Results 1 to 2 of 2

Thread: vundo again

  1. 2008-07-01, 15:03 #1
    IromK
    IromK is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    6

    Default vundo again

    CF:

    ComboFix 08-06-20.4 - Administrator 2008-07-01 8:49:22.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1358 [GMT -4:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM43fb34f8.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\sgixqitq.ini
    C:\WINDOWS\system32\ssqpMdBQ.dll
    C:\WINDOWS\system32\tisloxfm.ini
    C:\WINDOWS\system32\xbLlRXyb.ini
    C:\WINDOWS\system32\xbLlRXyb.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 )))))))))))))))))))))))))))))))
    .

    2008-07-01 08:34 . 2008-07-01 08:34 95 --a------ C:\WINDOWS\wininit.ini
    2008-07-01 02:52 . 2008-07-01 02:53 81,920 --a------ C:\WINDOWS\system32\qtiqxigs.dll
    2008-07-01 02:49 . 2008-07-01 02:49 103,424 --a------ C:\WINDOWS\system32\navpoy.dll
    2008-07-01 02:49 . 2008-07-01 02:49 103,424 --a------ C:\WINDOWS\system32\csssoujw.dll
    2008-07-01 02:46 . 2008-07-01 02:46 91,136 --a------ C:\WINDOWS\system32\dcypofxy.dll
    2008-06-30 23:56 . 2008-06-30 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2008-06-30 23:50 . 2008-06-30 23:57 <DIR> d-------- C:\Program Files\AVS4YOU
    2008-06-30 23:48 . 2008-06-30 23:56 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
    2008-06-30 23:48 . 2008-06-30 23:48 674,816 --a------ C:\WINDOWS\isRS-000.tmp
    2008-06-30 18:48 . 2008-06-30 18:48 <DIR> d-------- C:\Program Files\Apple Software Update
    2008-06-30 18:48 . 2008-06-30 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-30 18:48 . 2008-06-30 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-30 15:48 . 2008-06-30 15:48 <DIR> d-------- C:\Program Files\Common Files\Control Panels
    2008-06-30 15:45 . 2008-06-30 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ALM
    2008-06-30 15:27 . 2008-06-30 15:27 <DIR> d-------- C:\Program Files\QuickTime
    2008-06-30 14:53 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
    2008-06-30 14:53 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
    2008-06-30 14:43 . 2008-06-30 14:43 <DIR> d-------- C:\Program Files\Bonjour
    2008-06-30 14:43 . 2008-06-30 14:43 81,920 --a------ C:\WINDOWS\system32\mfxolsit.dll
    2008-06-30 14:42 . 320,000 C:\WINDOWS\system32\byXRlLbx.dll_old
    2008-06-30 14:39 . 2008-06-30 14:39 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2008-06-30 14:34 . 2008-06-30 15:51 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2008-06-30 14:28 . 2008-06-30 14:28 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2008-06-30 14:28 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
    2008-06-30 14:28 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
    2008-06-30 06:38 . 2008-06-30 06:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
    2008-06-30 03:39 . 2008-06-30 03:49 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
    2008-06-30 03:13 . 2008-07-01 08:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
    2008-06-30 02:54 . 2008-06-30 03:07 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
    2008-06-30 02:52 . 2008-06-30 02:52 <DIR> d-------- C:\WINDOWS\system32\Lang
    2008-06-30 02:52 . 2008-06-30 02:52 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
    2008-06-30 02:52 . 2008-06-30 02:52 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
    2008-06-30 02:49 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2008-06-30 02:49 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
    2008-06-30 02:49 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2008-06-30 02:49 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
    2008-06-30 02:49 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2008-06-30 02:49 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
    2008-06-30 02:49 . 2006-08-01 03:02 49,152 -ra------ C:\WINDOWS\system32\ChCfg.exe
    2008-06-30 02:49 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2008-06-30 02:49 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
    2008-06-30 02:48 . 2008-06-30 02:48 <DIR> d-------- C:\Program Files\Realtek
    2008-06-30 02:48 . 2008-06-30 02:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2008-06-30 02:47 . 2007-07-26 05:09 520,192 -r------- C:\WINDOWS\RtlExUpd.dll
    2008-06-30 02:31 . 2008-06-30 02:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-30 02:28 . 2008-06-30 02:28 <DIR> d-------- C:\WINDOWS\nview
    2008-06-30 02:28 . 2008-06-30 02:28 <DIR> d-------- C:\WINDOWS\nvidia icons
    2008-06-30 02:28 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-06-30 02:28 . 2008-07-01 08:56 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-06-30 02:28 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
    2008-06-30 02:28 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
    2008-06-30 02:28 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
    2008-06-30 02:28 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
    2008-06-30 02:28 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-06-30 02:27 . 2008-06-30 02:27 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2008-06-30 02:27 . 2008-06-30 02:27 <DIR> d-------- C:\NVIDIA
    2008-06-30 02:27 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2008-06-30 02:19 . 2008-06-30 02:19 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-30 02:14 . 2008-06-30 02:14 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
    2008-06-30 02:08 . 2008-06-30 02:08 <DIR> d-------- C:\WINDOWS\ServicePackFiles
    2008-06-30 02:07 . 2004-08-04 00:56 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
    2008-06-30 02:06 . 2004-11-18 10:42 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2008-06-30 02:06 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002238_.tmp
    2008-06-30 02:05 . 2008-06-30 02:05 <DIR> d-------- C:\WINDOWS\EHome

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-30 07:07 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-06-30 06:48 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-30 05:36 --------- d-----w C:\Program Files\microsoft frontpage
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-05-22 22:22 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-05-22 22:22 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-05-22 22:22 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-05-22 22:22 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
    2008-05-22 22:22 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
    2008-05-22 22:22 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37E01C00-1BE4-41CB-9AF6-08A6E586DA2F}]
    C:\WINDOWS\system32\byXRlLbx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6892a0f6-22c4-4cff-ada0-6a7584aa98fb}]
    2008-07-01 02:49 103424 --a------ C:\WINDOWS\system32\navpoy.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
    "nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 03:21 16384000 C:\WINDOWS\RTHDCPL.exe]
    "WinampAgent"="D:\Winamp\winampa.exe" [2008-04-01 14:49 36352]
    "DAEMON Tools-1033"="D:\Daemon Tools\daemon.exe" [2004-08-22 17:05 81920]
    "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
    "QuickTime Task"="D:\Quicktime\QTTask.exe" [2008-05-27 10:50 413696]
    "40c80764"="C:\WINDOWS\system32\qtiqxigs.dll" [2008-07-01 02:53 81920]
    "BM43fb34f8"="C:\WINDOWS\system32\dcypofxy.dll" [2008-07-01 02:46 91136]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Steam\\steamapps\\jaltimier@fuse.net\\team fortress 2\\hl2.exe"=
    "D:\\uTorrent\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
    "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
    "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
    "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

    R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-16 23:58]
    S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [2006-06-23 05:02]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-06-30 22:48:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-01 08:54:44
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\WINDOWS\system32\sgixqitq.ini 294 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-07-01 8:59:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-01 12:58:41

    Pre-Run: 25,504,215,040 bytes free
    Post-Run: 25,757,802,496 bytes free

    180


    HJT

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:02:51 AM, on 7/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    D:\Winamp\winampa.exe
    D:\Daemon Tools\daemon.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    D:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {37E01C00-1BE4-41CB-9AF6-08A6E586DA2F} - C:\WINDOWS\system32\byXRlLbx.dll (file missing)
    O2 - BHO: {bf89aa48-57a6-0ada-ffc4-4c226f0a2986} - {6892a0f6-22c4-4cff-ada0-6a7584aa98fb} - C:\WINDOWS\system32\navpoy.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Daemon Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Quicktime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [40c80764] rundll32.exe "C:\WINDOWS\system32\qtiqxigs.dll",b
    O4 - HKLM\..\Run: [BM43fb34f8] Rundll32.exe "C:\WINDOWS\system32\dcypofxy.dll",s
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 3250 bytes
  2. 2008-07-02, 21:16 #2
    IromK
    IromK is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    6

    Default

    I actually have another machine that has come down with virtumonde as well

    here is the other HJT Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:15:06 PM, on 7/2/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Windows\system32\tskmngr.exe
    C:\Program Files\iTunes\iTunes.exe
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Windows\explorer.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [Windows TaskManager] tskmngr.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\RunServices: [Windows TaskManager] tskmngr.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Music\AppData\Local\Temp\rqRIaYrq.dll,#1
    O4 - HKCU\..\Run: [BM2d5c4b2d] Rundll32.exe "C:\Users\Music\AppData\Local\Temp\tmlhrjmi.dll",s
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Music\AppData\Local\Temp\cbXpPHBq.dll,c
    O4 - HKCU\..\Run: [2e6f78b1] rundll32.exe "C:\Users\Music\AppData\Local\Temp\eobhceoo.dll",b
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 8715 bytes
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules