qtplugin.exe and rundll32_s.exe removal?

highlander87 · 20-01-2010 01:12AM #1

noticed this 2 probably malware processes running on my computer a couple of days ago . Deleting them only helped to stop qtplugin.exe from starting, but rundll32_s.exe still keeps starting periodically and creating multiple instances, and a file ,also called rundll32_s.exe, on c:windows\temp. there's nothing about this process in registry so I can't figure out where it is started from. Help?

highlander87 · 20-01-2010 01:37AM

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 01:32:13, on 1/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe

\Programi\avast\aswUpdSv.exe

\Programi\avast\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE

\Programi\avast\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe

\Programi\hamachi\hamachi-2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe

\Programi\avast\ashMaiSv.exe

\Programi\avast\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\rundll32_s.exe
C:\WINDOWS\TEMP\rundll32_s.exe
C:\WINDOWS\TEMP\rundll32_s.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: 172.31.31.254 msnfix.changelog.fr
O1 - Hosts: 172.31.31.254 www.incodesolutions.com
O1 - Hosts: 172.31.31.254 virusinfo.prevx.com
O1 - Hosts: 172.31.31.254 download.bleepingcomputer.com
O1 - Hosts: 172.31.31.254 www.dazhizhu.cn
O1 - Hosts: 172.31.31.254 foro.noticias3d.com
O1 - Hosts: 172.31.31.254 www.spybotupdates.com
O1 - Hosts: 172.31.31.254 club.myce.com
O1 - Hosts: 172.31.31.254 www.k7computing.com
O1 - Hosts: 172.31.31.254 softwaresecuritysolutions.com
O1 - Hosts: 172.31.31.254 www.nabble.com
O1 - Hosts: 172.31.31.254 lurker.clamav.net
O1 - Hosts: 172.31.31.254 lexikon.ikarus.at
O1 - Hosts: 172.31.31.254 research.sunbelt-software.com
O1 - Hosts: 172.31.31.254 www.virusdoctor.jp
O1 - Hosts: 172.31.31.254 www.elitepvpers.de
O1 - Hosts: 172.31.31.254 guru.avg.com
O1 - Hosts: 172.31.31.254 downloads.sophos.com
O1 - Hosts: 172.31.31.254 share.skype.com
O1 - Hosts: 172.31.31.254 myantispyware.com
O1 - Hosts: 172.31.31.254 www.computerhilfen.de
O1 - Hosts: 172.31.31.254 www.superuser.co.kr
O1 - Hosts: 172.31.31.254 ntfaq.co.kr
O1 - Hosts: 172.31.31.254 v.dreamwiz.com
O1 - Hosts: 172.31.31.254 cit.kookmin.ac.kr
O1 - Hosts: 172.31.31.254 forums.whatthetech.com
O1 - Hosts: 172.31.31.254 forum.hijackthis.de
O1 - Hosts: 172.31.31.254 avg.vo.llnwd.net
O1 - Hosts: 172.31.31.254 ftp.drweb.com
O1 - Hosts: 172.31.31.254 www.zonealarm.com
O1 - Hosts: 172.31.31.254 smadaver.com
O1 - Hosts: 172.31.31.254 support.emsisoft.com
O1 - Hosts: 172.31.31.254 www.huaifai.go.th
O1 - Hosts: 172.31.31.254 www.mostz.com
O1 - Hosts: 172.31.31.254 www.krupunmai.com
O1 - Hosts: 172.31.31.254 www.cddchiangmai.net
O1 - Hosts: 172.31.31.254 forum.malekal.com
O1 - Hosts: 172.31.31.254 tech.pantip.com
O1 - Hosts: 172.31.31.254 sapcupgrades.com
O1 - Hosts: 172.31.31.254 www.elguruinformatico.com
O1 - Hosts: 172.31.31.254 forums.avg.com
O1 - Hosts: 172.31.31.254 zastita.com
O1 - Hosts: 172.31.31.254 support.kaspersky.com
O1 - Hosts: 172.31.31.254 www.247fixes.com
O1 - Hosts: 172.31.31.254 forum.sysinternals.com
O1 - Hosts: 172.31.31.254 forum.telecharger.01net.com
O1 - Hosts: 172.31.31.254 sophos.com
O1 - Hosts: 172.31.31.254 foros.softonic.com
O1 - Hosts: 172.31.31.254 avast-home.uptodown.com
O1 - Hosts: 172.31.31.254 dr-web-cureit.softonic.com
O1 - Hosts: 172.31.31.254 heavenward.ru
O1 - Hosts: 172.31.31.254 forum.smadav.net
O1 - Hosts: 172.31.31.254 www.forum.kaspersky.com
O1 - Hosts: 172.31.31.254 www.f-secure.com
O1 - Hosts: 172.31.31.254 www.chkrootkit.org
O1 - Hosts: 172.31.31.254 diamondcs.com.au
O1 - Hosts: 172.31.31.254 www.rootkit.nl
O1 - Hosts: 172.31.31.254 www.sysinternals.com
O1 - Hosts: 172.31.31.254 z-oleg.com
O1 - Hosts: 172.31.31.254 espanol.dir.groups.yahoo.com
O1 - Hosts: 172.31.31.254 ftp01net.telechargement.fr
O1 - Hosts: 172.31.31.254 modelayu.com
O1 - Hosts: 172.31.31.254 vaksin.com
O1 - Hosts: 172.31.31.254 bbs.kaspersky.com.cn
O1 - Hosts: 172.31.31.254 www.castlecrops.com
O1 - Hosts: 172.31.31.254 www.misec.net
O1 - Hosts: 172.31.31.254 safecomputing.umn.edu
O1 - Hosts: 172.31.31.254 www.antirootkit.com
O1 - Hosts: 172.31.31.254 www.greatis.com
O1 - Hosts: 172.31.31.254 ar.answers.yahoo.com
O1 - Hosts: 172.31.31.254 www.elhacker.org
O1 - Hosts: 172.31.31.254 research.pandasecurity.com
O1 - Hosts: 172.31.31.254 www.tpu.ro
O1 - Hosts: 172.31.31.254 www.pinoyden.com
O1 - Hosts: 172.31.31.254 forum.avira.de
O1 - Hosts: 172.31.31.254 www.rootkit.com
O1 - Hosts: 172.31.31.254 www.pctools.com
O1 - Hosts: 172.31.31.254 www.pcsupportadvisor.com
O1 - Hosts: 172.31.31.254 www.resplendence.com
O1 - Hosts: 172.31.31.254 www.personal.psu.edu
O1 - Hosts: 172.31.31.254 foro.ethek.com
O1 - Hosts: 172.31.31.254 foro.elhacker.net
O1 - Hosts: 172.31.31.254 download.zonealarm.com
O1 - Hosts: 172.31.31.254 spywarehammer.com
O1 - Hosts: 172.31.31.254 www.codelain.com
O1 - Hosts: 172.31.31.254 www.thaicert.org
O1 - Hosts: 172.31.31.254 vil.nail.com
O1 - Hosts: 172.31.31.254 search.mcafee.com
O1 - Hosts: 172.31.31.254 wwww.mcafee.com
O1 - Hosts: 172.31.31.254 download.nai.com
O1 - Hosts: 172.31.31.254 wwww.experts-exchange.com
O1 - Hosts: 172.31.31.254 www.bakunos.com
O1 - Hosts: 172.31.31.254 www.darkclockers.com
O1 - Hosts: 172.31.31.254 www2.gmer.net
O1 - Hosts: 172.31.31.254 ariefew.com
O1 - Hosts: 172.31.31.254 www.emsisoft.com
O1 - Hosts: 172.31.31.254 forum.romeonet.ro
O1 - Hosts: 172.31.31.254 www.Merijn.org
O1 - Hosts: 172.31.31.254 www.spywareinfo.com
O1 - Hosts: 172.31.31.254 www.spybot.info
O1 - Hosts: 172.31.31.254 www.viruslist.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program
Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program
Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!]

\Programi\avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search
Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Danijel\pifj.exe \u
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default
user')
O4 - Startup: Startup Defender.lnk = C:\Program Files\Zards software\Startup
Defender\Startup Defender.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google
Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices -
{C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates -
{C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) -
http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon -

\Programi\superspyware\SASWINLO.dll
O20 - Winlogon Notify: csbdll - csbdll.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} -
C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software -

\Programi\avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software -

\Programi\avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -

\Programi\avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -

\Programi\avast\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. -

\Programi\hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common
Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner -

\Programi\matlab7\webserver\bin\win32\matlabserver.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony
Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG -

\Programi\nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common
Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony
Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity
Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common
Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program
Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 12722 bytes

highlander87 · 20-01-2010 01:42AM

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 67 Stepping 3, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:19 Go - Free:6 Go )

\ [Fixed-NTFS] .. ( Total:129 Go - Free:62 Go )
E:\ [Fixed-NTFS] .. ( Total:298 Go - Free:116 Go )
F:\ [CD_Rom]
G:\ [CD_Rom]
.
Scan : 01:41.01
Path : E:\programs\Rooter.exe
User : Danijel ( Administrator -> YES )
.

\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (952)
______ \??\C:\WINDOWS\system32\csrss.exe (1000)
______ \??\C:\WINDOWS\system32\winlogon.exe (1024)
______ C:\WINDOWS\system32\services.exe (1068)
______ C:\WINDOWS\system32\lsass.exe (1080)
______ C:\WINDOWS\system32\svchost.exe (1256)
______ C:\WINDOWS\system32\svchost.exe (1304)
______ C:\WINDOWS\System32\svchost.exe (1656)
______ C:\WINDOWS\system32\svchost.exe (1844)
______ C:\WINDOWS\system32\svchost.exe (1928)
______

\Programi\avast\aswUpdSv.exe (380)
______

\Programi\avast\ashServ.exe (436)
______ C:\WINDOWS\system32\LEXBCES.EXE (1356)
______ C:\WINDOWS\system32\spoolsv.exe (1384)
______ C:\WINDOWS\system32\LEXPPS.EXE (1400)
______ C:\WINDOWS\Explorer.EXE (1712)
______ C:\WINDOWS\RTHDCPL.EXE (1700)
______

\Programi\avast\ashDisp.exe (1864)
______ C:\WINDOWS\system32\RUNDLL32.EXE (1980)
______ C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (1996)
______ C:\WINDOWS\system32\ctfmon.exe (164)
______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (1128)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (888)
______ C:\WINDOWS\system32\svchost.exe (1140)
______ C:\WINDOWS\system32\cisvc.exe (1936)
______

\Programi\hamachi\hamachi-2.exe (2220)
______ C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (3296)
______ C:\WINDOWS\system32\nvsvc32.exe (3652)
______ C:\WINDOWS\system32\PnkBstrA.exe (3820)
______ C:\WINDOWS\system32\svchost.exe (3888)
______ C:\WINDOWS\system32\wdfmgr.exe (3940)
______

\Programi\avast\ashMaiSv.exe (2252)
______

\Programi\avast\ashWebSv.exe (2352)
______ C:\WINDOWS\System32\alg.exe (4064)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (3276)
______ C:\WINDOWS\system32\cidaemon.exe (768)
______ C:\WINDOWS\system32\cidaemon.exe (4036)
______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (4120)
______ C:\Program Files\Internet Explorer\iexplore.exe (1148)
______ C:\WINDOWS\TEMP\rundll32_s.exe (1480)
______ C:\WINDOWS\TEMP\rundll32_s.exe (5104)
______ C:\WINDOWS\system32\msiexec.exe (6048)
______ C:\WINDOWS\TEMP\rundll32_s.exe (4224)
______ E:\programs\Rooter.exe (4580)
.

\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:20974431744)
\Device\Harddisk0\Partition0 (Start_Offset:20974464000 | Length:139056583680)
\Device\Harddisk0\Partition2 (Start_Offset:20974496256 | Length:139056551424)
.

\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.

\\ Registry
.
.

\\ Files & Folders
.

\\ Scan completed at 01:41.01
.
C:\Rooter$\Rooter_3.txt - (20/01/2010 | 01:41.01)

Candlemaker · 20-01-2010 12:45PM

your hosts file gets seriously infected. I replaced mine (same problem different thread as you've already seen). I'd look through that list and make sure that any website that's there you don't try an access. do a dns lookup and use the ip instead (online website not your own computer).

highlander87 · 20-01-2010 04:02PM

Candlemaker wrote: »

your hosts file gets seriously infected. I replaced mine (same problem different thread as you've already seen). I'd look through that list and make sure that any website that's there you don't try an access. do a dns lookup and use the ip instead (online website not your own computer).

how, and what exactly did u replace? did it solve it? My host file is unedited, it only has the localhost entry... I think that list of websites was created by this malware, since I havent seen any of those sites ever, and I'm having a lots of trouble accessing some online virus scan sites since the infection. And honestly, I dont really know what ur trying to say in that second part, call me a Noob if u must.

Candlemaker · 21-01-2010 12:38AM

make sure you scroll down. On mine it had a massive empty gap before it had all the rest of the entries.

highlander87 · 21-01-2010 01:00AM

You were right, it was seriously messed up, nice catch.;) So I just deleted everything below the localhost entry. Anyway, somehow I managed to stop rundll_s.32 from running today, I ran about 5 spyware+registry clean-up and anti-virus scans, and I just hope it is gone this time, but it's too soon to tell...

qtplugin.exe and rundll32_s.exe removal?

Comments