Removed Vundo, posting hijack log2

View previous topic View next topic Go down

Re: Removed Vundo, posting hijack log2

Post by caskaid on 25th March 2009, 7:45 pm

Computer is running fine, however, will I have to do this again if there are additional users on the system? What led me back here was that I ran an AVG scan with another user (since it was picking up locked directories/files that I knew had infections but couldn't delete them since I wasn't on that user's profile) and it could delete the infections only once I was on the other user's profile, do i need to do these steps again on the one last profile?

caskaid
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-03-05
OS OS : Windows XP
Points Points : 28497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed Vundo, posting hijack log2

Post by Belahzur on 25th March 2009, 7:46 pm

So how many profiles are there? 3?

Two of them should be clean now anyway.
Logon to the third user account and run DDS from there too and we'll see if that picks anything up from that user account.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed Vundo, posting hijack log2

Post by caskaid on 25th March 2009, 7:58 pm

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ryan Davidson at 15:56:43.06 on Wed 03/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.745 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ryan Davidson\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: Yahoo! Dictionary - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsrch.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - [You must be registered and logged in to see this link.] files\dream day wedding 2 - married in manhattan\images\stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - [You must be registered and logged in to see this link.]
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - [You must be registered and logged in to see this link.]
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - [You must be registered and logged in to see this link.] files\dream day wedding 2 - married in manhattan\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ryanda~1\applic~1\mozilla\firefox\profiles\fvbl9xib.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-24 298264]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\maplestory beginner version\gameguard\dump_wmimmc.sys --> c:\nexon\maplestory beginner version\gameguard\dump_wmimmc.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]

=============== Created Last 30 ================

2009-03-25 14:31 a-dshr-- C:\cmdcons
2009-03-25 14:30 161,792 a------- c:\windows\SWREG.exe
2009-03-25 14:30 98,816 a------- c:\windows\sed.exe
2009-03-25 12:40 --d----- c:\program files\Unlocker
2009-03-24 23:24 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-24 20:44 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-24 20:44 --d----- c:\program files\Lavasoft
2009-03-24 16:04 --d----- c:\program files\Defraggler
2009-03-24 14:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-24 14:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 14:35 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 14:34 --d-h--- C:\$AVG8.VAULT$
2009-03-24 14:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-24 14:12 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-24 14:12 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-24 14:12 --d----- c:\windows\system32\drivers\Avg
2009-03-24 14:12 --d----- c:\program files\AVG
2009-03-24 14:12 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-24 14:04 --d----- c:\program files\Trend Micro
2009-03-24 13:56 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-24 13:51 --d----- c:\program files\MSXML 4.0
2009-03-24 13:26 --d----- c:\program files\JRE
2009-03-24 13:26 --d----- c:\program files\OpenOffice.org 3
2009-03-24 13:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-24 12:54 --d----- c:\windows\system32\scripting
2009-03-24 12:54 --d----- c:\windows\l2schemas
2009-03-24 12:54 --d----- c:\windows\system32\en
2009-03-24 12:49 --d----- c:\windows\network diagnostic
2009-03-24 12:36 184,832 -------- c:\windows\system32\eapp3hst.dll
2009-03-24 12:20 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-24 12:20 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-24 12:15 1,374 a------- c:\windows\imsins.BAK
2009-03-24 12:12 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-24 12:11 --d----- c:\windows\provisioning
2009-03-24 12:11 --d----- c:\windows\peernet
2009-03-24 12:10 --d----- c:\windows\ServicePackFiles
2009-03-24 12:03 --d----- c:\windows\EHome
2009-03-24 12:00 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-24 11:18 --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-24 12:58 78,587 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-09-21 16:22 0 a------- c:\documents and settings\ryan davidson\jagex_runescape_preferences.dat
2008-05-13 14:27 0 a------- c:\program files\temp01

============= FINISH: 15:56:57.25 ===============

caskaid
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-03-05
OS OS : Windows XP
Points Points : 28497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed Vundo, posting hijack log2

Post by Belahzur on 25th March 2009, 8:00 pm

Looks fine to me. Wink


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed Vundo, posting hijack log2

Post by caskaid on 25th March 2009, 8:04 pm

One last user:


DDS (Ver_09-03-16.01) - NTFSx86
Run by HouseGuest at 16:02:58.14 on Wed 03/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.683 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HouseGuest\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0411.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sonic RecordNow!]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [MS Juan] rundll32 "c:\docume~1\houseg~1\locals~1\temp\dogeow.dll",run
uRun: [88b11979] rundll32.exe "c:\docume~1\houseg~1\locals~1\temp\gmwydfcv.dll",b
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\npjpi160_11.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - [You must be registered and logged in to see this link.]
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - [You must be registered and logged in to see this link.] files\dream day wedding 2 - married in manhattan\images\stg_drm.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [You must be registered and logged in to see this link.]
DPF: {33564D57-0000-0010-8000-00AA00389B71} - [You must be registered and logged in to see this link.]
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} - [You must be registered and logged in to see this link.]
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [You must be registered and logged in to see this link.]
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - [You must be registered and logged in to see this link.]
DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - [You must be registered and logged in to see this link.]
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - [You must be registered and logged in to see this link.] files\dream day wedding 2 - married in manhattan\images\armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\houseg~1\applic~1\mozilla\firefox\profiles\zeqky88b.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-24 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-24 298264]
R2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\maplestory beginner version\gameguard\dump_wmimmc.sys --> c:\nexon\maplestory beginner version\gameguard\dump_wmimmc.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-10-19 10664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]

=============== Created Last 30 ================

2009-03-25 14:31 a-dshr-- C:\cmdcons
2009-03-25 14:30 161,792 a------- c:\windows\SWREG.exe
2009-03-25 14:30 98,816 a------- c:\windows\sed.exe
2009-03-25 12:40 --d----- c:\program files\Unlocker
2009-03-24 23:24 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-24 20:44 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-03-24 20:44 --d----- c:\program files\Lavasoft
2009-03-24 16:04 --d----- c:\program files\Defraggler
2009-03-24 14:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-24 14:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-24 14:35 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 14:34 --d-h--- C:\$AVG8.VAULT$
2009-03-24 14:12 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-24 14:12 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-24 14:12 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-24 14:12 --d----- c:\windows\system32\drivers\Avg
2009-03-24 14:12 --d----- c:\program files\AVG
2009-03-24 14:12 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-24 14:04 --d----- c:\program files\Trend Micro
2009-03-24 13:56 --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-24 13:51 --d----- c:\program files\MSXML 4.0
2009-03-24 13:26 --d----- c:\program files\JRE
2009-03-24 13:26 --d----- c:\program files\OpenOffice.org 3
2009-03-24 13:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-24 12:54 --d----- c:\windows\system32\scripting
2009-03-24 12:54 --d----- c:\windows\l2schemas
2009-03-24 12:54 --d----- c:\windows\system32\en
2009-03-24 12:49 --d----- c:\windows\network diagnostic
2009-03-24 12:36 184,832 -------- c:\windows\system32\eapp3hst.dll
2009-03-24 12:20 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-03-24 12:20 268,648 a------- c:\windows\system32\mucltui.dll
2009-03-24 12:15 1,374 a------- c:\windows\imsins.BAK
2009-03-24 12:12 221,184 a------- c:\windows\system32\wmpns.dll
2009-03-24 12:11 --d----- c:\windows\provisioning
2009-03-24 12:11 --d----- c:\windows\peernet
2009-03-24 12:10 --d----- c:\windows\ServicePackFiles
2009-03-24 12:03 --d----- c:\windows\EHome
2009-03-24 12:00 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-03-24 11:35 --ds---- c:\documents and settings\houseguest\UserData
2009-03-24 11:18 --d----- c:\program files\CCleaner

==================== Find3M ====================

2009-03-24 12:58 78,587 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-08-25 02:35 0 a------- c:\documents and settings\houseguest\jagex_runescape_preferences.dat
2008-05-13 14:27 0 a------- c:\program files\temp01

============= FINISH: 16:03:11.89 ===============

caskaid
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-03-05
OS OS : Windows XP
Points Points : 28497
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Removed Vundo, posting hijack log2

Post by Belahzur on 25th March 2009, 8:05 pm

Both looks fine.

What problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Removed Vundo, posting hijack log2

Post by caskaid on 25th March 2009, 8:27 pm

all should be well unless avg picks up anything additional. Thank you!

caskaid
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-03-05
OS OS : Windows XP
Points Points : 28497
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum