Got you a fresh one

Status
Not open for further replies.
Trotter

Trotter

Grandfather of Techist, ¯\_(ツ)_/¯
Staff member
Messages
33,561
Location
The South
Logfile of HijackThis v1.99.1
Scan saved at 2:09:32 PM, on 10/18/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\oodag.exe
E:\Program Files\ATITool\ATITool.exe
C:\Program Files\Folding@home\Folding@home-gpu\Folding@home.exe
C:\Documents and Settings\Trotter\Application Data\Folding@home-gpu\FahCore_11.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1223780688031
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200753863611
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218576641624
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1723FEB-A30B-4892-A6AB-A36D2FDF159F}: NameServer = 208.67.22.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Something is screwing my ping up royally. I can ping my router fine from the other two computers on the network, but this one runs all over the place as far as times go. I had to <1ms and 1ms earlier, but that stopped in the middle of playing BF2.

I had mccicmservice.eve running before (WTF?) as well as a service, but I nixed them. Spybot came up clean.

Any ideas?
 
The entry below

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)


Should not be missing, is it really not there or maybe Hijackthis is reporting it wrong..

Otherwise the logs looks fine:cool:
 
OK. Thanks. At least that part I don't have to worry about.
 
OK, I've got Virtumonde stuff being spotted by my AV and winlogon.exe is eating up my CPU cycles for some reason.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:40 PM, on 10/19/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O4 - HKLM\..\Run: [3423609b] rundll32.exe "C:\WINDOWS\system32\gaxvokjq.dll",b
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1223780688031
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200753863611
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218576641624
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1723FEB-A30B-4892-A6AB-A36D2FDF159F}: NameServer = 208.67.22.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll zhdnup.dll gapgmo.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
 
Delete this entry

O4 - HKLM\..\Run: [3423609b] rundll32.exe "C:\WINDOWS\system32\gaxvokjq.dll",b


Did you run virtumondobegone yet?
 
I just ran it, as well as deleting the entry you pointed out.

Logfile of HijackThis v1.99.1
Scan saved at 5:52:20 AM, on 10/20/2008
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Free Desktop Clock\DesktopClock.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 1\firefox.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Free Desktop Clock\DesktopClock.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_6-1-2.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1223780688031
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1200753863611
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1218576641624
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1723FEB-A30B-4892-A6AB-A36D2FDF159F}: NameServer = 208.67.22.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: wbsys.dll zhdnup.dll gapgmo.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe



[10/20/2008, 5:39:16] - VirtumundoBeGone v1.5 ( "E:\Downloads\VirtumundoBeGone.exe" )
[10/20/2008, 5:40:51] - Detected System Information:
[10/20/2008, 5:40:51] - Windows Version: 5.1.2600, Service Pack 3, v.3311
[10/20/2008, 5:40:51] - Current Username: Trotter (Admin)
[10/20/2008, 5:40:51] - Windows is in NORMAL mode.
[10/20/2008, 5:40:51] - Searching for Browser Helper Objects:
[10/20/2008, 5:40:51] - BHO 1: {068C168D-6A56-46D7-AE80-7B60C0936757} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\pmnlmkkH
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\pmnlmkkH, continuing.
[10/20/2008, 5:40:51] - BHO 2: {0BEA69F6-162C-4AE4-AF03-7AB92735DAEE} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\pmnnNGxX
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\pmnnNGxX, continuing.
[10/20/2008, 5:40:51] - BHO 3: {0e563b74-9efc-4dae-a375-a2af5678522f} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\gapgmo
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\gapgmo, continuing.
[10/20/2008, 5:40:51] - BHO 4: {30AB06AE-CF78-41D1-97AE-E8CE1964AAE2} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\ljJYPfgd
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\ljJYPfgd, continuing.
[10/20/2008, 5:40:51] - BHO 5: {420959A7-1B3F-49EE-848E-6DE631A39223} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\mlJYsqNe
[10/20/2008, 5:40:51] - Found: HKLM\...\Winlogon\Notify\mlJYsqNe - This is probably Virtumundo.
[10/20/2008, 5:40:51] - Assigning {420959A7-1B3F-49EE-848E-6DE631A39223} MSEvents Object
[10/20/2008, 5:40:51] - BHO list has been changed! Starting over...
[10/20/2008, 5:40:51] - BHO 1: {068C168D-6A56-46D7-AE80-7B60C0936757} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\pmnlmkkH
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\pmnlmkkH, continuing.
[10/20/2008, 5:40:51] - BHO 2: {0BEA69F6-162C-4AE4-AF03-7AB92735DAEE} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\pmnnNGxX
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\pmnnNGxX, continuing.
[10/20/2008, 5:40:51] - BHO 3: {0e563b74-9efc-4dae-a375-a2af5678522f} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\gapgmo
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\gapgmo, continuing.
[10/20/2008, 5:40:51] - BHO 4: {30AB06AE-CF78-41D1-97AE-E8CE1964AAE2} ()
[10/20/2008, 5:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:51] - Checking for HKLM\...\Winlogon\Notify\ljJYPfgd
[10/20/2008, 5:40:51] - Key not found: HKLM\...\Winlogon\Notify\ljJYPfgd, continuing.
[10/20/2008, 5:40:51] - BHO 5: {420959A7-1B3F-49EE-848E-6DE631A39223} (MSEvents Object)
[10/20/2008, 5:40:51] - ALERT: Found MSEvents Object!
[10/20/2008, 5:40:51] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/20/2008, 5:40:51] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/20/2008, 5:40:51] - Finished Searching Browser Helper Objects
[10/20/2008, 5:40:51] - *** Detected MSEvents Object
[10/20/2008, 5:40:51] - Trying to remove MSEvents Object...
[10/20/2008, 5:40:52] - Terminating Process: IEXPLORE.EXE
[10/20/2008, 5:40:53] - Terminating Process: RUNDLL32.EXE
[10/20/2008, 5:40:53] - Disabling Automatic Shell Restart
[10/20/2008, 5:40:53] - Terminating Process: EXPLORER.EXE
[10/20/2008, 5:40:53] - Suspending the NT Session Manager System Service
[10/20/2008, 5:40:53] - Terminating Windows NT Logon/Logoff Manager
[10/20/2008, 5:40:54] - Re-enabling Automatic Shell Restart
[10/20/2008, 5:40:54] - File to disable: C:\WINDOWS\system32\mlJYsqNe.dll
[10/20/2008, 5:40:54] - Renaming C:\WINDOWS\system32\mlJYsqNe.dll -> C:\WINDOWS\system32\mlJYsqNe.dll.vir
[10/20/2008, 5:40:55] - File successfully renamed!
[10/20/2008, 5:40:55] - Removing HKLM\...\Browser Helper Objects\{420959A7-1B3F-49EE-848E-6DE631A39223}
[10/20/2008, 5:40:55] - Removing HKCR\CLSID\{420959A7-1B3F-49EE-848E-6DE631A39223}
[10/20/2008, 5:40:55] - Adding Kill Bit for ActiveX for GUID: {420959A7-1B3F-49EE-848E-6DE631A39223}
[10/20/2008, 5:40:55] - Deleting ATLEvents/MSEvents Registry entries
[10/20/2008, 5:40:55] - Removing HKLM\...\Winlogon\Notify\mlJYsqNe
[10/20/2008, 5:40:55] - Searching for Browser Helper Objects:
[10/20/2008, 5:40:55] - BHO 1: {068C168D-6A56-46D7-AE80-7B60C0936757} ()
[10/20/2008, 5:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:55] - Checking for HKLM\...\Winlogon\Notify\pmnlmkkH
[10/20/2008, 5:40:55] - Key not found: HKLM\...\Winlogon\Notify\pmnlmkkH, continuing.
[10/20/2008, 5:40:55] - BHO 2: {0BEA69F6-162C-4AE4-AF03-7AB92735DAEE} ()
[10/20/2008, 5:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:55] - Checking for HKLM\...\Winlogon\Notify\pmnnNGxX
[10/20/2008, 5:40:55] - Key not found: HKLM\...\Winlogon\Notify\pmnnNGxX, continuing.
[10/20/2008, 5:40:55] - BHO 3: {0e563b74-9efc-4dae-a375-a2af5678522f} ()
[10/20/2008, 5:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:55] - Checking for HKLM\...\Winlogon\Notify\gapgmo
[10/20/2008, 5:40:55] - Key not found: HKLM\...\Winlogon\Notify\gapgmo, continuing.
[10/20/2008, 5:40:55] - BHO 4: {30AB06AE-CF78-41D1-97AE-E8CE1964AAE2} ()
[10/20/2008, 5:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/20/2008, 5:40:55] - Checking for HKLM\...\Winlogon\Notify\ljJYPfgd
[10/20/2008, 5:40:55] - Key not found: HKLM\...\Winlogon\Notify\ljJYPfgd, continuing.
[10/20/2008, 5:40:55] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/20/2008, 5:40:55] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/20/2008, 5:40:55] - Finished Searching Browser Helper Objects
[10/20/2008, 5:40:55] - Finishing up...
[10/20/2008, 5:40:55] - A restart is needed.
[10/20/2008, 5:41:03] - Attempting to Restart via STOP error (Blue Screen!)
 
I'm at work right now, but I will do some scans when I get home. I just wish i knew where I got it as I scan everything I download.

Meh, as long as we kill it I'm not too worried.
 
Scanned with SuperAntispyware and it found several instances. AV started kicking up then. Geez, this thing can hide. About to reboot so SAS can delete the last one it found, and then I will scan again. Once I get a clean bill I will post a log.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom