Virtumonde will not let go of its deathgrip on my system! [RESOLVE

Welcome Guest ( Log In | Join )

If you don't enter, you can't win! Enter here

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

2 Pages

1 2 >

Virtumonde will not let go of its deathgrip on my system! [RESOLVE, I've tried every program I can get my hands on... help!

Options

dxmdtm View Member Profile	Aug 15 2008, 10:47 PM Post #1
Member Posts: 11 OS: Windows XP	Like the title says, I can't get rid of this thing! I'm at my wits end. Here is a hijack this log I just ran. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:44:55 PM, on 8/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080316 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080316 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.del...amp;ibd=5080316 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {1C4921DA-151D-4120-877F-113B51F2CE83} - C:\WINDOWS\system32\byXQgFur.dll (file missing) O2 - BHO: (no name) - {2CA3544A-29FB-4880-9B70-2333D7DC6A4D} - C:\WINDOWS\system32\khfCspPi.dll (file missing) O2 - BHO: (no name) - {6D94C1A7-E839-4150-AA7A-4D8F9D3D21AF} - C:\WINDOWS\system32\rqRHwUNH.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {76756353-AD79-4E4F-9B00-BB0F705ADA5E} - C:\WINDOWS\system32\mlJAsPff.dll (file missing) O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\quickset.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe" O4 - HKLM\..\Run: [KADxMain] "C:\WINDOWS\system32\KADxMain.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe" O4 - HKLM\..\Run: [1cda1164] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\chnneauw.dll",b O4 - HKLM\..\Run: [LXBUCATS] "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: efcCsQjG - efcCsQjG.dll (file missing) O20 - Winlogon Notify: iifcYOHX - iifcYOHX.dll (file missing) O20 - Winlogon Notify: nnnkIXoM - nnnkIXoM.dll (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9699 bytes Thanks!

Rorschach112 View Member Profile	Aug 16 2008, 04:53 AM Post #2
GeekU Teacher Posts: 20,009 From: Dublin OS: XP	Hello Please download VundoFix.exe to your desktop Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will reboot your computer, click OK. Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting. Please download Runscanner to your desktop and run it. When the first page comes up select Beginner Mode On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top. At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes. On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file Call the .run file *"Select a name"* and save it to your desktop. You will see the .run file on your desktop. Upload that file here.

dxmdtm View Member Profile	Aug 16 2008, 02:39 PM Post #3
Member Posts: 11 OS: Windows XP	Hello, and thank you. VundoFix log: VundoFix V7.0.6 Scan started at 2:39:00 PM 8/16/2008 Listing files found while scanning.... C:\Windows\system32\afaqikyh.dll C:\Windows\system32\beqook.dll C:\Windows\system32\byginwrv.dll C:\Windows\system32\dciwyknn.dll C:\Windows\system32\ddcBSjGX.dll C:\Windows\system32\ggdibb.dll C:\Windows\system32\hgGxurOH.dll C:\Windows\system32\hujskqtv.dll C:\Windows\system32\jdkpxanu.dll C:\Windows\system32\jdseygxt.dll C:\Windows\system32\jwnnvt.dll C:\Windows\system32\kmnlopcb.dll C:\Windows\system32\kpoggemf.dll C:\Windows\system32\lmccwode.dll C:\Windows\system32\lxxwdbyw.dll C:\Windows\system32\mlvhfdxj.dll C:\Windows\system32\ncaqdadp.dll Beginning removal... Attempting to delete C:\Windows\system32\afaqikyh.dll C:\Windows\system32\afaqikyh.dll Has been deleted! Attempting to delete C:\Windows\system32\beqook.dll C:\Windows\system32\beqook.dll Has been deleted! Attempting to delete C:\Windows\system32\byginwrv.dll C:\Windows\system32\byginwrv.dll Has been deleted! Attempting to delete C:\Windows\system32\dciwyknn.dll C:\Windows\system32\dciwyknn.dll Has been deleted! Attempting to delete C:\Windows\system32\ddcBSjGX.dll C:\Windows\system32\ddcBSjGX.dll Could not be deleted. Attempting to delete C:\Windows\system32\ggdibb.dll C:\Windows\system32\ggdibb.dll Has been deleted! Attempting to delete C:\Windows\system32\hgGxurOH.dll C:\Windows\system32\hgGxurOH.dll Has been deleted! Attempting to delete C:\Windows\system32\hujskqtv.dll C:\Windows\system32\hujskqtv.dll Has been deleted! Attempting to delete C:\Windows\system32\jdkpxanu.dll C:\Windows\system32\jdkpxanu.dll Has been deleted! Attempting to delete C:\Windows\system32\jdseygxt.dll C:\Windows\system32\jdseygxt.dll Has been deleted! Attempting to delete C:\Windows\system32\jwnnvt.dll C:\Windows\system32\jwnnvt.dll Could not be deleted. Attempting to delete C:\Windows\system32\kmnlopcb.dll C:\Windows\system32\kmnlopcb.dll Has been deleted! Attempting to delete C:\Windows\system32\kpoggemf.dll C:\Windows\system32\kpoggemf.dll Has been deleted! Attempting to delete C:\Windows\system32\lmccwode.dll C:\Windows\system32\lmccwode.dll Has been deleted! Attempting to delete C:\Windows\system32\lxxwdbyw.dll C:\Windows\system32\lxxwdbyw.dll Has been deleted! Attempting to delete C:\Windows\system32\mlvhfdxj.dll C:\Windows\system32\mlvhfdxj.dll Has been deleted! Attempting to delete C:\Windows\system32\ncaqdadp.dll C:\Windows\system32\ncaqdadp.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\Windows\system32\ddcBSjGX.dll C:\Windows\system32\ddcBSjGX.dll Could not be deleted. Attempting to delete C:\Windows\system32\jwnnvt.dll C:\Windows\system32\jwnnvt.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Beginning removal... VundoFix V7.0.6 Scan started at 2:59:26 PM 8/16/2008 Listing files found while scanning.... C:\Windows\system32\bmurer.dll C:\Windows\system32\cxncycca.dll C:\Windows\system32\ddcBSjGX.dll C:\Windows\system32\ddfbdtsx.dll C:\Windows\system32\jwnnvt.dll C:\Windows\system32\jyjhcdpu.dll C:\Windows\system32\xstdbfdd.ini Beginning removal... Attempting to delete C:\Windows\system32\bmurer.dll C:\Windows\system32\bmurer.dll Could not be deleted. Attempting to delete C:\Windows\system32\cxncycca.dll C:\Windows\system32\cxncycca.dll Has been deleted! Attempting to delete C:\Windows\system32\ddcBSjGX.dll C:\Windows\system32\ddcBSjGX.dll Could not be deleted. Attempting to delete C:\Windows\system32\ddfbdtsx.dll C:\Windows\system32\ddfbdtsx.dll Has been deleted! Attempting to delete C:\Windows\system32\jwnnvt.dll C:\Windows\system32\jwnnvt.dll Could not be deleted. Attempting to delete C:\Windows\system32\jyjhcdpu.dll C:\Windows\system32\jyjhcdpu.dll Has been deleted! Attempting to delete C:\Windows\system32\xstdbfdd.ini C:\Windows\system32\xstdbfdd.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Performing Repairs to the registry. Done! HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:31:09 PM, on 8/16/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080316 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080316 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.del...amp;ibd=5080316 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {1C4921DA-151D-4120-877F-113B51F2CE83} - C:\WINDOWS\system32\byXQgFur.dll (file missing) O2 - BHO: (no name) - {2CA3544A-29FB-4880-9B70-2333D7DC6A4D} - C:\WINDOWS\system32\khfCspPi.dll (file missing) O2 - BHO: (no name) - {5E64719F-B1E3-4E87-BF8D-A91CBA6BDA6e} - C:\WINDOWS\system32\vxweuftl.dll O2 - BHO: (no name) - {6D94C1A7-E839-4150-AA7A-4D8F9D3D21AF} - C:\WINDOWS\system32\rqRHwUNH.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {76756353-AD79-4E4F-9B00-BB0F705ADA5E} - C:\WINDOWS\system32\mlJAsPff.dll (file missing) O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe" O4 - HKLM\..\Run: [KADxMain] "C:\WINDOWS\system32\KADxMain.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [TosGbWatcher] "C:\Program Files\TOSHIBA\gigabeat room 2.0.2\TosGbWatcher.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] "C:\PROGRA~1\SYMANT~1\VPTray.exe" O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services] ftps.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] gpedits.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: bmurer.dll lthwqh.dll O20 - Winlogon Notify: efcCsQjG - efcCsQjG.dll (file missing) O20 - Winlogon Notify: iifcYOHX - iifcYOHX.dll (file missing) O20 - Winlogon Notify: nnnkIXoM - nnnkIXoM.dll (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 9718 bytes RunScanner log: Runscanner logfile http://www.runscanner.net * = signed file - = file not found 000 General info ---------------- Computer name : DOUG Creation time : 8/16/2008 3:36:05 PM Hosts <> 127.0.0.1 : 0 Hosts file location : %SystemRoot%\System32\drivers\etc IE version : 6.0.2900.2180 OS : Microsoft Windows XP OS Build : 2600 OS SP : Service Pack 2 RunScanner Version : 1.6.3.0 User Language : English (United States) User rights : Administrator Windows folder : C:\WINDOWS 001 Running processes --------------------- * c:\program files\dell network assistant\hnm_svc.exe (SingleClick Systems) * c:\windows\system32\alg.exe (Microsoft Corporation) * c:\progra~1\widcomm\blueto~1\btstac~1.exe (Broadcom Corporation.) * c:\program files\widcomm\bluetooth software\bin\btwdins.exe (Broadcom Corporation.) * c:\program files\widcomm\bluetooth software\bttray.exe (Broadcom Corporation.) * c:\windows\system32\csrss.exe (Microsoft Corporation) * c:\program files\common files\symantec shared\ccevtmgr.exe (Symantec Corporation) * c:\program files\common files\symantec shared\ccsetmgr.exe (Symantec Corporation) * c:\program files\common files\symantec shared\ccapp.exe (Symantec Corporation) * c:\program files\dell\mediadirect\pcmservice.exe (CyberLink Corp.) * c:\program files\dellautomatedpctuneup\ptagnt.exe (Gteko Ltd.) c:\windows\system32\bcmwltry.exe (Dell Inc.) c:\windows\system32\wltray.exe (Dell Inc.) * c:\program files\digital line detect\dlg.exe (Avanquest Software) * c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) * c:\windows\system32\svchost.exe (Microsoft Corporation) c:\program files\toshiba\gigabeat room 2.0.2\tosgbwatcher.exe (TOSHIBA CORPORATION) * c:\windows\system32\hkcmd.exe (Intel Corporation) * c:\windows\system32\igfxsrvc.exe (Intel Corporation) c:\windows\system32\kadxmain.exe (Knowles Acoustics) * c:\program files\java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.) * c:\windows\system32\lsass.exe (Microsoft Corporation) * c:\windows\system32\igfxpers.exe (Intel Corporation) c:\program files\dell\quickset\quickset.exe (Dell Inc) * c:\documents and settings\douglas\desktop\runscanner.exe (Runscanner.net) * c:\windows\system32\services.exe (Microsoft Corporation) c:\windows\stsystra.exe (SigmaTel, Inc.) * c:\windows\system32\spoolsv.exe (Microsoft Corporation) * c:\program files\dell support center\bin\sprtcmd.exe (SupportSoft, Inc.) * c:\program files\webroot\spy sweeper\spysweeperui.exe (Webroot Software, Inc.) * c:\program files\webroot\spy sweeper\spysweeper.exe (Webroot Software, Inc. (www.webroot.com)) * c:\program files\webroot\spy sweeper\ssu.exe (Webroot Software, Inc. (www.webroot.com)) * c:\program files\dell support center\bin\sprtsvc.exe (SupportSoft, Inc.) * c:\program files\symantec antivirus\rtvscan.exe (Symantec Corporation) * c:\progra~1\symant~1\vptray.exe (Symantec Corporation) * c:\program files\synaptics\syntp\syntpenh.exe (Synaptics, Inc.) c:\program files\viewpoint\common\viewpointservice.exe (Viewpoint Corporation) * c:\program files\symantec antivirus\defwatch.exe (Symantec Corporation) c:\program files\winamp\winampa.exe * c:\windows\explorer.exe (Microsoft Corporation) * c:\windows\system32\winlogon.exe (Microsoft Corporation) * c:\windows\system32\smss.exe (Microsoft Corporation) * c:\windows\system32\wscntfy.exe (Microsoft Corporation) * c:\windows\system32\wdfmgr.exe (Microsoft Corporation) c:\windows\system32\wltrysvc.exe * c:\windows\system32\wbem\wmiprvse.exe (Microsoft Corporation) * c:\program files\yahoo!\messenger\ymsgr_tray.exe (Yahoo! Inc.) 002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- c:\windows\system32\wltray.exe (Dell Inc.) c:\program files\dell\quickset\quickset.exe (Dell Inc) * c:\program files\dell support center\bin\sprtcmd.exe (SupportSoft, Inc.) c:\program files\dell support center\gs_agent\custom\dsca.exe c:\windows\system32\kadxmain.exe (Knowles Acoustics) * c:\program files\dell\mediadirect\pcmservice.exe (CyberLink Corp.) c:\windows\stsystra.exe (SigmaTel, Inc.) * c:\program files\webroot\spy sweeper\spysweeperui.exe (Webroot Software, Inc.) c:\program files\toshiba\gigabeat room 2.0.2\tosgbwatcher.exe (TOSHIBA CORPORATION) c:\program files\winamp\winampa.exe 003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys) ----------------------------------------------------------------- * c:\program files\dellautomatedpctuneup\ptagnt.exe (Gteko Ltd.) * c:\program files\dell support center\bin\sprtcmd.exe (SupportSoft, Inc.) * c:\program files\yahoo!\messenger\yahoomessenger.exe (Yahoo! Inc.) 005 C:\Documents and Settings\All Users\Start Menu\Programs\Startup ------------------------------------------------------------------- * c:\progra~1\digita~1\dlg.exe (Avanquest Software) 010 HKLM\SYSTEM\CurrentControlSet\Services (Services) ----------------------------------------------------- * c:\program files\dell network assistant\hnm_svc.exe (Advanced Networking Service) C:\WINDOWS\microsoft.net\framework\v1.1.4322\aspnet_state.exe (ASP.NET State Service) C:\WINDOWS\system32\wltrysvc.exe (Dell Wireless WLAN Tray Service) * c:\program files\dellautomatedpctuneup\brkrsvc.exe (DellAMBrokerService) c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe (FLEXnet Licensing Service) * c:\program files\dell support center\bin\sprtsvc.exe (SupportSoft Sprocket Service (dellsupportcenter)) c:\program files\viewpoint\common\viewpointservice.exe (Viewpoint Manager Service) * c:\program files\webroot\spy sweeper\spysweeper.exe (Webroot Spy Sweeper Engine) 011 HKLM\SYSTEM\CurrentControlSet\Services (drivers) ---------------------------------------------------- c:\windows\system32\drivers\appdrv.sys (APPDRV) C:\WINDOWS\system32\drivers\packet.sys (Auto Internet Protocol) - d:\instal~e\core\bvrpmpr5.sys (BVRPMPR5 NDIS Protocol Driver) - c:\windows\system32\drivers\changer.sys (Changer) C:\WINDOWS\system32\drivers\dxec02.sys (DXEC02) - c:\windows\system32\drivers\lbrtfdc.sys (lbrtfdc) - c:\windows\system32\drivers\pcidump.sys (PCIDump) - c:\windows\system32\drivers\pdcomp.sys (PDCOMP) - c:\windows\system32\drivers\pdframe.sys (PDFRAME) - c:\windows\system32\drivers\pdreli.sys (PDRELI) - c:\windows\system32\drivers\pdrframe.sys (PDRFRAME) c:\program files\dellautomatedpctuneup\gtaction\triggers\ptproct.sys (PTproct) * C:\WINDOWS\system32\drivers\ssfs0bbc.sys (ssfs0bbc) * C:\WINDOWS\system32\drivers\sshrmd.sys (Sshrmd) * C:\WINDOWS\system32\drivers\ssidrv.sys (Ssidrv) C:\WINDOWS\system32\drivers\spssys.sys (Toshiba SPS Service) - c:\windows\system32\drivers\wdica.sys (WDICA) 030 HKLM\SOFTWARE\Classes\PROTOCOLS\Filter ------------------------------------------ c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} c:\windows\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D} 035 HKLM-HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components ------------------------------------------------------------------ c:\windows\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820} 050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ----------------------------------------------------------------------------- - c:\windows\system32\iifcyohx.dll {32D82963-445F-47FC-BAD8-3CADED3A6A3F} 052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects ---------------------------------------------------------------------------------- GUID / CLSID not found {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\windows\system32\byxqgfur.dll {1C4921DA-151D-4120-877F-113B51F2CE83} - c:\windows\system32\khfcsppi.dll {2CA3544A-29FB-4880-9B70-2333D7DC6A4D} - c:\windows\system32\mljaspff.dll {76756353-AD79-4E4F-9B00-BB0F705ADA5E} - c:\windows\system32\rqrhwunh.dll {6D94C1A7-E839-4150-AA7A-4D8F9D3D21AF} c:\windows\system32\vxweuftl.dll {5E64719F-B1E3-4E87-BF8D-A91CBA6BDA6e} 061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved --------------------------------------------------------------------------------- - deskpan.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} c:\windows\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43} c:\windows\system32\btncopy.dll (Broadcom Corporation.) {7842554E-6BED-11D2-8CDB-B05550C10000} c:\windows\system32\btneig~1.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb} * c:\progra~1\webroot\spyswe~1\ssctxmnu.dll (Webroot Software, Inc.) {7C9D5882-CB4A-4090-96C8-430BFE8B795B} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------------ c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} 067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify --------------------------------------------------------------------- - efccsqjg.dll - iifcyohx.dll - nnnkixom.dll 069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors -------------------------------------------------------- C:\WINDOWS\system32\bthcrp.dll (Broadcom Corporation.) 073 %windir%\Tasks ------------------ Pareto UNS.job : c:\program files\common files\paretologic\uus\uus.dll\pareto_update.exe wrSpySweeperFullSweep.job : c:\program files\webroot\spy sweeper\spysweeperui.exe (Webroot Software, Inc.) 100 Internet Explorer settings ------------------------------ Default_Page_URL HKCU : partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080316 Default_Page_URL HKLM : http://www.yahoo.com/ Default_Search_URL HKLM : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com Search Page HKLM : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com SearchUrl HKCU : http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com ShellNext HKCU : http://partnerpage.google.com/smallbiz.del...amp;ibd=5080316 Start Page HKCU : http://www.yahoo.com/ Start Page HKLM : http://www.yahoo.com/ 104 HKLM\Software\Microsoft\Code Store Database\Distribution Units ------------------------------------------------------------------ c:\program files\java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.) {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} 105 HKCU\Software\Microsoft\Internet Explorer\MenuExt ----------------------------------------------------- E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Send to &Bluetooth Device... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm 121 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs -------------------------------------------------------------------------- C:\WINDOWS\system32\bmurer.dll 166 HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run (+subkeys) ----------------------------------------------------------------------------------- C:\WINDOWS\system32\ftps.exe - gpedits.exe 170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ------------------------------------------------------------------------ {65b93d71-446a-11dd-8d59-001e4ce58ef4} : E:\LaunchU3.exe {b211e505-064c-11dd-8d21-001644af5a89} : E:\LaunchU3.exe -a E : E:\LaunchU3.exe 172 HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order --------------------------------------------------------------- C:\WINDOWS\system32\bcmlogon.dll (Dell Inc.) 173 HKCR\\shellex\ContextMenuHandlers -------------------------------------- c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 221 HKLM\Software\Classes\\ShellEx\ContextMenuHandlers ------------------------------------------------------- c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 223 HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers -------------------------------------------------------------------------- * c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\progra~1\webroot\spyswe~1\ssctxmnu.dll (Webroot Software, Inc.) {7C9D5882-CB4A-4090-96C8-430BFE8B795B} 225 HKCU\Software\Classes\Folder\ShellEx\ContextMenuHandlers ------------------------------------------------------------ * c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\program files\malwarebytes' anti-malware\mbamext.dll (Malwarebytes Corporation) {57CE581A-0CB6-4266-9CA0-19364C90A0B3} * c:\progra~1\webroot\spyswe~1\ssctxmnu.dll (Webroot Software, Inc.) {7C9D5882-CB4A-4090-96C8-430BFE8B795B} * c:\progra~1\webroot\spyswe~1\ssctxmnu.dll (Webroot Software, Inc.) {7C9D5882-CB4A-4090-96C8-430BFE8B795B} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 227 HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers --------------------------------------------------------------- c:\program files\winrar\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} 231 HKLM\Software\Classes\Folder\Shellex\ColumnHandlers ------------------------------------------------------- c:\program files\common files\adobe\acrobat\activex\pdfshell.dll (Adobe Systems, Inc.) PDF Column Info Thank you! Attached File(s) runscanner.run ( 98.07K ) Number of downloads: 8

Rorschach112 View Member Profile	Aug 17 2008, 07:40 AM Post #4
GeekU Teacher Posts: 20,009 From: Dublin OS: XP	Hello Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

dxmdtm View Member Profile	Aug 17 2008, 02:24 PM Post #5
Member Posts: 11 OS: Windows XP	Hello, and thank you. Malwarebytes' Anti-Malware 1.25 Database version: 1062 Windows 5.1.2600 Service Pack 2 3:17:18 PM 8/17/2008 mbam-log-08-17-2008 (15-17-18).txt Scan type: Quick Scan Objects scanned: 46765 Time elapsed: 5 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 6 Registry Keys Infected: 18 Registry Values Infected: 3 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 39 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\byXPGXRI.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\cwockyjw.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vhovdtfj.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bmurer.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\lthwqh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\nnnlllkJ.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b11ef99e-4101-4eaf-8991-925c48433ede} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b11ef99e-4101-4eaf-8991-925c48433ede} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e64719f-b1e3-4e87-bf8d-a91cba6bda6e} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5e64719f-b1e3-4e87-bf8d-a91cba6bda6e} (Trojan.BHO.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{050ae58c-bcfd-4585-a007-dcf2199b9058} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{426b9e3d-2402-4203-846c-ffd4b10fd02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ee766bd3-6431-42c6-bad5-93bc1ca6b4ff} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{71f634e2-acd4-42af-82bc-aa367e8f390c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dddd878f-152a-4d2c-bbf8-453303f11c70} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnlllkj (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1cda1164 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm1fe922f8 (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{dddd878f-152a-4d2c-bbf8-453303f11c70} (Trojan.Vundo) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxpgxri -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxpgxri -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\byXPGXRI.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\IRXGPXyb.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\IRXGPXyb.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cwockyjw.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\wjykcowc.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vxweuftl.dll (Trojan.BHO.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vhovdtfj.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bmurer.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\lthwqh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\jwnnvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\uuslonfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\piquoivr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tdifat.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\CA7QQPBN (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\CAENCTQN (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\64q33[1].dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\CAG1494R (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\CAM7GLA3 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\kb671231[2] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\CAURO5UF (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\CAJMIHVN (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\CASDSXCF (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CA2BO5EZ (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CA5WUTHN (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\kb456456[2] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\kb767887[3] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Douglas\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\CAVYYLJ3 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnlllkJ.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\iifcDWOH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM1fe922f8.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM1fe922f8.txt (Trojan.Vundo) -> Delete on reboot.

Rorschach112 View Member Profile	Aug 17 2008, 02:33 PM Post #6
GeekU Teacher Posts: 20,009 From: Dublin OS: XP	Hello Download the attachment at the end of this post (this will be your runscanner file fixed by me) Save it to your desktop then double click the runscanner icon this will run the program. You will notice several entries in red and in blue. Click the button at the top called Fix selected items Accept the warning(s) and repeat until they are all gone. Reboot your PC Please download Deckard's System Scanner (DSS) and save it to your Desktop. If the first link fails you can download it from here as well. Close all other windows before proceeding. Double-click on dss.exe and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious. When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

dxmdtm View Member Profile	Aug 18 2008, 01:38 PM Post #7
Member Posts: 11 OS: Windows XP	Hello, I ran the fix and rebooted, but as for the Deckard System Scanner, when I attempt to download it I get this message: Deckard's System Scanner interacts with a specific rootkit (tdssserv) in a way that may make your system unusable (altering the svchost netsvcs registry entry). This download link has been removed until a fix is released by Deckard. For your own protection, please do not attempt to download this tool from other sites. 08/17/2008 Your Geeks to Go admin team