vundo hiding?

What's easily understood about this one
http://www.pctipp.ch/index.cfm?pid=1411&pk=28470 plus it pops up an
automatic download of an exe.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Russg" <russgilb.RemoveThis@MUNGEsbcyahoo.net> wrote in message
news:lYq3j.2562$C24.2329@newssvr17.news.prodigy.net...
>
> "Jay" <> wrote in message news:
>> On Nov 25, 11:29 pm, "Russg" <> wrote:
>>> You can try the trendmicro sysclean and pattern files
>>> you can download at the links found in claymania.
>>>
>>> http://www.claymania.com/removal-trojan-adware.html
>>
>> Uh, this may all be good stuff but I'm a little trigger shy right now
>> about downloading anything else from a non-commercial site
>
> I understand. The link I gave (claymania) has
> links to download sites, but is just a set of
> easily understood, generic, instructions for
> removing malware. It has been there for a long
> time and features suggestions from known
> alt.comp.virus regulars. It is sort of the FAQ
> for this group, I don't think there is one..
>
 >> Stay informed about: vundo hiding? 

Jay <jkosmides.DeleteThis@gmail.com> wrote in
news:10f14d2c-964d-4f6c-b6f8-7c43b75a2e0b@v4g2000hsf.googlegroups.com:

>>
>> Do you know from which website did you get infected by vundo?
>>
> I think I know... why, you want to check it out?

I'd love to know the url that got you as well, please.

> I cleaned out the Sony rootkit, but McAfee still warns about Vundo...
>
> C:\Program Files\ROVA Update\rovasrvc.exe

I'm not familiar with this, if you don't mind sending a copy along.

> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,AutoConfigURL = http://proxy.ml.com:8083

I'd delete this line unless you have a specific reason to be going thru a
proxy.

> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
> Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>

this one too.

> R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-
> BD0D2DA3C2B8} - C:\Program Files\BLSearch\SearchEnh1.dll

If your intentionally using it, great.. If not, remove this one too.

> O2 - BHO: (no name) - {C8829776-6391-4F53-A6FA-370D57FA9087} - C:
> \WINDOWS\system32\ssqpn.dll (file missing)

Yea, this should be deleted.

> O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:
> \WINDOWS\system32\ljjjkhi.dll

I am almost positive this is your infection.. I'd really like to confirm
it.

> O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE

I'm not familiar with this executable. I'd like a sample if you'd be so
kind.

> O4 - HKLM\..\Run: [ROVATray] C:\Program Files\ROVA\rovatray.exe

I don't think this is something you want running either....

> O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
> http://mediaplayer.walmart.com/installer/install.cab

I had no idea walmart had a media player.

> Winlogon Notify: ljjjkhi - C:\WINDOWS\SYSTEM32\ljjjkhi.dll O23 -

This isn't good.

Would you mind sending along a sample so I can confirm what I suspect it
is? instructions for doing so can be found on my site.


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin.DeleteThis@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: vundo hiding? 

Jay <jkosmides.DeleteThis@gmail.com> wrote in news:974e459c-69d9-4020-a934-
740709c69fc7.DeleteThis@w28g2000hsf.googlegroups.com:

>>
>> >> Do you know from which website did you get infected by vundo?
>>
>> > I think I know... why, you want to check it out?
>>
>> I'd love to know the url that got you as well, please.
>>
> Sent you an email. No sense in anyone else going there by mistake.
>

I have had a chance to check it out, please see my reply in your email.


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin.DeleteThis@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: vundo hiding? 

"pcbutts1" <pcbutts1.DeleteThis@leythosthestalker.com> wrote in message
news:filfu7$stm$1@blackhelicopter.databasix.com...
> What's easily understood about this one
> http://www.pctipp.ch/index.cfm?pid=1411&pk=28470 plus it pops up an
> automatic download of an exe.
>
>
That link doesn't work for MultiAV. Not for me. You saying you can
download MultiAV from that site?
Have you tried?
 >> Stay informed about: vundo hiding? 

The link is set to auto download multi-avi.exe he probably set it that way
because people can't read the site. Those types of pop up downloads are
blocked by my browser IE7

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Russg" <russgilb RemoveThis @MUNGEsbcyahoo.net> wrote in message
news:%Ur3j.77940$Um6.17262@newssvr12.news.prodigy.net...
>
> "pcbutts1" <pcbutts1 RemoveThis @leythosthestalker.com> wrote in message
> news:filfu7$stm$1@blackhelicopter.databasix.com...
>> What's easily understood about this one
>> http://www.pctipp.ch/index.cfm?pid=1411&pk=28470 plus it pops up an
>> automatic download of an exe.
>>
>>
> That link doesn't work for MultiAV. Not for me. You saying you can
> download MultiAV from that site?
> Have you tried?
>
 >> Stay informed about: vundo hiding? 

i didn't receive your email with the link
please email kowts.RemoveThis@freeesurf.fr

thx Jay
..
"Jay" <jkosmides.RemoveThis@gmail.com> wrote in message
news:974e459c-69d9-4020-a934-740709c69fc7@w28g2000hsf.googlegroups.com...
>
>>
>> >> Do you know from which website did you get infected by vundo?
>>
>> > I think I know... why, you want to check it out?
>>
>> I'd love to know the url that got you as well, please.
>>
> Sent you an email. No sense in anyone else going there by mistake.
 >> Stay informed about: vundo hiding? 

"Lolo" <kowts DeleteThis @freesurf.fr> wrote in news:474e914c$0$26779
$426a74cc@news.free.fr:

> i didn't receive your email with the link
> please email kowts DeleteThis @freeesurf.fr
>
> thx Jay
> .
> "Jay" <jkosmides DeleteThis @gmail.com> wrote in message
> news:974e459c-69d9-4020-a934-740709c69fc7@w28g2000hsf.googlegroups.com...
>>
>>>
>>> >> Do you know from which website did you get infected by vundo?
>>>
>>> > I think I know... why, you want to check it out?
>>>
>>> I'd love to know the url that got you as well, please.
>>>
>> Sent you an email. No sense in anyone else going there by mistake.
>
>
>

http://bughunter.it-mate.co.uk/BUGHUN22.ZIP



--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin DeleteThis @gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: vundo hiding? 

Hi Justin,

I was talking about the malicious link not about the removal tool.

thx anyway

"Dustin Cook" <bughunter.dustin DeleteThis @gmail.com> wrote in message
news:Xns99F74ED724D79HHI2948AJD832@69.28.186.121...
> "Lolo" <kowts DeleteThis @freesurf.fr> wrote in news:474e914c$0$26779
> $426a74cc@news.free.fr:
>
>> i didn't receive your email with the link
>> please email kowts DeleteThis @freeesurf.fr
>>
>> thx Jay
>> .
>> "Jay" <jkosmides DeleteThis @gmail.com> wrote in message
>> news:974e459c-69d9-4020-a934-740709c69fc7@w28g2000hsf.googlegroups.com...
>>>
>>>>
>>>> >> Do you know from which website did you get infected by vundo?
>>>>
>>>> > I think I know... why, you want to check it out?
>>>>
>>>> I'd love to know the url that got you as well, please.
>>>>
>>> Sent you an email. No sense in anyone else going there by mistake.
>>
>>
>>
>
> http://bughunter.it-mate.co.uk/BUGHUN22.ZIP
>
>
>
> --
> Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
> Email.: bughunter.dustin DeleteThis @gmail.com
> Web...: http://bughunter.it-mate.co.uk
> Pad...: http://bughunter.it-mate.co.uk/pad.xml
> PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: vundo hiding? 

Final update: Vundo has been removed from my PC and I've cleaned up a
few other problems I didn't even know I had. You guys are great and I
wanted to thank everyone for their input. In the end, HJT and the
interpretive help of guys in this group was all I needed. I've
started cleaning up another PC now that was always all screwed up and
it's also working better already. Thank you everyone.

Conclusions: McAfee and Symantic scanners don't pick up everything;
scanning the registry and whatever HJT looks at is a great way to
really interogate what's going on; rebuilding your O/S is a good idea
in theory but not practical when you have years of software installed
and/or not sure if you have all the disks you need.

Remember, with great power comes great responsibility (or something
like that).
 >> Stay informed about: vundo hiding? 

"pcbutts1" <> wrote in message news:
> The link is set to auto download multi-avi.exe he probably set it that way
> because people can't read the site. Those types of pop up downloads are
> blocked by my browser IE7
>
Oh, OK. That's the chi doop sound I get at
the site. IE is indicating the blocked download.
I'd have to reconfigure IE.
Thanks
>
> Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
> The list grows. Leythos the stalker http://www.leythosthestalker.com,
> David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
> Beauregard T. Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George
> Orwell
>
>
>
> "Russg" <russgilb.TakeThisOut@MUNGEsbcyahoo.net> wrote in message
> news:%Ur3j.77940$Um6.17262@newssvr12.news.prodigy.net...
>>
>> "pcbutts1" <pcbutts1.TakeThisOut@leythosthestalker.com> wrote in message
>> news:filfu7$stm$1@blackhelicopter.databasix.com...
>>> What's easily understood about this one
>>> http://www.pctipp.ch/index.cfm?pid=1411&pk=28470 plus it pops up an
>>> automatic download of an exe.
>>>
>>>
>> That link doesn't work for MultiAV. Not for me. You saying you can
>> download MultiAV from that site?
>> Have you tried?
>>
>
>
 >> Stay informed about: vundo hiding? 

In article <dba86b0e-2c8a-41f0-9c43-
888828709fab RemoveThis @b40g2000prf.googlegroups.com>, jkosmides RemoveThis @gmail.com says...
> rebuilding your O/S is a good idea
> in theory but not practical when you have years of software installed
> and/or not sure if you have all the disks you need.

Actually, the only reason to clean a machine is so that you can get the
data off it to make a restore possible.

Once a machine is compromised there is not a single person/tool on earth
that can ensure you, 100%, that the system is clean of all malware.

Yes, you can be 98% sure that it's clean, but is it really worth it.

By the time you "Clean" a machine, you may have deleted some system
files that you may need today or in a few days, and then you'll be
troubleshooting another problem....

Take your cleaned machine, save the data, find your restore/install CD,
and wipe the machine and reinstall in a clean environment.

--

Leythos - spam999free RemoveThis @rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: vundo hiding? 

On Thu, 29 Nov 2007 21:26:15 -0500, Leythos <void DeleteThis @nowhere.lan> wrote:

>In article <dba86b0e-2c8a-41f0-9c43-
>888828709fab@b40g2000prf.googlegroups.com>, jkosmides DeleteThis @gmail.com says...
>> rebuilding your O/S is a good idea
>> in theory but not practical when you have years of software installed
>> and/or not sure if you have all the disks you need.
>
>Actually, the only reason to clean a machine is so that you can get the
>data off it to make a restore possible.
>
>Once a machine is compromised there is not a single person/tool on earth
>that can ensure you, 100%, that the system is clean of all malware.
>
>Yes, you can be 98% sure that it's clean, but is it really worth it.
>
>By the time you "Clean" a machine, you may have deleted some system
>files that you may need today or in a few days, and then you'll be
>troubleshooting another problem....
>
>Take your cleaned machine, save the data, find your restore/install CD,
>and wipe the machine and reinstall in a clean environment.

A good read for the OP: http://isc.sans.org/diary.html?storyid=3702
Treacherous malware: the story of Advatrix

Last paragraph (before the update):

"when a machine gets infected, your only option is to reinstall it
from scratch. With today’s malware phoning home and installing
stealth, updated modules, this is really a no brainer."

--
Clay mania dot com
 >> Stay informed about: vundo hiding? 

> Once a machine is compromised there is not a single person/tool on earth
> that can ensure you, 100%, that the system is clean of all malware.
>
> Yes, you can be 98% sure that it's clean, but is it really worth it.
>

I think you might be right. I'm back, humbly, to say that my machine
isn't as clean as I thought. A new virus has cropped which causes a
new IE browser to launch and take me to an advertisers page when I
click forward / backward or links within the current page. I now
realize I may need to rebuild this machine but that is my last
resort.

Action taken so far: Ran McAfee in safe boot mode (nothing found);
cleaned some junk using HJT; rebooted but the problems persist. As I
type this thread, characters are occassionally missing but I type
pretty well; I think something is stealing my characters or slowing
down my PC. Help... See HJT attached below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:51 PM, on 12/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements
5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ROVA Update\rovasrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Verizon Online\ConnMgr\cmisrv.exe
C:\Program Files\Common Files\Verizon Online\AppMgr\vzOpenUIServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = http://proxy.ml.com:8083
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = 127.0.0.1;http://localhost;<local>
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-
E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp
color LaserJet 2550 Series\SetConfig.exe -c Direct -p DOT4_001 -pn "hp
color LaserJet 2550 PCL 6" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon
\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan
Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media
Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ROVATray] C:\Program Files\ROVA\rovatray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:
\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common
Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart
\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy
\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative
\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe
\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [A Verizon App] C:
\PROGRA~1\VERIZO~1\HELPSU~1\VERIZO~1.EXE
O4 - HKLM\..\Run: [3ceba711] rundll32.exe "C:\WINDOWS
\system32\ceayjmva.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries
\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier
\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield
\UpdateService\ISUSPM.exe" -scheduler
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins
\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/20061023/qtinstall.info.apple.com/...ctivex/
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver
Installation Control) -
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl
Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCat...gWebCon
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} -
http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games -
Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software
AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID.cab
O23 - Service: Adobe Active File Monitor V5
(AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe
\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS
\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper
Networks - C:\Program Files\Juniper Networks\Common Files
\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1050\Intel 32\IDriverT.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS
\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee,
Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:
\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program
Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS
\system32\HPZipm12.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program
Files\ROVA Update\rovasrvc.exe

--
End of file - 7810 bytes
 >> Stay informed about: vundo hiding?