Tech Support Forum banner
Cancel

Unknown rundll32

Jump to Latest Follow
Status
Not open for further replies.
1 - 6 of 6 Posts
D

· Registered
Joined
·
8 Posts
Discussion Starter · #1 · (Edited)
I found in task list, procces one program named rundll32.exe
in system32 folder i found six random named dll programs
also in IEXPLORE i found by "invoegtoepassingen beheren"(dutch)
gpdrggqw.ddl
jkklARjH.dll
opnmMdAR.dll

i think you can help me with this log from hijackthis

sorry for my bad english

i'm ready to give all the information



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:16:42, on 24-6-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.cadioproducts.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: {1d409700-1005-6d38-1264-1eae340df976} - {679fd043-eae1-4621-83d6-5001007904d1} - C:\WINDOWS\system32\gpdrggqw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8710FC9F-0816-49D7-AE14-4BA5269E838C} - C:\WINDOWS\system32\jkkIARjH.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {CF57EC47-C7E6-4E0D-A0A5-2F12B4C19C7B} - C:\WINDOWS\system32\opnmMdAR.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [605c1a6d] rundll32.exe "C:\WINDOWS\system32\yyrcflct.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199719328564
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://193.172.162.99:8080/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.61.30.131:3000/activex/AMC.cab
O20 - Winlogon Notify: jkkIARjH - C:\WINDOWS\SYSTEM32\jkkIARjH.dll
O20 - Winlogon Notify: vtUooNEW - vtUooNEW.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FolderProtectService - Unknown owner - D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7520 bytes
 
D

· Registered
Joined
·
8 Posts
Discussion Starter · #2 · (Edited by Moderator)
:sigh:I have got today some new malware:upset: (i think)

i have already hijackedthis this again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05:57, on 25-6-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\WindowsFlip\WinFlip.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Opera\opera.exe

+2 rundll.exe that i have closed

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.cadioproducts.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8710FC9F-0816-49D7-AE14-4BA5269E838C} - C:\WINDOWS\system32\jkkIARjH.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9922DDC7-62ED-4E5C-8DFD-DF5BABCCDDCA} - C:\WINDOWS\system32\opnmMdAR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BM636f29f1] Rundll32.exe "C:\WINDOWS\system32\fglkqsnq.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [WinFlip.exe] "C:\Program Files\WindowsFlip\WinFlip.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199719328564
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://193.172.162.99:8080/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.61.30.131:3000/activex/AMC.cab
O20 - Winlogon Notify: jkkIARjH - C:\WINDOWS\SYSTEM32\jkkIARjH.dll
O20 - Winlogon Notify: vtUooNEW - vtUooNEW.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FolderProtectService - Unknown owner - D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7550 bytes

i also have added a screenshot of system32


Moderators Message

Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. If no one has replied to your thread within 72hrs after you posted, please reply in your thread with the words BUMP, please to move it forward.

DO NOT Bump the thread unless 72 hours has passed. We work from oldest to newest posts so your wait will be longer if you bump it forward before the 72 hours is up. We look for 0 reply, or 1 reply threads to respond to.

Early bump posts will be deleted.
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#4 ·
Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Having problems with spyware and pop-ups? First Steps
Click to expand...
link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
 
D

· Registered
Joined
·
8 Posts
Discussion Starter · #5 ·
Step 1:
Messenger plus! installed

Step 2:
about 200.000 files scanned but not found the dll's in system32

Step 3:
SpywareBlaster 4.1 installed
all protection enabled
all updates downloaded

ZonedOut installed
ie-ads.txt imported

Step 4:
My windows version is illegal :1angel:
i cannot update it :sigh:

Step 5:
Done!

Attach Files:
ActiveScan.txt (33.0 KB)
extra.txt (19.1 KB)


MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Adriaan on 2008-06-27 15:30:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 0.68 GiB (less than 15%) free.


-- HijackThis (run as Adriaan.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-27 15:33:04
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe
D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Adriaan\Bureaublad\dss.exe
C:\Program Files\Trend Micro\HijackThis\Adriaan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.cadioproducts.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3C0B1521-BAF6-43BF-8C8C-DC005639BEF2} - C:\WINDOWS\system32\khfGwXnL.dll
O2 - BHO: (no name) - {8710FC9F-0816-49D7-AE14-4BA5269E838C} - C:\WINDOWS\system32\jkkIARjH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BM636f29f1] Rundll32.exe "C:\WINDOWS\system32\hkmxyjuc.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpyEraser] "D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [WinFlip.exe] "C:\Program Files\WindowsFlip\WinFlip.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Sitecom USB Wireless LAN Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MsMsgs.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MsMsgs.EXE
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199719328564
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} (AudioHandlerEmbedded) - http://193.172.162.99:8080/activex/AMC.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.61.30.131:3000/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: jkkIARjH - C:\WINDOWS\system32\jkkIARjH.dll
O20 - Winlogon Notify: vtUooNEW - C:\WINDOWS\system32\vtUooNEW.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FolderProtectService - Unknown owner - D:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - C:\WINDOWS\system32\slserv.exe


--
End of file - 8037 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-27 13:49:13 89600 --a------ C:\WINDOWS\system32\hkmxyjuc.dll
2008-06-26 13:45:51 80896 --a------ C:\WINDOWS\system32\xxvcrokl.dll
2008-06-26 13:43:38 91648 --a------ C:\WINDOWS\system32\srmfruot.dll
2008-06-26 13:42:50 447249 --ahs---- C:\WINDOWS\system32\LnXwGfhk.ini2
2008-06-26 13:42:44 322048 -----n--- C:\WINDOWS\system32\khfGwXnL.dll
2008-06-25 16:39:50 0 d-------- C:\Program Files\Panda Security
2008-06-25 15:59:40 81920 --a------ C:\WINDOWS\system32\bboguyrw.dll
2008-06-25 15:58:59 106496 --a------ C:\WINDOWS\system32\cnlbitcg.dll
2008-06-25 15:56:43 91136 --a------ C:\WINDOWS\system32\lshodbcy.dll
2008-06-25 15:55:58 430711 --ahs---- C:\WINDOWS\system32\XFOVCcdd.ini2
2008-06-25 15:55:52 323072 --a------ C:\WINDOWS\system32\ddcCVOFX.dll
2008-06-25 14:43:34 81920 --a------ C:\WINDOWS\system32\xgrlemde.dll
2008-06-25 14:41:05 91136 --a------ C:\WINDOWS\system32\wwtfatek.dll
2008-06-25 14:40:23 430647 --ahs---- C:\WINDOWS\system32\TAdKQXyb.ini2
2008-06-25 14:40:17 323072 --a------ C:\WINDOWS\system32\byXQKdAT.dll
2008-06-25 11:07:35 81920 --a------ C:\WINDOWS\system32\rnyleqbo.dll
2008-06-25 11:05:19 91136 --a------ C:\WINDOWS\system32\fglkqsnq.dll
2008-06-24 20:43:46 0 d-------- C:\Program Files\WindowsFlip
2008-06-23 21:40:15 105984 --a------ C:\WINDOWS\system32\gpdrggqw.dll
2008-06-23 21:37:14 444139 --ahs---- C:\WINDOWS\system32\RAdMmnpo.ini2
2008-06-23 21:37:09 321536 --a------ C:\WINDOWS\system32\opnmMdAR.dll
2008-06-23 21:32:39 24576 --a------ C:\WINDOWS\system32\rqRHaBSm.dll
2008-06-23 21:32:05 24576 --a------ C:\WINDOWS\system32\jkkIARjH.dll
2008-06-23 18:01:10 0 d-------- C:\Program Files\Pax Galaxia
2008-06-23 15:23:15 0 d-------- C:\Documents and Settings\Zena\Application Data\Opera
2008-06-22 14:01:36 0 d-------- C:\Program Files\Opera
2008-06-22 13:33:39 0 d-------- C:\Documents and Settings\Zena\Application Data\Uniblue
2008-06-21 17:45:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-06-21 17:43:27 0 d-------- C:\Documents and Settings\Adriaan\Application Data\GameHouse
2008-06-21 17:32:59 21818 --a------ C:\WINDOWS\system32\msupdte.exe
2008-06-20 17:14:06 0 d-------- C:\Documents and Settings\Zena\Application Data\Sun
2008-06-20 15:39:36 0 d-------- C:\Documents and Settings\Zena\Application Data\WinCare2008
2008-06-10 16:40:07 0 d-------- C:\Documents and Settings\Eliza\Application Data\WinCare2008
2008-06-09 19:56:03 536048 --a------ C:\WINDOWS\system\OC25.DLL <Not Verified; Microsoft Corporation; Microsoft® OLE Controls Development Kit>
2008-06-09 19:52:38 935632 --a------ C:\WINDOWS\system\VB40016.DLL <Not Verified; Microsoft Corporation; Visual Basic 4.0>
2008-06-05 13:13:17 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-03 14:47:43 0 dr-h----- C:\Documents and Settings\Adriaan\Onlangs geopend
2008-06-02 20:32:24 0 d-------- C:\WINDOWS\CSC
2008-05-31 20:23:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinCare2008
2008-05-31 19:51:37 376803 --ahs---- C:\WINDOWS\system32\GffMnUvw.ini2
2008-05-31 18:55:44 0 d-------- C:\Documents and Settings\Adriaan\Application Data\Help
2008-05-31 18:47:49 0 d-------- C:\WINDOWS\Uninstal
2008-05-31 18:47:23 283648 --a------ C:\WINDOWS\unin0413.exe
2008-05-31 16:41:30 0 d-------- C:\Documents and Settings\Adriaan\Application Data\WinCare2008
2008-05-31 16:24:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-05-31 13:41:32 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-31 12:12:40 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-31 12:12:14 0 d-------- C:\Documents and Settings\Adriaan\Application Data\Mozilla
2008-05-30 19:17:58 0 d-------- C:\Documents and Settings\Adriaan\Application Data\Uniblue


-- Find3M Report ---------------------------------------------------------------

2008-06-23 21:31:30 0 d-------- C:\Documents and Settings\Adriaan\Application Data\BitTorrent
2008-06-05 21:10:15 0 d-------- C:\Program Files\Messenger
2008-06-03 14:44:57 0 d-------- C:\Program Files\QuickTime
2008-05-31 19:11:55 0 d-------- C:\Documents and Settings\Adriaan\Application Data\DNA
2008-05-31 17:52:38 0 d-------- C:\Program Files\Winamp
2008-05-31 12:24:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-17 20:41:49 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-28 19:39:34 0 d-------- C:\Program Files\Common Files
2008-04-28 19:39:34 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-04-28 19:18:20 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-04-28 16:44:22 0 d-------- C:\Documents and Settings\Adriaan\Application Data\Apple Computer
2008-04-28 10:22:13 0 d-------- C:\Program Files\McAfee
2008-04-01 14:30:31 435806 --a------ C:\WINDOWS\system32\perfh013.dat
2008-04-01 14:30:31 66862 --a------ C:\WINDOWS\system32\perfc013.dat
2008-03-29 01:47:20 175876 --ahs--c- C:\WINDOWS\system32\wyyxx.ini2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3C0B1521-BAF6-43BF-8C8C-DC005639BEF2}]
26-06-2008 13:42 322048 --------- C:\WINDOWS\system32\khfGwXnL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8710FC9F-0816-49D7-AE14-4BA5269E838C}]
25-06-2008 14:44 24576 --a------ C:\WINDOWS\system32\jkkIARjH.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22-02-2008 05:25]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03-08-2007 23:33]
"Logitech Utility"="Logi_MwX.Exe" [17-12-2003 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"BM636f29f1"="C:\WINDOWS\system32\hkmxyjuc.dll" [27-06-2008 13:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18-10-2007 12:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04-08-2004 03:03]
"Uniblue SpyEraser"="D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [02-04-2008 09:50]
"WinFlip.exe"="C:\Program Files\WindowsFlip\WinFlip.exe" [21-05-2008 17:22]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Sitecom USB Wireless LAN Utility.lnk - C:\Program Files\Sitecom Europe BV\Sitecom WL-113 Utility\SiteComUSB.exe [15-10-2007 16:33:44]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8710FC9F-0816-49D7-AE14-4BA5269E838C}"= C:\WINDOWS\system32\jkkIARjH.dll [25-06-2008 14:44 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkIARjH]
jkkIARjH.dll 25-06-2008 14:44 24576 C:\WINDOWS\system32\jkkIARjH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtUooNEW]
vtUooNEW.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\khfGwXnL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d4e78-e60f-11dc-a4c2-000cf6194930}]
AutoRun\command- I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{368d4e79-e60f-11dc-a4c2-000cf6194930}]
AutoRun\command- J:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37811ccd-de3a-11dc-a4b7-000cf6194930}]
AutoRun\command- H:\autorun.exe




-- End of Deckard's System Scanner: finished at 2008-06-27 15:37:56 ------------
 

Attachments

1 - 6 of 6 Posts
Status
Not open for further replies.
About this Discussion
5 Replies
2 Participants
Last post:
tetonbob
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top