My machine was infected with the VIRTUMONDE and other malwares. Spybot tried to clean it but it keeps reappearing. My start menu also lost several shortcuts, such as the control panel and others. In addition, the auto updates were forced off and secuirty center could not turn them on.
I have already installed the Recovery Console, ComboFix, and HijackThis. I also disabled Spybot TeaTimer and Mcafee anivirus then ran Combofix. This seems to have corrected things, but I want to be 100% sure. Please review my ComboFix and HijackThis logs:
ComboFix 08-09-20.05 - Ali 2008-09-22 20:48:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.966.1033.18.645 [GMT 3:00]
Running from: C:\Documents and Settings\Ali\Desktop\Malware Removal\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\etfl.exe
C:\WINDOWS\system32\bdJQBJlm.ini
C:\WINDOWS\system32\bdJQBJlm.ini2
C:\WINDOWS\system32\cucufxkx.ini
C:\WINDOWS\system32\iynbordb.ini
C:\WINDOWS\system32\leqrwtgn.ini
C:\WINDOWS\system32\ljJDTNHw.dll
C:\WINDOWS\system32\lmTBcJlm.ini
C:\WINDOWS\system32\lmTBcJlm.ini2
C:\WINDOWS\system32\lwvgpmbx.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlJBQJdb.dll
C:\WINDOWS\system32\mlJcBTml.dll
C:\WINDOWS\system32\odkigfsy.ini
C:\WINDOWS\system32\oeundasl.ini
C:\WINDOWS\system32\vtUlKBQk.dll
C:\WINDOWS\system32\wfvsxrfk.ini
C:\WINDOWS\vmgspntbgns.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.
2008-09-22 20:21 . 2008-09-22 20:21 103,552 --a------ C:\WINDOWS\system32\lsadnueo.dll
2008-09-22 20:02 . 2008-09-22 20:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-22 20:00 . 2008-09-22 20:00 103,552 --a------ C:\WINDOWS\system32\bdrobnyi.dll
2008-09-19 20:58 . 2008-09-19 20:58 103,552 --a------ C:\WINDOWS\system32\xkxfucuc.dll
2008-09-19 01:34 . 2008-09-19 02:37 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-18 03:18 . 2008-09-18 03:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-18 03:18 . 2008-09-18 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-17 16:05 . 2008-09-17 16:05 <DIR> d-------- C:\Documents and Settings\Hassan\Application Data\Apple Computer
2008-09-16 22:28 . 2008-09-16 22:28 <DIR> d-------- C:\Program Files\F5
2008-09-16 21:51 . 2008-09-16 22:38 <DIR> d-------- C:\Program Files\CeRegEditor
2008-09-16 21:44 . 2005-10-21 04:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-09-16 21:44 . 2005-10-21 04:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-09-15 19:38 . 2008-09-17 23:52 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\AdobeUM
2008-09-10 23:53 . 2008-09-10 23:53 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\Sony Corporation
2008-09-10 23:51 . 2008-09-10 23:51 <DIR> d-------- C:\WINDOWS\system32\DLA
2008-09-10 23:51 . 2008-09-10 23:51 <DIR> d-------- C:\Program Files\Sonic
2008-09-10 23:51 . 2006-06-13 05:20 94,263 --a------ C:\WINDOWS\DLA.EXE
2008-09-10 23:51 . 2006-06-12 03:30 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2008-09-10 23:51 . 2006-06-13 05:20 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2008-09-10 23:51 . 2006-03-17 05:20 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2008-09-10 23:51 . 2006-03-17 08:34 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2008-09-10 23:51 . 2006-03-17 08:35 5,660 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2008-09-10 23:51 . 2008-09-18 04:04 249 --a------ C:\WINDOWS\wininit.ini
2008-09-10 23:49 . 2008-09-10 23:49 <DIR> d-------- C:\Program Files\Sony
2008-09-10 23:49 . 2006-11-02 16:57 118,520 --a------ C:\WINDOWS\system32\PxInsI64.exe
2008-09-10 23:49 . 2006-10-18 19:43 115,960 --a------ C:\WINDOWS\system32\PxCpyI64.exe
2008-09-10 23:49 . 2006-11-02 16:57 36,624 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-09-10 23:49 . 2006-08-28 21:48 2,560 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-10 23:49 . 2006-08-28 21:48 2,432 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-10 23:48 . 2008-09-10 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2008-09-10 23:47 . 2008-09-10 23:47 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\InstallShield
2008-09-08 14:11 . 2008-09-08 14:11 <DIR> d-------- C:\Documents and Settings\Abdullah\Application Data\Apple Computer
2008-09-08 00:30 . 2008-09-08 00:30 <DIR> d-------- C:\Program Files\Realtek Sound Manager
2008-09-08 00:30 . 2008-09-08 00:30 <DIR> d-------- C:\Program Files\AvRack
2008-09-08 00:29 . 2008-09-08 00:30 <DIR> d-------- C:\Program Files\Realtek AC97
2008-09-08 00:29 . 2008-09-10 23:52 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-08 00:29 . 2006-07-31 11:19 315,392 -ra------ C:\WINDOWS\alcupd.exe
2008-09-08 00:29 . 2006-07-31 11:27 217,088 -ra------ C:\WINDOWS\Alcrmv.exe
2008-09-08 00:16 . 2008-09-18 00:19 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-08 00:12 . 2008-09-08 00:12 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-09-08 00:12 . 2008-09-08 00:12 24 --a------ C:\WINDOWS\cdplayer.ini
2008-09-08 00:11 . 2008-09-08 00:11 <DIR> d-------- C:\Program Files\Real
2008-09-08 00:11 . 2008-09-08 00:12 <DIR> d-------- C:\Program Files\Common Files\Real
2008-09-08 00:08 . 2008-09-08 00:09 <DIR> d-------- C:\Program Files\QuickTime
2008-09-08 00:08 . 2008-09-08 00:08 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-08 00:08 . 2008-09-08 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-08 00:08 . 2008-09-08 00:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-07 01:08 . 2008-09-07 01:08 <DIR> d-------- C:\Program Files\uTorrent
2008-09-07 01:08 . 2008-09-18 04:05 <DIR> d-------- C:\Documents and Settings\Ali\Application Data\uTorrent
2008-09-07 00:46 . 2008-09-07 00:46 <DIR> d-------- C:\Documents and Settings\Miral
2008-09-07 00:46 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-09-06 16:52 . 2008-09-06 16:52 <DIR> d-------- C:\Documents and Settings\Abdullah
2008-09-05 15:27 . 2008-09-20 17:35 <DIR> d-------- C:\Documents and Settings\Hassan
2008-09-05 14:30 . 2005-06-03 03:52 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-09-05 14:29 . 2008-09-05 14:30 <DIR> d-------- C:\Program Files\Java
2008-09-05 14:29 . 2008-09-05 14:29 <DIR> d-------- C:\Program Files\Common Files\Java
2008-09-05 14:28 . 2008-09-05 14:28 <DIR> d-------- C:\WINDOWS\Logs
2008-09-05 14:20 . 2008-09-05 14:20 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-09-05 14:19 . 2008-09-05 14:19 <DIR> d-------- C:\WINDOWS\nview
2008-09-05 14:19 . 2008-09-05 14:19 <DIR> d-------- C:\NVIDIA
2008-09-05 14:19 . 2008-04-30 17:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-09-05 14:19 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-09-05 14:19 . 2008-09-22 20:54 182,038 --a------ C:\WINDOWS\system32\nvapps.xml
2008-09-05 14:19 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-09-05 14:19 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-09-05 14:19 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-09-05 14:19 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-09-05 14:19 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-09-05 14:14 . 2008-09-17 20:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-05 14:10 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-05 14:10 . 2008-06-13 16:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-05 14:07 . 2008-09-11 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-09-05 14:07 . 2005-02-25 06:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 18:44 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-05 11:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-04 23:07 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-04 23:05 --------- d-----w C:\Documents and Settings\Ali\Application Data\Ahead
2008-09-04 23:03 --------- d-----w C:\Program Files\Nero
2008-09-04 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-04 22:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-04 22:53 --------- d-----w C:\Program Files\McAfee
2008-09-04 22:53 --------- d-----w C:\Program Files\Common Files\McAfee
2008-09-04 22:53 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2008-09-04 22:12 --------- d-----w C:\Program Files\microsoft frontpage
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"updateMgr"="C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Distillr\Acrotray.exe" [2008-04-23 483328]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"b8f35e9b"="C:\WINDOWS\system32\lsadnueo.dll" [2008-09-22 103552]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\soundman.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2008-09-05 25214]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
- - - - ORPHANS REMOVED - - - -
BHO-{6928C803-AA5D-4B3A-9943-3C3F784A02BD} - C:\WINDOWS\system32\ljJDTNHw.dll
BHO-{B3FE8D5D-E510-40F5-8199-E264E37FDF24} - C:\WINDOWS\system32\mlJcBTml.dll
Toolbar-{F63CB648-B3AB-4001-A96B-324CE8B2F52C} - (no file)
ShellExecuteHooks-{6928C803-AA5D-4B3A-9943-3C3F784A02BD} - C:\WINDOWS\system32\ljJDTNHw.dll
SSODL-dtseqrxk-{89E0374A-23ED-4EA5-ADC7-C6DF2EBC9A34} - (no file)
SSODL-mgxfebsq-{ECAE3A01-D90A-4F53-99BB-5A908CC2273E} - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 20:54:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-22 20:55:32 - machine was rebooted [Ali]
ComboFix-quarantined-files.txt 2008-09-22 17:55:30
Pre-Run: 54,604,193,792 bytes free
Post-Run: 54,737,543,168 bytes free
216 --- E O F --- 2008-09-11 00:01:08
Next is HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [b8f35e9b] rundll32.exe "C:\WINDOWS\system32\lsadnueo.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://vgs1.aramco.com/vdesk/cacheclea ... ,0514,2338
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://vgs1.aramco.com/vdesk/terminal/ ... ontrol.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://vg.aramco.com/vdesk/terminal/f5 ... onHost.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5036.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://vgs1.aramco.com/vdesk/terminal/ ... ,0514,2337
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://vgs1.aramco.com/vdesk/terminal/ ... 5,2,3790,0
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://vgs1.aramco.com/vdesk/terminal/ ... ,0514,2340
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://vg.aramco.com/policy/download_b ... ,0514,2348
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 8441 bytes