------C:\Program Files\Trend Micro
2008-08-20 17:53 . 2008-08-20 17:53d--------C:\Program Files\SUPERAntiSpyware
2008-08-20 17:53 . 2008-08-20 17:53d--------C:\Documents and Settings\Victoria\Application Data\SUPERAntiSpyware.com
2008-08-20 17:53 . 2008-08-20 17:53d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-20 17:48 . 2008-08-20 17:48d--------C:\Program Files\SpywareBlaster
2008-08-20 17:48 . 2005-08-25 19:18118,784--a------C:\WINDOWS\system32\MSSTDFMT.DLL
2008-08-20 17:17 . 2008-08-20 17:17d--------C:\Program Files\CCleaner
2008-08-20 16:57 . 2008-08-20 16:57d--------C:\VundoFix Backups
2008-08-20 15:21 . 2008-08-20 15:21d--------C:\Program Files\Spybot - Search & Destroy
2008-08-20 15:21 . 2008-08-20 18:11d--------C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 14:43 . 2008-08-20 14:43d--------C:\Program Files\Lavasoft
2008-08-20 14:43 . 2008-08-20 14:44d--------C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-30 19:34 . 2008-07-30 19:3426,112--a------C:\WINDOWS\system32\mlJbcbxw.dll.vir
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 00:52---------d-----wC:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 20:51---------d-----wC:\Program Files\GameSpy Arcade
2008-08-20 02:27---------d-----wC:\Program Files\Blockland
2008-08-06 00:15---------d-----wC:\Program Files\Google
2008-07-18 07:33---------d-----wC:\Program Files\EA GAMES
2008-07-17 23:47---------d--h--rC:\Documents and Settings\Victoria\Application Data\SecuROM
2008-07-15 18:37---------d-----wC:\Program Files\World of Warcraft
2008-07-11 03:13---------d-----wC:\Program Files\Warcraft III
2008-07-08 04:28---------d-----wC:\Documents and Settings\Victoria\Application Data\PlayFirst
2008-07-08 04:13---------d-----wC:\Documents and Settings\Victoria\Application Data\Logitech
2008-07-08 04:11---------d--h--wC:\Program Files\InstallShield Installation Information
2008-07-08 04:11---------d-----wC:\Program Files\Logitech
2008-07-08 04:11---------d-----wC:\Program Files\Common Files\Logitech
2008-07-08 04:10---------d-----wC:\Program Files\Common Files\InstallShield
2008-07-07 23:45---------d-----wC:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-06 22:44---------d-----wC:\Documents and Settings\Victoria\Application Data\Jane s Hotel
2008-07-06 22:13---------d-----wC:\Documents and Settings\All Users\Application Data\NeoEdge Networks
2008-07-06 20:44---------d-----wC:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-07-06 09:22---------d-----wC:\Documents and Settings\All Users\Application Data\Zylom
2008-07-05 09:02---------d-----wC:\Documents and Settings\All Users\Application Data\Gogii
2008-06-25 20:37---------d-----wC:\Documents and Settings\Victoria\Application Data\Turbine
2008-06-25 20:37---------d-----wC:\Documents and Settings\Victoria\Application Data\GetRightToGo
2008-06-25 20:03---------d-----wC:\Program Files\Turbine
2008-06-21 17:191,400----a-wC:\Documents and Settings\Victoria\Application Data\wklnhst.dat
2008-04-18 19:12547,909----a-wC:\Program Files\DeIsL1.isu
2000-04-28 18:50375----a-wC:\Program Files\properties.txt
2000-04-19 06:489,216----a-wC:\Program Files\README.TXT
2000-04-14 17:1186,016----a-wC:\Program Files\_UnInstall.dll
2000-03-30 21:3010,134----a-wC:\Program Files\EXCHANGE.ICO
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 18:43 4670704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-23 13:33 8429568]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a------ 2004-02-19 04:23 61440 c:\dell\bldbubg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 10:09 460784 C:\Program Files\DellSupport\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a------ 2005-09-08 03:20 122940 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-10-05 01:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-07-06 05:15 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 14:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 14:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2006-09-05 12:19 94208 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-05-23 13:33 8429568 C:\WINDOWS\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-08-13 16:50 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-08-13 16:49 26112 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 11:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-07-24 08:20 282624 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-10-25 19:10]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 01:39]
.
- - - - ORPHANS REMOVED - - - -
BHO-{b7ea3708-d1fe-42f6-a71b-5cc0374c735d} - C:\WINDOWS\system32\bwxrcw.dll
HKLM-Run-BMdb9b2288 - C:\WINDOWS\system32\dxneqsth.dll
ShellExecuteHooks-{4316CFAD-3CC2-463F-8111-70976DB7F7DF} - (no file)
MSConfigStartUp-BMdb9b2288 - C:\WINDOWS\system32\dxneqsth.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-d8a81114 - C:\WINDOWS\system32\vejwllve.dll
MSConfigStartUp-Google Desktop Search - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
MSConfigStartUp-URLLSTCK - C:\Program Files\Norton Internet Security\UrlLstCk.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Victoria\Application Data\Mozilla\Firefox\Profiles\gm6bxbzo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 19:59:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
.
**************************************************************************
.
Completion time: 2008-08-23 20:02:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-24 03:02:41
Pre-Run: 91,620,155,392 bytes free
Post-Run: 91,577,786,368 bytes free
214--- E O F ---2008-07-09 10:00:21
----------------------------------------------------------
----------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04, on 2008-08-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070813
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
--
End of file - 3949 bytes
|
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,045, Visits: 54,734 |
| Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press OK [see image below]
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore.
Please download OTMoveIt by OldTimer,save it to your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Please double-click OTMoveIt.exe to run it.
Copy ALL the text inside the code box below to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):
[kill explorer]
C:\VundoFix Backups
C:\WINDOWS\system32\mlJbcbxw.dll.vir
C:\Program Files\Common Files\Symantec Shared
[start explorer]
Return to OTMoveIt, right click on the "Paste List of Files/Folders to Move" window under the "yellow" bar,and choose Paste,see image below:
Click on the Moveit! button 
Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt by clicking on the "Exit" button.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.
Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
Please download Malwarebytes Anti-Malware:
http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
(If using Windows Vista,be sure to "Run As Administrator").
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and paste the entire report into your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u7'.
3. Click the "Download" button to the right.
4. Select the Platform and Language for your download,then check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language - jre-6u7-windows-i586-p.exe' [15.24 MB] and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java version.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.
Also post a new Hijackthis log,let me know how your pc is running now please.
*NOTE*
You haven't installed a third party firewall as suggested in my first post.
________________________________________
ASAP & UNITE member since 2006
|
| |
| | | New Member
Group: Forum Members
Last Login: 5/21/2008 2:47 PM
Posts: 13, Visits: 22 |
| i posted a reply i don't know if you got it or not but here it is.. again
________________________________________________________________
------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.25
Database version: 1087
Windows 5.1.2600 Service Pack 2
21:22:41 2008-08-25
mbam-log-08-25-2008 (21-22-41).txt
Scan type: Full Scan (C:\|)
Objects scanned: 146730
Time elapsed: 30 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
______________________________________________________________
---------------------------------------------------------------------------------------
Explorer killed successfully
File/Folder C:\VundoFix Backups not found.
C:\WINDOWS\system32\mlJbcbxw.dll.vir moved successfully.
C:\Program Files\Common Files\Symantec Shared\Support Controls moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPManifests moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
Explorer started successfully
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08252008_193434
______________________________________________________________
---------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40, on 2008-08-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070813
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: |
| |
|
