Thread: POP-UP problems and some other IE problems
View Single Post
Old 05-07-2008, 07:34 AM   #1 (permalink)
DaBaZZ
Registered User
 
Join Date: May 2008
Posts: 10
OS: Windows XP Service Pack 2


POP-UP problems and some other IE problems
I've got some problems with Pop-ups. After using several spyware programm's I want to kill this spyware.
Spybot S&D said it is Virtumonde.dll
I removed these .dll's in save modus. But they are back again. So please help me.
My other problem is that when a click on a link in IE the link opens about hundred times.
Please help me with these two problems!

Deckard's System Scanner v20071014.68
Run by Bas Nijssen on 2008-05-07 16:21:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; De bewerking is voltooid.


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Bas Nijssen.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:23:52, on 7-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Bas Nijssen\Local Settings\Temporary Internet Files\Content.IE5\9SCEWGPF\dss[1].exe
E:\HIJACK~1\Bas Nijssen.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {07CE6734-B4AE-494D-B1B6-4E7DC05EB5C7} - (no file)
O2 - BHO: (no name) - {51E85E29-F64C-4C83-8725-13A732820719} - C:\WINDOWS\system32\fccdbXqo.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53FE12C2-4429-488F-847B-7B285F8F6778} - C:\WINDOWS\system32\nnnmmNgD.dll
O2 - BHO: (no name) - {66907894-F312-45B7-A9CB-C6D9C75008A2} - C:\WINDOWS\system32\geBqOIAQ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {D85F337C-4C9A-4305-B03F-86E2F06364C3} - C:\WINDOWS\system32\cbXRLdBU.dll (file missing)
O2 - BHO: {c29e0fe6-f24d-4f4a-efe4-5f0db4a982ed} - {de289a4b-d0f5-4efe-a4f4-d42f6ef0e92c} - C:\WINDOWS\system32\vadrxuuh.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Hitman Pro Expiration Helper] "C:\Program Files\Hitman Pro\xphelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM2b536e44] Rundll32.exe "C:\WINDOWS\system32\qlrubdrn.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1214440339-73586283-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1214440339-73586283-1801674531-1003\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: SpeedTouch 120g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mijnalbum.nl/skin/v2/syst...eUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O20 - Winlogon Notify: nnnmmNgD - C:\WINDOWS\SYSTEM32\nnnmmNgD.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\Remote Management System\RouterNT.exe

--
End of file - 8937 bytes

-- HijackThis Fixed Entries (E:\HIJACK~1\backups\) -----------------------------

backup-20080506-195840-266 O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
backup-20080506-195840-340 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
backup-20080506-195840-560 O4 - HKLM\..\Run: [BM2b536e44] Rundll32.exe "C:\WINDOWS\system32\mhkkbihd.dll",s
backup-20080506-195840-577 O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
backup-20080506-195840-776 O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
backup-20080506-195840-800 O4 - HKLM\..\Run: [28605dd8] rundll32.exe "C:\WINDOWS\system32\ttkcatro.dll",b
backup-20080506-195840-903 O4 - HKUS\S-1-5-21-1214440339-73586283-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
backup-20080506-200437-293 O4 - HKUS\S-1-5-18\..\Run: [] (User '?')
backup-20080506-200437-438 O4 - HKUS\S-1-5-21-1214440339-73586283-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
backup-20080506-200437-468 O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
backup-20080507-102821-306 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080507-102821-463 O4 - HKLM\..\Run: [28605dd8] rundll32.exe "C:\WINDOWS\system32\yesiyllj.dll",b
backup-20080507-102821-849 O4 - HKLM\..\Run: [BM2b536e44] Rundll32.exe "C:\WINDOWS\system32\lvwxsngg.dll",s

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 ADPTEHCD (%ADPT_USBEHCD.DeviceDesc%) - c:\windows\system32\drivers\asusehcd.sys <Not Verified; Asustek; >
2 AUSBD_FilterService (AUSBD Filter Service) - c:\windows\system32\drivers\asususbd.sys <Not Verified; Asustek; >
3 gUSBSTOi - c:\docume~1\basnij~1\locals~1\temp\gusbstoi.sys (file missing)
2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
1 oreans32 - c:\windows\system32\drivers\oreans32.sys
1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
0 VClone - system32\drivers\vclone.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe
2 SAVAdminService (Sophos Anti-Virus status reporter) - c:\program files\sophos\sophos anti-virus\savadminservice.exe
2 SAVService (Sophos Anti-Virus) - c:\program files\sophos\sophos anti-virus\savservice.exe
2 Sophos Agent - c:\program files\sophos\remote management system\managementagentnt.exe
2 Sophos AutoUpdate Service - c:\program files\sophos\autoupdate\alsvc.exe
2 Sophos Message Router - c:\program files\sophos\remote management system\routernt.exe
3 WLSetupSvc (Windows Live Setup Service) - c:\program files\windows live\installer\wlsetupsvc.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2007-10-29 18:29:37 434 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A34B8048-9E07-4682-AF30-A0487EB360EB}.job
2006-12-30 15:04:25 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 15:30:11 106560 --a------ C:\WINDOWS\system32\vadrxuuh.dll
2008-05-07 15:30:09 96832 --a------ C:\WINDOWS\system32\yttcavii.dll
2008-05-07 15:28:03 2112 --a------ C:\WINDOWS\system32\qxtxhecs.exe
2008-05-07 15:27:47 105024 --a------ C:\WINDOWS\system32\qlrubdrn.dll
2008-05-07 15:27:08 188994 --ahs---- C:\WINDOWS\system32\oqXbdccf.ini2
2008-05-07 15:27:03 280576 --a------ C:\WINDOWS\system32\fccdbXqo.dll
2008-05-07 13:35:09 181739 --ahs---- C:\WINDOWS\system32\QAIOqBeg.ini2
2008-05-07 10:03:09 2112 --a------ C:\WINDOWS\system32\elyanukf.exe
2008-05-07 09:59:26 0 d-------- C:\Documents and Settings\Bas Nijssen\.housecall6.6
2008-05-06 16:34:37 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-06 16:34:36 2547 --a------ C:\WINDOWS\unins000.dat
2008-05-06 15:42:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 15:41:50 0 d-------- C:\Program Files\SpywareBlaster
2008-05-06 15:39:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-05-05 09:41:57 1394 --ahs---- C:\WINDOWS\system32\UBdLRXbc.ini2
2008-05-05 09:36:42 0 d-------- C:\Documents and Settings\Bas Nijssen\Application Data\Thinstall
2008-05-05 09:36:39 38912 --a------ C:\WINDOWS\system32\nnnmmNgD.dll
2008-04-28 11:29:32 0 d-------- C:\temp
2008-04-28 11:26:43 45056 --a------ C:\WINDOWS\system32\Wnaspi32.dll <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-28 11:26:43 16877 --a------ C:\WINDOWS\system32\drivers\Aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>
2008-04-28 11:26:43 3535 --a------ C:\WINDOWS\system\Wowpost.exe
2008-04-28 11:26:43 4455 --a------ C:\WINDOWS\system\Winaspi.dll
2008-04-19 16:56:10 0 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-15 20:04:52 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-04-15 20:04:51 0 d-------- C:\Program Files\Encore 4.5.3
2008-04-15 20:04:47 0 d-------- C:\Program Files\Example Files
2008-04-14 14:32:43 0 d-------- C:\Program Files\Easy Icon Maker
2008-04-14 14:17:02 108544 --a------ C:\WINDOWS\IEcheck.exe
2008-04-09 16:24:45 0 d-------- C:\WINDOWS\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-05-07 16:00:10 0 d-------- C:\Program Files\Hitman Pro
2008-05-06 16:08:42 0 d-------- C:\Documents and Settings\Bas Nijssen\Application Data\Lavasoft
2008-05-06 15:42:18 0 d-------- C:\Program Files\Lavasoft
2008-05-05 09:42:49 0 d-------- C:\Documents and Settings\Bas Nijssen\Application Data\LimeWire
2008-04-16 14:57:27 0 d-------- C:\Documents and Settings\Bas Nijssen\Application Data\Help
2008-04-15 20:04:53 10457 --a------ C:\Program Files\uninstal.log
2008-03-22 16:37:05 0 d-------- C:\Program Files\MSN Messenger
2008-03-22 16:37:04 0 d-------- C:\Program Files\Messenger Plus! Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07CE6734-B4AE-494D-B1B6-4E7DC05EB5C7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51E85E29-F64C-4C83-8725-13A732820719}]
07-05-2008 15:27 280576 --a------ C:\WINDOWS\system32\fccdbXqo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53FE12C2-4429-488F-847B-7B285F8F6778}]
05-05-2008 09:36 38912 --a------ C:\WINDOWS\system32\nnnmmNgD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66907894-F312-45B7-A9CB-C6D9C75008A2}]
C:\WINDOWS\system32\geBqOIAQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85F337C-4C9A-4305-B03F-86E2F06364C3}]
C:\WINDOWS\system32\cbXRLdBU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de289a4b-d0f5-4efe-a4f4-d42f6ef0e92c}]
07-05-2008 15:30 106560 --a------ C:\WINDOWS\system32\vadrxuuh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [29-09-2004 08:15]
"PRISMSVR.EXE"="C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\PRISMSVR.exe" [26-04-2004 14:26]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29-06-2007 06:24]
"Hitman Pro Expiration Helper"="C:\Program Files\Hitman Pro\xphelper.exe" [30-05-2007 08:28]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [04-08-2004 02:03]
"BM2b536e44"="C:\WINDOWS\system32\qlrubdrn.dll" [07-05-2008 15:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 02:03]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28-01-2008 11:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
AutoUpdate Monitor.lnk - C:\Program Files\Sophos\AutoUpdate\ALMon.exe [22-2-2007 13:35:12]
SpeedTouch 120g Wireless USB Monitor.lnk - C:\Program Files\Thomson SpeedTouch\SpeedTouch 120g Wireless USB Monitor\st120g.exe [20-5-2004 17:11:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{53FE12C2-4429-488F-847B-7B285F8F6778}"= C:\WINDOWS\system32\nnnmmNgD.dll [05-05-2008 09:36 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmmNgD]
nnnmmNgD.dll 05-05-2008 09:36 38912 C:\WINDOWS\system32\nnnmmNgD.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\fccdbXqo

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28605dd8]
rundll32.exe "C:\WINDOWS\system32\yttcavii.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2b536e44]
Rundll32.exe "C:\WINDOWS\system32\qlrubdrn.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IECheck]
C:\WINDOWS\IECheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
"C:\Program Files\Microsoft IntelliType Pro\type32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"28605dd8"=rundll32.exe "C:\WINDOWS\system32\yttcavii.dll",b
"BM2b536e44"=Rundll32.exe "C:\WINDOWS\system32\qlrubdrn.dll",s




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8369 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-07 16:24:41 ------------
Attached Files
File Type: txt extra.txt (25.6 KB, 4 views)
DaBaZZ is offline