Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virtumundo/run dll error at start up [RESOLVED]

Started by fraggedxps , Feb 24 2008 02:21 PM

  • This topic is locked This topic is locked

#1
fraggedxps
Posted 24 February 2008 - 02:21 PM

fraggedxps

    New Member

  • Member
  • Pip
  • 8 posts
Hello,

When i log onto my username on my computer right away it give me 4 errors titles RUNDLL. I contacted a friend and he told me that my computer wasnt wrecked but i do ahve something called virtumundo.i ran severel thign before i even knew about this forum such as ATF CLEANER, VUNDO FIXER.At first i wasant able to access thing like control panel and,my computer but using ATF CLEANER FIXED THAT. But i still after that got the four RUNDLL error when i start up. I USED TO ONLY GET 2.


Posted Image














Here is my Hijackthis log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:43:06 AM, on 2/24/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\PROGRA~2\Stardock\XGF\XGFRuntimeServer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Users\Ian\AppData\Local\Temp\{DB12740C-CDBA-4CC2-8912-EDF13317341F}\Sidebar Clock.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FCTB00108Pos - {B1BE275B-78BF-4A33-81AB-380699CFF329} - C:\Program Files\Gaia Online Toolbar\Toolbar.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Gaia Online Toolbar - {B3535C18-0E70-4D4B-B36B-BBFE139BB144} - C:\Program Files\Gaia Online Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Ian\AppData\Local\Temp\iiihe.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Ian\AppData\Local\Temp\cbxuu.dll,c
O4 - HKCU\..\Run: [b07d5277] rundll32.exe "C:\Users\Ian\AppData\Local\Temp\hgnhfaqa.dll",b
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Ian\AppData\Local\Temp\ulyowusx.dll",run
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3948922473-477866946-1444985128-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Users\Ian\AppData\Local\Temp\{6EDD0FD7-ECDF-491C-983A-1C510FCD1E6E}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14169 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 24 February 2008 - 03:40 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
fraggedxps
Posted 24 February 2008 - 05:14 PM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
how do i disable mcafee security i cant find anything to disable
  • 0

#4
Rorschach112
Posted 24 February 2008 - 05:15 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Leave it then and go on with the rest of the steps
  • 0

#5
fraggedxps
Posted 24 February 2008 - 05:40 PM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
combo fix log

ComboFix 08-02-25 - Ian 2008-02-25 18:25:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1801 [GMT -5:00]
Running from: C:\Users\Ian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.

2008-02-24 05:42 . 2008-02-24 05:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 22:45 . 2008-02-22 22:45 <DIR> d-------- C:\Program Files\Gaia Online Toolbar
2008-02-22 01:45 . 2008-02-22 01:45 <DIR> d-------- C:\VundoFix Backups
2008-02-21 03:17 . 2008-02-21 03:25 <DIR> d-------- C:\Program Files\AutoMacroRecorder
2008-02-19 03:59 . 2008-02-19 03:59 <DIR> d-------- C:\Program Files\BitTorrent
2008-02-18 20:14 . 2008-02-18 20:14 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-02-18 07:22 . 2008-02-18 07:22 <DIR> d-------- C:\Users\Ian\AppData\Roaming\InstallShield
2008-02-18 00:11 . 2008-02-18 00:11 <DIR> d-------- C:\Users\Ian\AppData\Roaming\teamspeak2
2008-02-18 00:10 . 2008-02-18 00:10 34,064 --a------ C:\Windows\System32\lhacm.acm
2008-02-16 20:11 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-02-16 20:11 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-02-16 20:11 . 2006-12-14 22:47 782,336 -ra------ C:\Windows\System32\tmpDA19.tmp
2008-02-16 20:11 . 2006-11-29 13:06 440,080 --a------ C:\Windows\System32\d3dx10.dll
2008-02-16 20:11 . 2006-12-08 12:02 251,672 --a------ C:\Windows\System32\xactengine2_5.dll
2008-02-16 20:11 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-02-16 20:11 . 2006-11-15 11:38 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-02-16 20:05 . 2008-02-16 20:05 <DIR> d-------- C:\Program Files\Atari
2008-02-16 20:00 . 2008-01-10 00:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-15 17:11 . 2008-02-15 17:11 <DIR> d-------- C:\Users\Ian\AppData\Roaming\Leadertech
2008-02-15 17:10 . 2008-02-15 17:10 <DIR> d-------- C:\Program Files\NovaLogic
2008-02-12 20:11 . 2008-02-12 20:14 <DIR> d-------- C:\Program Files\There
2008-02-12 15:08 . 2007-12-05 23:10 613,888 --a------ C:\Windows\System32\wpd_ci.dll
2008-02-11 02:29 . 2008-02-11 02:29 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-02-11 02:06 . 2008-02-11 02:37 <DIR> d-------- C:\Program Files\Kuma Games
2008-02-10 23:39 . 2008-02-22 02:56 <DIR> d-------- C:\Users\Ian\AppData\Roaming\Bioshock
2008-02-02 23:00 . 2008-02-03 17:54 <DIR> d-------- C:\Program Files\San Andreas Mod Installer
2008-02-02 22:09 . 2008-02-02 23:00 720,896 --a------ C:\Windows\iun6002ev.exe
2008-02-01 19:51 . 2008-02-01 20:07 <DIR> d-------- C:\Users\Ian\AppData\Roaming\IGN_DLM
2008-02-01 19:51 . 2008-02-01 19:51 <DIR> d-------- C:\Program Files\Download Manager
2008-02-01 19:43 . 2008-02-01 19:43 <DIR> d-------- C:\Program Files\GameSpy
2008-01-31 22:10 . 2008-01-31 22:10 <DIR> d-a------ C:\Users\All Users\TEMP
2008-01-29 21:49 . 2008-01-29 21:51 <DIR> d-------- C:\Program Files\Game Cam v1.4
2008-01-27 15:00 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-01-27 15:00 . 2006-07-28 09:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll
2008-01-27 14:59 . 2008-01-27 14:59 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-01-27 14:53 . 2008-02-01 21:59 <DIR> d-------- C:\Program Files\America's Army
2008-01-27 03:03 . 2008-01-27 03:03 <DIR> d-------- C:\Users\All Users\Stardock
2008-01-26 02:26 . 2008-01-26 02:26 <DIR> d-------- C:\Users\All Users\PopCap Games
2008-01-25 21:58 . 2008-01-25 21:58 <DIR> d-------- C:\Users\Ian\AppData\Roaming\acccore
2008-01-25 21:56 . 2008-01-25 21:58 <DIR> d-------- C:\Program Files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 23:12 --------- d-----w C:\Program Files\Steam
2008-02-24 22:44 --------- d-----w C:\Program Files\McAfee
2008-02-22 07:56 --------- d-----w C:\Program Files\OpenAL
2008-02-22 07:56 --------- d-----w C:\Program Files\Guild Wars
2008-02-18 04:19 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2008-02-18 04:19 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2008-02-17 01:12 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-02-15 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 20:20 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-10 04:41 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-10 04:41 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-09 03:49 --------- d-----w C:\Users\Ian\AppData\Roaming\gtk-2.0
2008-02-04 00:39 --------- d-----w C:\Program Files\Rockstar Games
2008-01-29 04:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-29 04:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-29 04:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-29 04:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-29 04:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-29 00:30 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-26 02:56 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-21 23:50 --------- d-----w C:\Program Files\Sierra
2008-01-21 06:29 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-21 01:58 --------- d-----w C:\Program Files\Disney
2008-01-19 16:09 22,328 ----a-w C:\Users\Ian\AppData\Roaming\PnkBstrK.sys
2008-01-19 16:08 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-01-19 16:08 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-19 15:54 --------- d-----w C:\Program Files\Electronic Arts
2008-01-19 04:34 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-19 04:33 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-01-19 04:33 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-19 04:33 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-01-19 02:32 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-14 05:29 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-14 05:23 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-14 05:23 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-14 05:23 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-14 03:17 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-13 09:28 --------- d-----w C:\Users\Ian\AppData\Roaming\Yahoo!
2008-01-13 09:28 --------- d-----w C:\Program Files\Yahoo!
2008-01-13 09:28 --------- d-----w C:\Program Files\DivX
2008-01-12 04:27 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-01-12 01:45 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-01-11 00:29 54,608 ----a-w C:\Windows\System32\xfcodec.dll
2008-01-10 13:25 --------- d-----w C:\Program Files\ShortKeys2
2008-01-10 04:22 --------- d-----w C:\Program Files\7-Zip
2008-01-10 01:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 01:43 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 20:23 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 20:23 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 20:22 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 21:30 --------- d-----w C:\Program Files\Windows Live
2008-01-08 03:14 --------- d-----w C:\Program Files\samp keybinds
2008-01-08 02:42 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-07 08:21 --------- d-----w C:\Users\Ian\AppData\Roaming\Ventrilo
2008-01-06 08:58 --------- d-----w C:\Program Files\AutoHotkey
2008-01-06 08:46 --------- d-----w C:\Program Files\QMacro
2008-01-04 01:06 --------- d-----w C:\Program Files\Viewpoint
2008-01-04 00:30 --------- d-----w C:\Program Files\Ventrilo
2008-01-04 00:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 23:22 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-31 23:31 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-31 23:30 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-31 06:08 --------- d-----w C:\Program Files\Spb Software House
2007-12-30 02:48 --------- d--h--r C:\Users\Ian\AppData\Roaming\SecuROM
2007-12-30 02:38 621,056 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2007-12-30 02:38 36,864 ----a-w C:\Windows\System32\cdd.dll
2007-12-29 05:50 --------- d-----w C:\Users\Ian\AppData\Roaming\Roxio
2007-12-28 00:43 --------- d-----w C:\Program Files\Common Files\L&H
2007-12-26 02:03 --------- d-----w C:\Program Files\EA GAMES
2007-12-25 18:22 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-12-25 18:21 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-12-25 18:21 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-12-25 18:21 2,923,520 ----a-w C:\Windows\explorer.exe
2007-12-25 18:21 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-25 18:20 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-12-25 18:20 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-12-25 18:20 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-12-25 18:20 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-12-25 18:20 299,008 ----a-w C:\Windows\System32\wlansec.dll
2007-12-25 18:20 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2007-12-25 18:18 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-25 18:18 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-25 18:18 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-25 18:18 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-25 18:18 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-25 18:18 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-25 18:18 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-25 18:16 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-12-25 18:16 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-12-25 18:15 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-25 18:15 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-25 18:15 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-25 18:15 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-25 18:12 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-25 18:08 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-25 17:52 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2007-12-25 17:52 43,352 ----a-w C:\Windows\System32\wups2.dll
2007-12-25 17:52 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2007-12-25 17:52 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2007-12-25 17:50 80,896 ----a-w C:\Windows\System32\wudriver.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 15:22 1232896]
"Steam"="c:\program files\steam\steam.exe" [2007-12-25 12:56 1266936]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 16:57 1103480]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"MSServer"="C:\Users\Ian\AppData\Local\Temp\jkhgg.dll" [ ]
"cmds"="C:\Users\Ian\AppData\Local\Temp\cbxuu.dll" [ ]
"b07d5277"="C:\Users\Ian\AppData\Local\Temp\hgnhfaqa.dll" [ ]
"MS Juan"="C:\Users\Ian\AppData\Local\Temp\ulyowusx.dll" [2008-02-21 20:22 93760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-11 18:14 1006264]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-25 01:03 17920]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 18:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-24 23:52 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-24 23:52 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-24 23:52 81920]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 15:22 184320]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-09-24 08:14 23552 C:\Windows\System32\Ctxfihlp.exe]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 10:14 439512]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2007-06-27 10:18 215256]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-11 11:08 1838592]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 18:57 16384]
"OEM03Mon.exe"="C:\Windows\OEM03Mon.exe" [2007-06-18 00:44 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B0DAED3-B397-439A-9C12-09429C4B8F0F}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM|Desc=Intel® Viiv™ Software
"{1D62CBDB-867D-47FF-9DE0-E8D82D85AA27}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM|Desc=Intel® Viiv™ Software
"{591C354E-7FD9-45C4-AF24-C718621599C8}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service|Desc=Intel® Viiv™ Software
"{3E1F7B3F-D7E7-4415-BA37-3230DBA6313E}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service|Desc=Intel® Viiv™ Software
"{B08399AC-CF03-4C0D-B941-D07B3B1D7DAC}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server|Desc=Intel® Viiv™ Software
"{98F0E8AA-ABE2-4D1A-91D2-39253D15E13B}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server|Desc=Intel® Viiv™ Software
"{008A402F-7B1B-4511-8C13-A9D14198F527}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel® Viiv™ Media Server Discovery|Desc=Intel® Viiv™ Software
"{8E613865-75B3-42B6-BEC8-5E3BA597B10A}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery|Desc=Intel® Viiv™ Software
"{E94A1AB8-043D-42C1-9488-A115D2E6193C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{85B1857A-2207-4127-987D-7E8176B66076}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{46BF1F46-668D-44BF-B7B8-EB505FCC752B}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent|Desc=McAfee Network Agent
"{B44A4A29-CB56-4513-BFD3-4E7219A61862}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{26A53AF6-9A76-4421-B26A-D211CAB7D288}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{863599A0-81EE-4A79-A859-9BDEAB2B3F74}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{AA7787C1-6CBA-4A05-BB4E-7D708EFA396E}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2
"{54307483-EBD8-445D-88C9-868F54252EDB}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{781B658D-94EC-4EEF-BD27-05748C3BAEB4}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A6640598-C637-439C-AEE9-E24988F1A16D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{384E0E51-8532-4581-BF67-EEBD7BC3253C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5948670C-781C-475F-9A31-6937D335934E}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E38143DA-EB06-45AC-AEAE-F628E91CBBA5}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CB5C2CB0-6A71-4048-8B11-B2CDFC458AF6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{2035900F-91B6-45DB-AA99-678677108F04}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C2C7E3B8-3318-4B74-B367-6EC86AAA1CE5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2FBF33B5-84BE-446E-8437-9CF507D2AA7A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5C998DDF-59CD-416D-9E82-ADAD2867EA46}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{2DA85300-CDEA-45FB-9A08-9CA2FDA881FB}"= UDP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
"{BAC57F60-698C-433D-BDFB-E3E6F1B127F7}"= TCP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe:SWAT 4 - The Stetchkov Syndicate
"{7CB1E861-6D1E-4620-A59F-B4C58365FCA2}"= UDP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
"{31D98468-35E6-42EB-B002-A54A1DFC542F}"= TCP:C:\Program Files\Sierra\SWAT 4\ContentExpansion\System\Swat4XDedicatedServer.exe:SWAT 4 - The Stetchkov Syndicate Dedicated Server
"{B0B9ED76-090E-4959-A5DA-6E5115EDB98D}"= UDP:C:\Program Files\Atari\ArmA\arma.exe:ArmA
"{1ED5D80A-00A6-437B-911D-E4157391ABAB}"= TCP:C:\Program Files\Atari\ArmA\arma.exe:ArmA

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 11:46]
R2 NMSCore;Intel® NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 10:14]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 20:34]
R2 QualityManager;Intel® Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 10:17]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 04:45]
R3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 02:30]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-01 23:42]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-04-01 23:42]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-01 23:42]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2007-09-24 08:14]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-08-27 00:33]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-12-11 11:00]
R3 LazerUsb;Lumanate Lazer USB;C:\Windows\system32\DRIVERS\LazerUsb.sys [2007-10-16 21:19]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys [2007-01-15 17:57]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-15 00:35]
S3 DHTRACE;Intel® DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 10:15]
S3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;C:\Windows\system32\Drivers\OEM03Afx.sys [2007-06-18 00:44]
S3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM03Vfx.sys [2007-06-18 00:44]
S3 OEM03Vid;Creative Camera OEM003 Driver;C:\Windows\system32\DRIVERS\OEM03Vid.sys [2007-06-18 00:44]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb51c2a5-a7fc-11dc-83ae-806e6f6e6963}]
\shell\AutoRun\command - F:\Setup.exe -check

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 05:59:59 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:59:59 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-25 23:21:32 C:\Windows\Tasks\User_Feed_Synchronization-{B442F028-E24D-403D-A71D-2BCC164B5842}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:33:19
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 18:34:20
.
2008-02-17 08:01:47 --- E O F ---


------------------------HIJACKTHIS LOG--------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:36 PM, on 2/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~2\Stardock\XGF\XGFRuntimeServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3948922473-477866946-1444985128-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Users\Ian\AppData\Local\Temp\{6EDD0FD7-ECDF-491C-983A-1C510FCD1E6E}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13073 bytes
  • 0

#6
Rorschach112
Posted 24 February 2008 - 06:22 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Users\Ian\AppData\Local\Temp\ulyowusx.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"cmds"=-
"b07d5277"=-
"MS Juan"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb51c2a5-a7fc-11dc-83ae-806e6f6e6963}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Reboot and post a new HijackThis log
  • 0

#7
fraggedxps
Posted 24 February 2008 - 06:28 PM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i dragged the txt file in nothign happened hijackthis just showed up
  • 0

#8
Rorschach112
Posted 24 February 2008 - 06:29 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Continue on with the MBAM step

After that run ComboFix.exe again and post the log
  • 0

#9
fraggedxps
Posted 24 February 2008 - 08:54 PM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
WELL THE ERRORS DIDNT SHOW UP WHEN I REBOOTED BUT YOU NEVER CAN BE TOO SURE

I ALSO INCOUNTERED COUNDLNT FIND PATH THING FOR INTERNET BUT AFTER A MINUTES THAT WENT AWAY

---------------------------------------------------new hijack log----------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:36 PM, on 2/25/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\OEM03Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
C:\Program Files\Dell\Xcelerator\bin\ehLumaQuarkD.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~2\Stardock\XGF\XGFRuntimeServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\McAfee\MSC\mcshell.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [OEM03Mon.exe] C:\Windows\OEM03Mon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3948922473-477866946-1444985128-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Delta Force-Black Hawk Down Team Sabre Registration.lnk = C:\Users\Ian\AppData\Local\Temp\{6EDD0FD7-ECDF-491C-983A-1C510FCD1E6E}\{6164D2E7-986B-42F5-B3A6-64D5E53FB889}\NOVG.EXE
O4 - Startup: Kuma_Tray.lnk = C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplane...C_2.3.6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13073 bytes



------------------------------after scan of malware------------------------------------------------


Malwarebytes' Anti-Malware 1.05
Database version: 402

Scan type: Full Scan (C:\|D:\|H:\|I:\|J:\|K:\|)
Objects scanned: 276652
Time elapsed: 1 hour(s), 44 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by fraggedxps, 24 February 2008 - 08:59 PM.

  • 0

#10
fraggedxps
Posted 25 February 2008 - 12:59 AM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Now sometimes this shows when starting the internet

Posted Image
  • 0

#11
Rorschach112
Posted 25 February 2008 - 08:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You will need to post in the Windows Vista forum about that

Few things to do

Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#12
fraggedxps
Posted 25 February 2008 - 02:27 PM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
i kinda accidently unistalled combofix earlier with control panel remove programs
  • 0

#13
fraggedxps
Posted 25 February 2008 - 02:42 PM

fraggedxps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
it wont let me downlaod the java SE

Posted Image

Edited by fraggedxps, 25 February 2008 - 02:47 PM.

  • 0

#14
Rorschach112
Posted 25 February 2008 - 06:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes thats been a problem lately

Try this link

http://www.majorgeek...ment_d4648.html

Let me know the rest of the steps go
  • 0

#15
Rorschach112
Posted 02 March 2008 - 07:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP