VundoFix V6.5.6
Checking Java version...
Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Scan started at 10:34:38 PM 8/5/2007
Listing files found while scanning....
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\pmkhh.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\hhkmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\hhkmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\pmkhh.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jxqvqgkw.dll
C:\WINDOWS\system32\jxqvqgkw.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ssqopqp.dll
C:\WINDOWS\system32\ssqopqp.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\svknhis.dll
C:\WINDOWS\system32\svknhis.dll Has been deleted!
Performing Repairs to the registry.
Done!
ComboFix 07-08-09.3 - "Owner" 2007-08-11 9:57:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.780 [GMT -4:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiSpyware 2007\Data\ProductCode
C:\DOCUME~1\Owner\APPLIC~1.\scurit~1
C:\DOCUME~1\Owner\APPLIC~1.\scurit~1\w?wexec.exe
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007 free
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007 free\DownloadUWAS7.url
C:\DOCUME~1\Owner\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\Owner\APPLIC~1\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\DOCUME~1\Owner\APPLIC~1\WinAntiSpyware 2007\Logs\update.log
C:\DOCUME~1\Owner\MYDOCU~1.\ystem~1
C:\DOCUME~1\Owner\MYDOCU~1.\ystem~1\?ystem\
C:\DOCUME~1\Owner\MYDOCU~1.\ystem~1\wucrtupd.exe
C:\DOCUME~1\Owner\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\Owner\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\Owner\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\WINDOWS\system32\bisfyueq.exe
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.tmp
C:\WINDOWS\system32\gjjjmdiu.dll
C:\WINDOWS\system32\gjkkj.bak1
C:\WINDOWS\system32\hogfplhd.exe
C:\WINDOWS\system32\iidfsolw.exe
C:\WINDOWS\system32\jkkjg.dll
C:\WINDOWS\system32\kyatxwgw.exe
C:\WINDOWS\system32\mhukfxbe.exe
C:\WINDOWS\system32\mljgg.dll
C:\WINDOWS\system32\qtvwa.bak1
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\sfabmarc.exe
C:\WINDOWS\system32\ssqopqp.dll
C:\WINDOWS\system32\uidmjjjg.ini
C:\WINDOWS\system32\wayqjhyp.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wnsxs~1\csrss.exe
C:\WINDOWS\system32\wnsxs~1\W?nSxS\
C:\WINDOWS\system32\yayxyvv.dll
C:\WINDOWS\system32\yigedfnv.dll
D:\Autorun.inf
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_APIMON
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\ApiMon
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-11 to 2007-08-11 )))))))))))))))))))))))))))))))
2007-08-10 07:40 147,520 --a------ C:\WINDOWS\system32\qijjnuuy.dll
2007-08-09 07:23 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-08-05 22:43 212 --a------ C:\delete.bat
2007-08-05 22:34 <DIR> d-------- C:\VundoFix Backups
2007-08-05 11:33 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-04 21:01 3,920 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-04 17:39 <DIR> d-------- C:\!KillBox
2007-08-04 17:37 <DIR> d-------- C:\bintheredunthat
2007-08-04 14:59 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-02 12:01 12,058,624 --a------ C:\DOCUME~1\Owner\ntuser.dat
2007-07-25 14:16 <DIR> d-------- C:\Program Files\Nick Arcade
2007-07-23 10:50 <DIR> d-------- C:\Program Files\3DGroove
2007-07-18 02:14 <DIR> d-------- C:\Program Files\MySpace
2007-07-18 02:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\MySpace
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-08 14:25 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\BitTorrent
2007-08-02 01:53 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Canon
2007-07-17 14:41 --------- d-------- C:\Program Files\Picasa2
2007-07-01 15:14 --------- d-------- C:\Program Files\Norton AntiVirus
2007-07-01 15:14 --------- d-------- C:\Program Files\iTunes
2007-07-01 15:14 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-01 15:14 --------- d-------- C:\Program Files\Bonjour
2007-07-01 15:13 --------- d-------- C:\Program Files\BitTorrent
2007-07-01 15:12 --------- d-------- C:\Program Files\Google
2007-06-30 22:16 --------- d-------- C:\Program Files\TrojanHunter 4.7
2007-06-30 22:10 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\TrojanHunter
2007-06-30 22:09 --------- d-------- C:\Program Files\Digital Media Reader
2007-06-30 19:01 --------- d-------- C:\Program Files\RegFix Mantra
2007-06-25 22:00 --------- d-------- C:\Program Files\ATI Technologies
2007-06-25 21:51 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-24 21:51 --------- d-------- C:\Program Files\EA GAMES
2007-06-23 00:23 --------- d-------- C:\Program Files\iPod
2007-06-19 16:24 --------- d-------- C:\Program Files\MidTen Media
2007-06-19 09:33 45968 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-06-18 07:22 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\FTW
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-16 13:24 --------- d-------- C:\Program Files\Safari
2007-06-16 13:24 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2007-06-16 13:23 --------- d-------- C:\Program Files\Apple Software Update
2007-06-13 15:50 43152 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-13 15:25 339968 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-13 15:24 268288 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-06-13 15:24 268288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-06-13 15:24 2155520 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-06-13 15:24 2155520 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-13 15:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-06-13 15:17 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-06-13 15:17 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-13 15:17 139264 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-06-13 15:17 118784 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-06-13 15:16 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-06-13 15:15 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-06-13 15:14 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-06-13 15:10 8097792 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-06-13 15:07 2922208 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-06-13 15:07 2922208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-06-13 14:57 972072 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-06-13 14:57 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat
2007-06-13 14:57 3107788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-06-13 14:57 1512960 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-06-13 14:57 1512960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-06-13 14:46 5431296 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-06-13 14:43 262144 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-06-13 14:42 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-06-13 14:41 50176 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-06-13 14:41 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-13 14:36 368640 --a--c--- C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-06-13 14:36 368640 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-06-13 14:29 520192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-03-05 13:40 836 --a------ C:\DOCUME~1\Owner\APPLIC~1\ViewerApp.dat
2006-06-25 23:13 565248 --ahsc--- C:\Program Files\ehthumbs.db
2006-05-10 07:23 244 --a--c--- C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34AD8CB2-310B-6B8E-2177-38B6023DF090}]
C:\WINDOWS\system32\svknhis.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D5F89DC-7093-423E-AD09-115DEC9E2302}]
C:\WINDOWS\system32\pmkhh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7D3261D-E239-45E3-9247-9FB77C9C43AC}]
C:\WINDOWS\system32\awvtq.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" []
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" []
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" []
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" []
"ShowWnd"="ShowWnd.exe" [2003-09-19 12:09 C:\WINDOWS\ShowWnd.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" []
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 18:20 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 21:44 C:\WINDOWS\ALCWZRD.EXE]
"_AntiSpyware"="c:\progra~1\mcafee\MCAFEE~1\MssCli.exe" []
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" []
"NAV CfgWiz"="C:\Program Files\Norton AntiVirus\CfgWiz.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-30 18:36]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 20:45 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"SystemRescue"="C:\WINDOWS\system32\qijjnuuy.dll" [2007-08-10 07:41]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00]
"close trans"="C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"Ealb"="C:\WINDOWS\system32\WNSXS~1\csrss.exe" []
"Btjtizk"="C:\Documents and Settings\Owner\Application Data\s?curity\w?wexec.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F2A0229A-C4CA-4789-B606-973D24DCDD1C}"= c:\progra~1\mcafee\mcafee antispyware\mssshell.dll [2005-07-17 22:42 155769]
path=
backup=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe
R3 SunkFilt;Alcor Micro Corp Reader;\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe -k QWAVE
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 xnacc;Microsoft Common Controller For Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xnacc.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE
Contents of the 'Scheduled Tasks' folder
2007-08-09 14:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-11 01:52:29 C:\WINDOWS\Tasks\McAfee AntiSpyware.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-08-11 10:05:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-11 10:11:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-11 10:11
C:\ComboFix2.txt ... 2007-07-01 12:21
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 10:16:50 AM, on 8/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Scanner\Scan.exe.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34AD8CB2-310B-6B8E-2177-38B6023DF090} - C:\WINDOWS\system32\svknhis.dll (file missing)
O2 - BHO: (no name) - {6D5F89DC-7093-423E-AD09-115DEC9E2302} - C:\WINDOWS\system32\pmkhh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D7D3261D-E239-45E3-9247-9FB77C9C43AC} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\MssCli.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SystemRescue] rundll32.exe "C:\WINDOWS\system32\qijjnuuy.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [close trans] C:\DOCUME~1\Owner\APPLIC~1\DUMBSA~1\Show tray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\system32\WNSXS~1\csrss.exe" -vt yazb
O4 - HKCU\..\Run: [Btjtizk] "C:\Documents and Settings\Owner\Application Data\s?curity\w?wexec.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/downloa ... YAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) -
http://pictures04.aim.com/ygp/aol/plugi ... .5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - McAfee, Inc. - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe