Can't Clean This One Out...


Recommended Posts

User in my office is infected (again, 4th time in the last 4 months). Had to remove Spyb ot cause it kept popping up with registry changes, you click "deny change" and it just pops right back up. McAfee also kept reporting a "BackDoor.BAC" virus (which according to their site their program has been able to detect and remove since 2003 but it won't let me Clean, Move, or Delete the infected files). We don't have any spyware programs here, can't get the firm to buy them yet, so I need free tools or manual instructions to remove whatever is on here. I've tried removing the files in question that I think are the problem but after rebooting from safe-mode where I deleted them, they just get put right back and detected all over again. Normally I just re-image his computer but that's a pain in the ass to setup. Any help would be appreciated. The SpySweeper tools that are on there are from a trial install I did to check the functionality of the Enterprise version, it's currently out of the 30 day trial so it doesn't clean anymore. Thanks..

Logfile of HijackThis v1.98.2

Scan saved at 10:52:51 AM, on 12/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Symantec\Ghost\ngctw32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe

C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\Explorer.EXE

C:\Windows\System32\taskswitch.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe

C:\Program Files\RDS\FmIcsl.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

J:\Install\Utilities\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\System32\qem1D77.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CoolSwitch] C:\Windows\System32\taskswitch.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe

O4 - HKLM\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [zyh] C:\WINDOWS\zyh.exe

O4 - HKLM\..\Run: [igvlmyrq] C:\WINDOWS\System32\gxujvmr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [scanRouter] "C:\Program Files\RDS\FmIcsl.exe" -SPWDisp

O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm

O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab

Link to post
Share on other sites

k here we go, and thanks for the help I really appreciate it.

Logfile of HijackThis v1.99.0

Scan saved at 3:52:17 PM, on 12/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Symantec\Ghost\ngctw32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe

C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\Explorer.EXE

C:\Windows\System32\taskswitch.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe

C:\WINDOWS\System32\gxujvmr.exe

C:\Program Files\RDS\FmIcsl.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

J:\Install\Utilities\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\System32\qem1D77.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CoolSwitch] C:\Windows\System32\taskswitch.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe

O4 - HKLM\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [zyh] C:\WINDOWS\zyh.exe

O4 - HKLM\..\Run: [igvlmyrq] C:\WINDOWS\System32\gxujvmr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [scanRouter] "C:\Program Files\RDS\FmIcsl.exe" -SPWDisp

O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Symantec Ghost Client Agent - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Webroot CommAgent Service - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe

O23 - Service: Webroot SpySweeper Service - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

O23 - Service: VNC Server - Unknown - C:\Program Files\ORL\VNC\WinVNC.exe (file missing)

O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

Link to post
Share on other sites

1. Ok open Hijakckthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\System32\qem1D77.dll

O4 - HKLM\..\Run: [zyh] C:\WINDOWS\zyh.exe

O4 - HKLM\..\Run: [igvlmyrq] C:\WINDOWS\System32\gxujvmr.exe

2. Reboot and delete the files if found.

C:\WINDOWS\multimpp.dll

C:\WINDOWS\System32\qem1D77.dll

C:\WINDOWS\zyh.exe

C:\WINDOWS\System32\gxujvmr.exe

3. Then post a new Hijackthis log here in a reply.

Link to post
Share on other sites
1. Ok open Hijakckthis and click scan. Then tick and fix the following in Hijackthis with all windows closed except Hijackthis.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: MultiMPPObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)

O2 - BHO: No description - {88CC91DE-5930-45AD-9E04-6B1233609FEA} - C:\WINDOWS\System32\qem1D77.dll

O4 - HKLM\..\Run: [zyh] C:\WINDOWS\zyh.exe

O4 - HKLM\..\Run: [igvlmyrq] C:\WINDOWS\System32\gxujvmr.exe

2. Reboot and delete the files if found.

C:\WINDOWS\multimpp.dll

C:\WINDOWS\System32\qem1D77.dll

C:\WINDOWS\zyh.exe

C:\WINDOWS\System32\gxujvmr.exe

3. Then post a new Hijackthis log here in a reply.

Ok, did as instructed, and the 2 entries in HKLM\..\Run just came right back. Only 2 of the files you requested me to delete were still on the system. I also get an error everytime booting this machine up that the WildTangent driver is missing (I have manually deleted the file and tried to do a Add/REmove programs uninstall of this but this entry keeps getting put back in the registry. Here's the new log. I'll try to respond quicker this time, got sidetracked with other projects for a few days.

Logfile of HijackThis v1.99.0

Scan saved at 2:52:07 PM, on 12/21/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

C:\Program Files\Network Associates\VirusScan\Mcshield.exe

C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe

C:\Program Files\Symantec\Ghost\ngctw32.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe

C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\Explorer.EXE

C:\Windows\System32\taskswitch.exe

C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE

C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe

C:\Program Files\RDS\FmIcsl.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

J:\Install\Utilities\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [CoolSwitch] C:\Windows\System32\taskswitch.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Webroot Spy Sweeper, Enterprise Edition] C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeperTray.exe

O4 - HKLM\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [zyh] C:\WINDOWS\zyh.exe

O4 - HKLM\..\Run: [igvlmyrq] C:\WINDOWS\System32\gxujvmr.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [scanRouter] "C:\Program Files\RDS\FmIcsl.exe" -SPWDisp

O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe

O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: Symantec Ghost Client Agent - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe

O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Webroot CommAgent Service - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\CommAgent\CommAgent.exe

O23 - Service: Webroot SpySweeper Service - Webroot Software, Inc. - C:\Program Files\Webroot\Enterprise\Spy Sweeper\SpySweeper.exe

O23 - Service: VNC Server - Unknown - C:\Program Files\ORL\VNC\WinVNC.exe (file missing)

O23 - Service: VNC Server Version 4 - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

Link to post
Share on other sites
  • 2 weeks later...
  • 1 month later...
Guest
This topic is now closed to further replies.