Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Some Sort Of Rootkit Gen. Rustock New Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Tony_S

Tony_S

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 25 May 2008 - 11:57 AM

I've picked up a very nasty malware, the first symptoms I've noticed are
1. giving me a "page fault in nonpaged area" stop blue screen whenever I try to boot windows normally. (0x00000050), effectively disabled normal booting for me.
2. Changed all google and other search engine results to the address at hxxp://58.65.234.196/go.pho?u=***************
3. Certain sites I just can't go to directly, IE returns with an server error under safe mode, firefox simply don't start at all.
4. my research indicate that it seems to reside in a file named clbdll.dll under system32 folder
5. Whenever the save as option is selected in
notepad, notepad just quits itself
6. scanned with http://virusscan.jotti.org/, came up with different names, common among them is Rootkit.Gen, Rustock.DNI etc.

Thank you so much for your help!

Deckard's System Scanner v20071014.68

Run by Administrator on 2008-05-25 12:23:43

Computer is in Safe Mode.

--------------------------------------------------------------------------------







-- HijackThis (run as Administrator.exe) ---------------------------------------



Unable to find log (file not found); running clone.

-- HijackThis Clone ------------------------------------------------------------





Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-05-25 12:23:48

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16574)

Boot mode: Safe mode



Running processes:

L:\WINDOWS\system32\smss.exe

L:\WINDOWS\system32\winlogon.exe

L:\WINDOWS\system32\services.exe

L:\WINDOWS\system32\lsass.exe

L:\WINDOWS\system32\svchost.exe

L:\WINDOWS\system32\svchost.exe

L:\WINDOWS\explorer.exe

L:\WINDOWS\system32\ctfmon.exe

D:\mal\dss.exe

L:\WINDOWS\system32\conime.exe



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\p\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - L:\p\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {53E91E47-C649-4811-9BEA-A337736904F5} - L:\WINDOWS\system32\tuvUlMFV.dll (file missing)

O2 - BHO: (no name) - {61A1C2F2-E1A9-4871-B4E2-493A90705E12} - L:\WINDOWS\system32\kbduzb32.dll

O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - L:\WINDOWS\system32\byXPGvuu.dll

O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - L:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - L:\p\FlashGet\getflash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\p\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: øÏ≥µ(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - L:\p\FlashGet\fgiebar.dll (file missing)

O4 - HKLM\..\Run: [IMJPMIG8.1] "L:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] L:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] L:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [amd_dc_opt] L:\P\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [QuickTime Task] "L:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "L:\P\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [StormCodec_Helper] "L:\p\Storm Codec\StormSet.exe" /S /opti

O4 - HKLM\..\Run: [IMSCMIG40W] L:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log

O4 - HKLM\..\Run: [ccApp] "L:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [osCheck] "L:\p\Norton\osCheck.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE L:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE L:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [BM5fd38cdc] Rundll32.exe "L:\WINDOWS\system32\tleqifrd.dll",s

O4 - HKLM\..\Run: [04856f1a] rundll32.exe "L:\WINDOWS\system32\qfneucsj.dll",b

O4 - HKLM\..\Run: [SDFix] L:\SDFix\RunThis.bat /second

O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "L:\P\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [SpybotDeletingA1774] command /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

O4 - HKLM\..\RunOnce: [SpybotDeletingC5020] cmd /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

O4 - HKLM\..\RunOnce: [SDFix] L:\SDFix\RunThis.bat /second

O4 - HKCU\..\Run: [ctfmon.exe] L:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] L:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe

O4 - HKCU\..\RunOnce: [SpybotDeletingB3549] command /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

O4 - HKCU\..\RunOnce: [SpybotDeletingD4810] cmd /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] L:\WINDOWS\system32\ctfmon.exe (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - L:\p\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - L:\p\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://L:\p\BitComet100\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: øÏ≥µ - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - L:\p\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: øÏ≥µ(FlashGet) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - L:\p\FlashGet\flashget.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\p\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - L:\p\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - L:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - L:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - L:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - L:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - L:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - L:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: AtiExtEvent - L:\WINDOWS\system32\

O20 - Winlogon Notify: byXPGvuu - L:\WINDOWS\system32\byXPGvuu.dll

O23 - Service: Adobe LM Service - Adobe Systems - L:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - L:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - L:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Contrl Center of Storm Media (ccosm) - ±±æ©±©∑ÁÕ¯º ø∆ºº”–œfiπ´Àæ - L:\p\StormII\stormliv.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - L:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - L:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - L:\p\Norton\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - L:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - L:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - L:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - L:\p\Sandra\Win32\RpcDataSrv.exe

O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - L:\p\Sandra\RpcSandraSrv.exe

O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - L:\WINDOWS\system32\sfrem02.exe

O23 - Service: Symantec Core LC - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - L:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



--

End of file - 9340 bytes



-- Files created between 2008-04-25 and 2008-05-25 -----------------------------



2008-05-24 19:46:24 0 d-------- L:\WINDOWS\ERUNT

2008-05-24 16:19:24 136192 --a------ L:\WINDOWS\system32\fnlncjpq.dll

2008-05-24 16:16:28 2560 --a------ L:\WINDOWS\system32\iiwphnrx.exe

2008-05-24 16:13:32 115200 --a------ L:\WINDOWS\system32\qfneucsj.dll

2008-05-24 16:13:24 126464 --a------ L:\WINDOWS\system32\tleqifrd.dll

2008-05-24 15:40:14 0 d-------- L:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-24 05:53:11 0 d--hs---- L:\System Volume Information

2008-05-24 04:11:05 894648 --ahs---- L:\WINDOWS\system32\VFMlUvut.ini2

2008-05-24 03:56:49 59392 --a------ L:\WINDOWS\system32\pmnnOFvS.dll

2008-05-24 03:55:24 7168 --a------ L:\WINDOWS\system32\beep.sys

2008-05-24 03:55:18 93696 --a------ L:\WINDOWS\system32\ntpl.bin

2008-05-24 03:55:16 69042 --a------ L:\WINDOWS\system32\sywtdxaz.sys

2008-05-24 03:55:09 59392 --a------ L:\WINDOWS\system32\byXPGvuu.dll

2008-05-24 03:30:59 0 d-------- L:\3gptemp

2008-05-24 03:28:12 0 d-------- L:\Program Files\MIKSOFT

2008-05-10 18:19:53 57344 --a------ L:\WINDOWS\system32\sticversion.exe <Not Verified; SoftTech InterCorp; pRegFix>

2008-05-10 18:19:53 561152 --a------ L:\WINDOWS\system32\AltST.dll <Not Verified; SoftTech InterCorp; AltST>

2008-05-10 18:19:53 0 d-------- L:\Program Files\Common Files\SoftTech InterCorp

2008-05-10 02:58:23 3543 --a------ L:\WINDOWS\system32\drivers\XSpaceWg.sys <Not Verified; SPACE INT'L, Inc.; CDSpace>

2008-05-10 02:58:23 11120 --a------ L:\WINDOWS\system32\drivers\TwoRabts.sys <Not Verified; Two Rabbits, Inc.; Two Rabbits live bus>

2008-05-10 02:58:23 22570 --a------ L:\WINDOWS\system32\drivers\CDSPACEX.sys <Not Verified; SPACE INT'L, Inc.; CDSpace5>

2008-05-10 02:58:23 22048 --a------ L:\WINDOWS\system32\cocpyinf.dll <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

2008-05-06 21:19:44 0 d-------- L:\WINDOWS\Downloaded Installations

2008-05-05 13:56:25 0 d-------- L:\Documents and Settings\Roi\Application Data\HP

2008-05-05 13:55:03 0 d-------- L:\Program Files\Hewlett-Packard

2008-05-05 13:40:53 11634 --a------ L:\WINDOWS\hpomdl11.dat

2008-05-01 19:51:05 0 d-------- L:\WINDOWS\Ω¿∞ƒ “∆≠∞

2008-05-01 17:09:58 0 d-------- L:\WINDOWS\nview

2008-04-30 03:41:00 2368 --a------ L:\WINDOWS\system32\STEC3.sys <Not Verified; AntiCracking; SVKP driver for NT>



-- Find3M Report ---------------------------------------------------------------



2008-05-24 03:55:21 577536 --a------ L:\WINDOWS\system32\user32.DLL <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>

2008-05-21 13:34:41 0 d-------- L:\Program Files\Common Files\Symantec Shared

2008-05-18 21:22:04 43520 --a------ L:\WINDOWS\system32\CmdLineExt03.dll

2008-05-15 02:04:17 0 d--h----- L:\Program Files\InstallShield Installation Information

2008-05-10 18:19:53 0 d-------- L:\Program Files\Common Files

2008-05-07 16:03:59 98304 --a------ L:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

2008-05-05 13:56:03 116976 --a------ L:\WINDOWS\hpoins11.dat

2008-04-01 20:20:08 2560 --a------ L:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>

2008-03-29 18:09:46 409600 --a------ L:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>

2008-03-29 18:09:46 114688 --a------ L:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>

2008-03-29 18:09:46 0 d-------- L:\Program Files\OpenAL

2008-03-10 11:55:54 14848 --a------ L:\WINDOWS\system32\kbduzb32.dll



-- Registry Dump ---------------------------------------------------------------



*Note* empty entries & legit default entries are not shown





[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24F06550-65E3-4D1C-8CFE-839C296B5530}]

06/28/2007 05:25 PM 57344 --a------ C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53E91E47-C649-4811-9BEA-A337736904F5}]

L:\WINDOWS\system32\tuvUlMFV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61A1C2F2-E1A9-4871-B4E2-493A90705E12}]

03/10/2008 11:55 AM 14848 --a------ L:\WINDOWS\system32\kbduzb32.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{663656DF-6BAE-460C-A612-8133DF519346}]

05/24/2008 03:55 AM 59392 --a------ L:\WINDOWS\system32\byXPGvuu.dll



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A19C29D-ED45-4483-8999-9F939C8161F2}]

02/22/2008 05:57 PM 58960 --a------ C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="L:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 08:00 AM]

"PHIME2002ASync"="L:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]

"PHIME2002A"="L:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 08:00 AM]

"RTHDCPL"="RTHDCPL.EXE" [08/10/2007 03:21 AM L:\WINDOWS\RTHDCPL.exe]

"amd_dc_opt"="L:\P\Dual-Core Optimizer\amd_dc_opt.exe" [07/23/2007 12:06 PM]

"QuickTime Task"="L:\Program Files\QuickTime\QTTask.exe" [11/15/2007 12:43 AM]

"Acrobat Assistant 7.0"="L:\P\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [12/14/2004 03:12 AM]

"StormCodec_Helper"="L:\p\Storm Codec\StormSet.exe" [11/26/2006 02:30 PM]

"IMSCMIG40W"="L:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.exe" [03/20/2006 05:10 PM]

"ccApp"="L:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/23/2008 10:02 PM]

"osCheck"="L:\p\Norton\osCheck.exe" [01/23/2008 09:07 PM]

"NvCplDaemon"="L:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]

"nwiz"="nwiz.exe" [12/05/2007 01:41 AM L:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="L:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

"KernelFaultCheck"="L:\WINDOWS\system32\dumprep 0 -k" []

"BM5fd38cdc"="L:\WINDOWS\system32\tleqifrd.dll" [05/24/2008 04:13 PM]

"04856f1a"="L:\WINDOWS\system32\qfneucsj.dll" [05/24/2008 04:13 PM]

"SDFix"="L:\SDFix\RunThis.bat /second" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="L:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

"FlashPlayerUpdate"=L:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe

"SpybotDeletingB3549"=command /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

"SpybotDeletingD4810"=cmd /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

"Spybot - Search & Destroy"="L:\P\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

"SpybotDeletingA1774"=command /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

"SpybotDeletingC5020"=cmd /c del "L:\WINDOWS\system32\tuvUlMFV.dll_old"

"SDFix"=L:\SDFix\RunThis.bat /second

L:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - L:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [11/25/2007 1:55:20 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{663656DF-6BAE-460C-A612-8133DF519346}"= L:\WINDOWS\system32\byXPGvuu.dll [05/24/2008 03:55 AM 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPGvuu]

byXPGvuu.dll 05/24/2008 03:55 AM 59392 L:\WINDOWS\system32\byXPGvuu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 L:\WINDOWS\system32\tuvUlMFV

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\L:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]

path=L:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

backup=L:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\L:^Documents and Settings^All Users^Start Menu^Programs^Startup^Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk]

path=L:\Documents and Settings\All Users\Start Menu\Programs\Startup\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk

backup=L:\WINDOWS\pss\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\L:^Documents and Settings^All Users^Start Menu^Programs^Startup^Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk]

path=L:\Documents and Settings\All Users\Start Menu\Programs\Startup\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk

backup=L:\WINDOWS\pss\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\L:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk]

path=L:\Documents and Settings\All Users\Start Menu\Programs\Startup\LCDPlayer.lnk

backup=L:\WINDOWS\pss\LCDPlayer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\L:^Documents and Settings^All Users^Start Menu^Programs^Startup^Uninstall Call of Duty® 4 - Modern Warfare™.lnk]

path=L:\Documents and Settings\All Users\Start Menu\Programs\Startup\Uninstall Call of Duty® 4 - Modern Warfare™.lnk

backup=L:\WINDOWS\pss\Uninstall Call of Duty® 4 - Modern Warfare™.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04856f1a]

rundll32.exe "L:\WINDOWS\system32\ukwsqnsm.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

L:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

L:\P\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"L:\P\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]

L:\Program Files\MSI\Live Update 3\LMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"L:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"L:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

L:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

L:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"usnjsvc"=3 (0x3)

"sfrem02"=2 (0x2)

"Pml Driver HPZ12"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"MSConfig"=L:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

AutoRun\command- M:\autorun.exe

-- End of Deckard's System Scanner: finished at 2008-05-25 12:24:47 ------------

Deactivate link. ~ OB

Edited by Orange Blossom, 11 February 2013 - 03:18 AM.


BC AdBot (Login to Remove)

 


#2 Tony_S

Tony_S
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 25 May 2008 - 04:39 PM

I fixed the problem by myself. Please close this topic.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:37 PM

Posted 25 May 2008 - 08:14 PM

Hello Tony_S,

I'm glad your problem has been resolved. Thank you for letting us know. As you have requested, this topic is now closed. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users