Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Zlob.trojan plus smitfraud [RESOLVED]


  • This topic is locked This topic is locked

#31
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Well...Combofix restarted my PC, but did not ask me too, is it supposed to do that?

Also, most of the instructions you are giving me are for a XP version of windows and i am currently using Vista, Sorry for the confusion since this site says my OS is XP; but could that be affecting anything? There was also no Combofix log given.

Edited by johnny boy, 08 June 2008 - 03:39 PM.

  • 0

Advertisements


#32
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Well...Combofix restarted my PC, but did not ask me too, is it supposed to do that?

Also, most of the instructions you are giving me are for a XP version of windows and i am currently using Vista, Sorry for the confusion since this site says my OS is XP; but could that be affecting anything? There was also no Combofix log given.


Don't worry about your OS.. I got that covered.. Can you find ComboFix log at C:\combofix.txt please?

Thanks :)
  • 0

#33
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-10 21:18:31
Windows 6.0.6001 Service Pack 1


---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!GetScrollPos 759BC090 5 Bytes JMP 007F9490 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!GetScrollRange 759BC33B 5 Bytes JMP 007F95C0 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!SetScrollRange 759BE173 5 Bytes JMP 007F9AB0 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!GetScrollInfo 759C0804 5 Bytes JMP 007F9360 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!ShowScrollBar 759C0E7C 5 Bytes JMP 007F9700 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!SetScrollInfo 759C8663 5 Bytes JMP 007F9830 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!EnableScrollBar 759DB11E 5 Bytes JMP 007F9230 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)
.text C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] USER32.dll!SetScrollPos 759E3A1E 5 Bytes JMP 007F9970 C:\Program Files\AIM\AIM Pro\aimpro.exe (AIM Pro/WebEx)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowLongA] [02B24370] C:\Program Files\AIM\AIM Pro\apSknmgr.dll (apSknmgr Module/WebEx Communications Inc.)
IAT C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] @ C:\Windows\system32\WININET.dll [USER32.dll!GetWindowLongA] [02B24440] C:\Program Files\AIM\AIM Pro\apSknmgr.dll (apSknmgr Module/WebEx Communications Inc.)
IAT C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetWindowLongA] [02B24440] C:\Program Files\AIM\AIM Pro\apSknmgr.dll (apSknmgr Module/WebEx Communications Inc.)
IAT C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [02B24370] C:\Program Files\AIM\AIM Pro\apSknmgr.dll (apSknmgr Module/WebEx Communications Inc.)
IAT C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetWindowLongA] [02B24370] C:\Program Files\AIM\AIM Pro\apSknmgr.dll (apSknmgr Module/WebEx Communications Inc.)
IAT C:\Program Files\AIM\AIM Pro\aimpro.exe[2468] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetWindowLongA] [02B24440] C:\Program Files\AIM\AIM Pro\apSknmgr.dll (apSknmgr Module/WebEx Communications Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
  • 0

#34
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
ComboFix 08-06-07.3 - Matthew 06/07/2008 23:09:05.1 - NTFSx86
Running from: C:\Users\Matthew\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\tmp60.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2008-06-07 23:07 . 2008-06-08 01:24 <DIR> d-------- C:\327882R2FWJFW
2008-06-07 23:02 . 2008-06-07 23:03 <DIR> d-------- C:\Program Files\ERUNT
2008-06-05 18:25 . 2008-06-05 18:36 <DIR> d-------- C:\Users\Matthew\DoctorWeb
2008-06-04 22:09 . 2008-06-04 22:09 <DIR> d-------- C:\_OTMoveIt
2008-05-31 12:13 . 2008-05-31 12:13 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Malwarebytes
2008-05-31 12:13 . 2008-05-31 12:13 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-31 12:13 . 2008-05-31 12:13 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-31 12:13 . 2008-05-31 12:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 12:13 . 2008-05-30 01:06 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-31 12:13 . 2008-05-30 01:06 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-31 07:12 . 2008-05-31 07:12 <DIR> d-------- C:\Deckard
2008-05-30 23:00 . 2008-05-30 23:00 25,755,448 --a------ C:\Program Files\wmp11.exe
2008-05-30 21:49 . 2008-05-30 22:52 1,409 --a------ C:\Windows\mozver.dat
2008-05-29 10:13 . 2008-05-29 10:13 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-05-29 06:56 . 2008-05-29 06:56 <DIR> d-------- C:\Users\All Users\FLEXnet
2008-05-29 06:56 . 2008-05-29 06:56 <DIR> d-------- C:\ProgramData\FLEXnet
2008-05-28 19:01 . 2008-05-28 19:01 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-28 19:01 . 2008-05-28 19:01 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-05-28 19:00 . 2008-05-28 19:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-28 18:25 . 2008-05-28 18:25 <DIR> d-------- C:\VundoFix Backups
2008-05-28 18:20 . 2008-05-28 18:20 691 --a------ C:\Users\Matthew\AppData\Roaming\GetValue.vbs
2008-05-28 18:20 . 2008-05-28 18:20 35 --a------ C:\Users\Matthew\AppData\Roaming\SetValue.bat
2008-05-28 18:19 . 2008-06-04 22:19 2,710 --a------ C:\Windows\System32\tmp.reg
2008-05-28 18:16 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-28 18:16 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-28 18:16 . 2008-05-27 13:54 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-05-28 18:16 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-28 18:16 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-28 09:06 . 2008-05-28 09:06 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-28 08:29 . 2008-06-07 13:16 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-05-28 08:29 . 2008-05-28 08:29 <DIR> d-------- C:\Users\All Users\avg8
2008-05-28 08:29 . 2008-05-28 08:29 <DIR> d-------- C:\ProgramData\avg8
2008-05-28 08:29 . 2008-05-28 08:29 <DIR> d-------- C:\Program Files\AVG
2008-05-28 08:29 . 2008-05-28 08:29 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-28 08:29 . 2008-05-28 08:29 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-28 08:29 . 2008-05-28 08:29 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-28 08:20 . 2008-05-28 18:43 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-28 07:56 . 2008-05-28 07:56 <DIR> d-------- C:\Windows\Content.IE5
2008-05-28 00:17 . 2008-05-28 00:17 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\DellFaxCtr
2008-05-27 23:50 . 2008-05-27 23:50 164 --a------ C:\Windows\wininit.ini
2008-05-27 23:35 . 2008-05-27 23:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-27 23:35 . 2008-05-27 23:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-27 23:35 . 2008-05-27 23:35 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-27 23:35 . 2008-05-28 19:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 23:30 . 2008-05-27 23:50 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-27 23:30 . 2008-05-27 23:50 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-27 23:30 . 2008-05-27 23:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-27 22:25 . 2008-03-07 22:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 22:25 . 2008-03-08 00:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 23:30 . 2008-05-27 23:22 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Xfire
2008-05-26 23:29 . 2008-05-30 22:57 <DIR> d-------- C:\Users\All Users\Xfire
2008-05-26 23:29 . 2008-05-30 22:57 <DIR> d-------- C:\ProgramData\Xfire
2008-05-26 23:29 . 2008-05-26 23:30 <DIR> d-------- C:\Program Files\Xfire
2008-05-26 22:13 . 2008-05-26 22:13 <DIR> d-------- C:\Program Files\Logitech
2008-05-26 22:13 . 2008-05-26 22:13 130,208 -r------- C:\Windows\bwUnin-8.1.1.87-8876480SL.exe
2008-05-26 14:00 . 2008-05-26 14:00 <DIR> d-------- C:\Program Files\Dl_cats
2008-05-26 13:59 . 2008-05-26 13:59 <DIR> d-------- C:\Program Files\Dell
2008-05-26 13:59 . 2008-05-26 13:59 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-26 13:58 . 2008-05-26 13:58 <DIR> d-------- C:\Users\All Users\DellFaxCtr
2008-05-26 13:58 . 2008-05-26 13:58 <DIR> d-------- C:\ProgramData\DellFaxCtr
2008-05-26 13:58 . 2008-05-26 13:59 <DIR> d-------- C:\Program Files\Dell Photo AIO Printer 926
2008-05-26 13:58 . 2008-05-26 13:59 <DIR> d-------- C:\Program Files\Dell PC Fax
2008-05-25 23:43 . 2008-05-25 23:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-25 21:34 . 2008-05-25 21:21 152,576 --a------ C:\Windows\System32\SPWizUI.dll
2008-05-25 21:34 . 2008-05-25 21:21 47,560 --a------ C:\Windows\System32\SPReview.exe
2008-05-25 21:24 . 2008-01-18 21:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-05-25 21:22 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe
2008-05-25 21:21 . 2008-05-25 21:34 196,608 --a------ C:\Windows\SPInstall.etl
2008-05-25 18:10 . 2008-05-25 18:10 <DIR> d-------- C:\Users\All Users\Steam
2008-05-25 18:10 . 2008-05-25 18:11 <DIR> d-------- C:\Users\All Users\PopCap Games
2008-05-25 18:10 . 2008-05-25 18:10 <DIR> d-------- C:\ProgramData\Steam
2008-05-25 18:10 . 2008-05-25 18:11 <DIR> d-------- C:\ProgramData\PopCap Games
2008-05-25 17:49 . 2008-05-02 22:46 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-05-25 17:49 . 2008-05-02 22:46 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-05-25 17:49 . 2008-05-02 22:46 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-05-25 17:30 . 2008-05-25 17:30 <DIR> d-------- C:\Program Files\Nvidia Omega Drivers
2008-05-25 17:30 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST.EXE
2008-05-25 17:20 . 2008-05-25 17:20 <DIR> d-------- C:\Program Files\DIFX
2008-05-25 17:11 . 2008-05-25 17:11 472,576 --a------ C:\Windows\Nvidia Omega Drivers v1.169.25 Uninstall.exe
2008-05-25 03:00 . 2008-05-25 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-23 21:35 . 2008-05-23 21:35 0 --a------ C:\Windows\Irremote.ini
2008-05-23 20:43 . 2008-05-23 20:43 <DIR> d-------- C:\Ubuntu
2008-05-23 20:21 . 2008-05-23 20:21 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Nero
2008-05-23 20:20 . 2008-05-23 21:35 <DIR> d-------- C:\Users\All Users\Nero
2008-05-23 20:20 . 2008-05-23 21:35 <DIR> d-------- C:\ProgramData\Nero
2008-05-23 20:20 . 2008-05-23 20:20 <DIR> d-------- C:\Program Files\Nero
2008-05-23 20:20 . 2008-05-23 21:36 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-22 23:08 . 2008-05-22 23:08 <DIR> d-------- C:\Program Files\CodeGazer
2008-05-22 22:38 . 2008-05-22 22:38 0 --a------ C:\Windows\nsreg.dat
2008-05-22 22:36 . 2008-05-22 22:37 6,039,048 --a------ C:\Program Files\Firefox.exe
2008-05-22 18:29 . 2008-05-25 17:49 <DIR> d-------- C:\Windows\nvidia icons
2008-05-22 18:22 . 2008-05-22 18:22 38,055,000 --a------ C:\Program Files\Nvidia Drivers.exe
2008-05-21 18:44 . 2008-05-21 19:22 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\goombah
2008-05-21 18:43 . 2008-05-21 18:43 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\Ruckus Network
2008-05-21 18:42 . 2008-05-21 18:42 <DIR> d-------- C:\Program Files\Emergent Music LLC
2008-05-21 18:42 . 2008-05-21 18:42 <DIR> d-------- C:\Program Files\Bonjour
2008-05-21 18:41 . 2008-05-21 18:43 <DIR> d-------- C:\Program Files\Ruckus Player
2008-05-21 18:41 . 2008-05-21 18:41 12,872,160 --a------ C:\Program Files\Ruckus Player.EXE
2008-05-21 18:41 . 2005-11-22 17:10 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-05-21 18:41 . 2005-11-22 17:10 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-05-21 18:28 . 2008-06-07 22:59 <DIR> d-------- C:\Users\Matthew\AppData\Roaming\uTorrent
2008-05-21 18:28 . 2008-05-21 18:28 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 02:51 . 2008-05-21 02:51 1,820 --a------ C:\Windows\System32\rasctrnm.h
2008-05-21 02:36 . 2008-01-18 23:34 15,872 --a------ C:\Windows\System32\hcrstco.dll
2008-05-21 02:36 . 2006-11-02 01:46 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-05-21 02:34 . 2008-05-21 02:34 988,216 --a------ C:\Windows\System32\winload.exe
2008-05-21 02:34 . 2008-05-21 02:34 927,288 --a------ C:\Windows\System32\winresume.exe
2008-05-21 02:34 . 2008-05-21 02:34 615,992 --a------ C:\Windows\System32\ci.dll
2008-05-21 02:34 . 2008-05-21 02:34 378,368 --a------ C:\Windows\System32\srcore.dll
2008-05-21 02:34 . 2008-05-21 02:34 318,464 --a------ C:\Windows\System32\rstrui.exe
2008-05-21 02:34 . 2008-05-21 02:34 46,592 --a------ C:\Windows\System32\setbcdlocale.dll
2008-05-21 02:34 . 2008-05-21 02:34 40,960 --a------ C:\Windows\System32\srclient.dll
2008-05-21 02:34 . 2008-05-21 02:34 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-05-21 02:34 . 2008-05-21 02:34 14,848 --a------ C:\Windows\System32\srdelayed.exe
2008-05-21 02:34 . 2008-05-21 02:34 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-05-21 02:32 . 2008-05-21 02:32 2,032,128 --a------ C:\Windows\System32\win32k.sys
2008-05-21 02:32 . 2008-05-21 02:32 295,936 --a------ C:\Windows\System32\gdi32.dll
2008-05-21 02:27 . 2008-05-21 02:27 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-05-21 02:27 . 2008-05-21 02:27 826,880 --a------ C:\Windows\System32\wininet.dll
2008-05-20 23:58 . 2008-05-20 23:58 <DIR> d-------- C:\Windows\System32\OEM
2008-05-20 23:58 . 2008-05-20 23:08 <DIR> d-------- C:\Windows\Panther
2008-05-20 23:58 . 2007-02-21 15:54 34 -rah----- C:\Windows\DELL_VERSION
2008-05-20 23:03 . 2008-05-21 02:26 <DIR> d-------- C:\Windows\Debug
2008-05-20 22:29 . 2008-05-20 22:29 <DIR> d-------- C:\Windows\System32\Macromed
2008-05-20 22:20 . 2008-06-04 21:48 <DIR> d-------- C:\Program Files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 01:50 174 --sha-w C:\Program Files\desktop.ini
2008-05-26 01:45 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-26 01:45 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-26 01:45 --------- d-----w C:\Program Files\Windows Mail
2008-05-26 01:45 --------- d-----w C:\Program Files\Windows Defender
2008-05-26 01:45 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-26 01:45 --------- d-----w C:\Program Files\Windows Calendar
2008-05-26 01:37 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-26 01:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-21 02:19 1,567,232 ----a-w C:\Program Files\SteamInstall.msi
2008-04-29 15:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys
2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [ ]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-26 22:13 91440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"RestartNeroSetup"="C:\Users\Matthew\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe" [ ]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 18:09 312200]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 12:57 292336]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 18:04 304008]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 01:31 106496]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-28 08:29 1177368]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{60FA1249-788E-4D35-A69A-94A18A302FAF}C:\\program files\\steam\\steamapps\\treashunter\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\treashunter\team fortress 2\hl2.exe:hl2
"UDP Query User{2BE05C8D-C7F0-4367-933A-2724DDCE1A04}C:\\program files\\steam\\steamapps\\treashunter\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\treashunter\team fortress 2\hl2.exe:hl2
"TCP Query User{D4DBBEEF-86FF-42AB-B9D1-2CCB314A0C0B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{1DADE256-2592-4E72-B0D9-987F178C6EF9}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{E14D8455-21D5-46B4-AC8B-6690971E5AAD}"= UDP:C:\Program Files\Ruckus Player\Ruckus.exe:Ruckus
"{A672124D-9274-4194-9F68-2ABB4AD9FCEF}"= TCP:C:\Program Files\Ruckus Player\Ruckus.exe:Ruckus
"TCP Query User{4B5ABA1D-50EE-4F56-B5F1-7F148AFC49C0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2361C460-94F8-4AA6-B55A-814F2FF56A6D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{CE5DC8D6-67EE-4D64-BDE5-774B7D81E8D5}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4319EC4B-851D-47E1-875C-9D4C356564F1}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{083F76C4-D16B-4A3B-9A46-3BFCA70938B0}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{9982D627-57A8-4040-8B8C-ADE98AA92383}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{C7F5FE41-FE2C-4445-9A3A-673FC0E92690}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{A859DC3F-A22A-44E4-9F46-08C56D525905}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{F19759C7-854C-442F-9171-62D3BC6FCE50}C:\\users\\matthew\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\matthew\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{4BBE0725-FA86-43AE-8AA4-B5A88B80925C}C:\\users\\matthew\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\matthew\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{4A145636-C018-4376-88A8-7D729A226BD9}C:\\program files\\steam\\steamapps\\treashunter\\ricochet\\hl.exe"= UDP:C:\program files\steam\steamapps\treashunter\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{636B801C-AC1F-4D01-A14C-C4E7318818B2}C:\\program files\\steam\\steamapps\\treashunter\\ricochet\\hl.exe"= TCP:C:\program files\steam\steamapps\treashunter\ricochet\hl.exe:Half-Life Launcher
"{921AE93B-C7B8-4980-919F-943216A4D915}"= UDP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{24E829AB-1213-4105-A353-A9AB8DD018D3}"= TCP:C:\Windows\System32\dlcxcoms.exe:Lexmark Communications System
"{4C5226C7-E95F-4198-BB44-83ECAB47C98F}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{5EF0627C-6A9D-47D7-99B2-02270BBD65C9}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{CF4B9E5F-B35F-4AE0-A2A7-1F0FDE842305}"= UDP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{94A18003-D8D4-43BE-9A0F-B89530416836}"= TCP:C:\Program Files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{09493FE8-4782-4D8D-AB1E-F8211E7105CC}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{538785C9-E3B7-404C-87FA-D3906F2C11DA}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{3F8AB8D6-7BA1-46BC-868D-C22AEAA37A7A}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{1637C9EF-2A5D-46A6-A1EE-30EEAA403A04}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{DCDC32CB-23F7-47D6-B3A9-4B3D2AD6BBDE}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{2C75B9F9-B692-42B9-9F8F-EB7CB61AB8AD}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{69BECD92-B87C-42FB-9380-53CF24100711}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{7E95E331-318E-4B76-B0C1-EEFC569371F5}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 23:10:25
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 23:11:20
ComboFix-quarantined-files.txt 2008-06-08 03:11:08

Pre-Run: 161,897,574,400 bytes free
Post-Run: 161,856,536,576 bytes free

232 --- E O F --- 2008-06-07 21:04:37
  • 0

#35
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23, on 2008-06-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Matthew\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 8" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB3738] command /c del "C:\Program Files\NetProject\sbmntr.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD983] cmd /c del "C:\Program Files\NetProject\sbmntr.exe_old"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

I am very sorry for the slow reply, i have been very busy, and sick lately, and havent really even had the chance to use my PC. Thanks so much!
  • 0

#36
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
One other thing i thought imight add....my Spybot S&D TeaTimer goes crazy when ifirst startup, or sometimes on random occasions. Something about an executable that is trying to run but i have it blacklisted, so everytime it tries to run iget the little notice box. Ill take a screenie the next time it happens.
  • 0

#37
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, thanks for the reply.. I'll wait for the screenie.. By the way.. lets do this first...


This time I'll need you to completely disable the following programs prior to our fix..

1. Spybot S&D
2. Windows Defender
3. Lavasoft Ad-Aware..

If you do not know how to do it, please visit link below:
http://wiki.castleco...toring_Programs



NEXT


Make sure you are running as Administrator. Please re-open HijackThis (Vista users, please right click on HijackThis and select "Run as an Administrator") and click on Do a system scan only. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearc...ce.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
O2 - BHO: (no name) - {34CF6660-9BD3-431A-BA32-6B511D4126DA} - (no file)
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O4 - HKCU\..\RunOnce: [SpybotDeletingB3738] command /c del "C:\Program Files\NetProject\sbmntr.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD983] cmd /c del "C:\Program Files\NetProject\sbmntr.exe_old"


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.


Please restart your computer. After that, then re-enable those programs that have been disabled before.. Post a fresh DSS log along with the screenie you mentioned earlier...


Regards
fenzodahl512
  • 0

#38
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Deckard's System Scanner v20071014.68
Run by Matthew on 2008-06-11 22:29:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Matthew.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29, on 2008-06-11
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Matthew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Matthew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RestartNeroSetup] "C:\Users\Matthew\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe" MODE="update" STARTMODE="2" USERSEL="3" FAMILYNAME="Nero 8" RUNSETUPXU="1" UPGRADE="1"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[email protected]
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5612 bytes

-- Files created between 2008-05-11 and 2008-06-11 -----------------------------

2008-06-08 17:32:15 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-08 14:16:37 0 d-------- C:\Program Files\Common Files\Nullsoft
2008-06-08 14:16:34 0 d-------- C:\Program Files\AIM
2008-06-07 23:08:09 68096 --a------ C:\Windows\zip.exe
2008-06-07 23:08:09 49152 --a------ C:\Windows\VFind.exe
2008-06-07 23:08:09 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-07 23:08:09 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-07 23:08:09 98816 --a------ C:\Windows\sed.exe
2008-06-07 23:08:09 80412 --a------ C:\Windows\grep.exe
2008-06-07 23:08:09 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-05 18:25:31 0 d-------- C:\Users\Matthew\DoctorWeb
2008-05-31 12:13:26 0 d-------- C:\Users\All Users\Malwarebytes
2008-05-31 12:13:25 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-30 21:49:51 1409 --a------ C:\Windows\mozver.dat
2008-05-29 10:13:33 0 d-------- C:\Program Files\Microsoft IntelliPoint
2008-05-29 06:56:30 0 d-------- C:\Users\All Users\FLEXnet
2008-05-28 19:01:51 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-05-28 19:00:10 0 d-------- C:\Program Files\Trend Micro
2008-05-28 18:25:36 0 d-------- C:\VundoFix Backups
2008-05-28 18:19:43 2710 --a------ C:\Windows\system32\tmp.reg
2008-05-28 18:16:43 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-05-28 18:16:43 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-28 18:16:43 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-28 18:16:43 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-28 18:16:43 51200 --a------ C:\Windows\system32\dumphive.exe
2008-05-28 09:06:16 0 d--h----- C:\$AVG8.VAULT$
2008-05-28 08:29:07 0 d-------- C:\Windows\system32\drivers\Avg
2008-05-28 08:29:04 0 d-------- C:\Users\All Users\avg8
2008-05-28 08:29:04 0 d-------- C:\Program Files\AVG
2008-05-28 08:20:59 0 d-------- C:\Program Files\Enigma Software Group
2008-05-28 07:56:53 0 d-------- C:\Windows\Content.IE5
2008-05-27 23:35:32 0 d-------- C:\Users\All Users\Lavasoft
2008-05-27 23:35:32 0 d-------- C:\Program Files\Lavasoft
2008-05-27 23:35:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-27 23:30:39 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-26 23:29:58 0 d-------- C:\Users\All Users\Xfire
2008-05-26 23:29:58 0 d-------- C:\Program Files\Xfire
2008-05-26 22:13:09 0 d-------- C:\Program Files\Logitech
2008-05-26 14:00:06 0 d-------- C:\Program Files\Dl_cats
2008-05-26 13:59:26 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-05-26 13:59:21 0 d-------- C:\Program Files\Dell
2008-05-26 13:58:45 45056 --a------ C:\Windows\system32\DLPRMON.DLL <Not Verified; ; Dell Fax Solutions Software>
2008-05-26 13:58:45 32768 --a------ C:\Windows\system32\DLPMONUI.DLL <Not Verified; ; Dell Fax Solutions Software>
2008-05-26 13:58:25 98345 --a------ C:\Windows\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-26 13:58:25 339968 --a------ C:\Windows\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2008-05-26 13:58:24 0 d-------- C:\Users\All Users\DellFaxCtr
2008-05-26 13:58:20 0 d-------- C:\Program Files\Dell PC Fax
2008-05-26 13:58:16 274432 --a------ C:\Windows\system32\dlcxinst.dll
2008-05-26 13:58:16 323584 --a------ C:\Windows\system32\dlcxhcp.dll <Not Verified; ; Printer Communication System>
2008-05-26 13:58:16 0 d-------- C:\Program Files\Dell Photo AIO Printer 926
2008-05-25 21:34:13 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-25 18:10:47 0 d-------- C:\Users\All Users\Steam
2008-05-25 18:10:32 0 d-------- C:\Users\All Users\PopCap Games
2008-05-25 17:30:07 0 d-------- C:\Program Files\Nvidia Omega Drivers
2008-05-25 17:20:27 0 d-------- C:\Program Files\DIFX
2008-05-25 03:00:27 0 d-------- C:\Program Files\MSXML 4.0
2008-05-23 20:43:40 0 d-------- C:\Ubuntu
2008-05-23 20:20:53 0 d-------- C:\Users\All Users\Nero
2008-05-23 20:20:53 0 d-------- C:\Program Files\Nero
2008-05-23 20:20:53 0 d-------- C:\Program Files\Common Files\Nero
2008-05-22 23:08:35 0 d-------- C:\Program Files\CodeGazer
2008-05-22 22:38:01 0 --a------ C:\Windows\nsreg.dat
2008-05-22 18:29:40 0 d-------- C:\Windows\nvidia icons
2008-05-21 18:42:53 0 d-------- C:\Program Files\Bonjour
2008-05-21 18:42:22 0 d-------- C:\Program Files\Emergent Music LLC
2008-05-21 18:41:37 0 d-------- C:\Program Files\Ruckus Player
2008-05-21 18:28:41 0 d-------- C:\Program Files\uTorrent
2008-05-20 23:58:55 0 d-------- C:\Windows\Panther
2008-05-20 23:58:13 0 d-------- C:\Windows\system32\OEM
2008-05-20 23:58:13 34 -rah----- C:\Windows\DELL_VERSION
2008-05-20 23:04:14 0 d-------- C:\Windows\SoftwareDistribution
2008-05-20 23:03:01 0 d-------- C:\Windows\Debug
2008-05-20 22:59:48 0 d-------- C:\Windows\Prefetch
2008-05-20 22:29:43 0 d-------- C:\Windows\system32\Macromed
2008-05-20 22:20:07 0 d-------- C:\Program Files\Common Files\Steam
2008-05-20 22:20:06 0 d-------- C:\Program Files\Steam
2008-05-20 22:07:58 0 d-------- C:\Users\All Users\NVIDIA
2008-05-20 21:48:14 1726 --a------ C:\Windows\ndinst.exe
2008-05-20 21:48:14 0 -rahs---- C:\MSDOS.SYS
2008-05-20 21:48:14 0 -rahs---- C:\IO.SYS
2008-05-20 21:33:14 15781 --a------ C:\Windows\system32\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
2008-05-20 21:33:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 21:32:57 0 d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-05-20 21:08:41 0 d-------- C:\Users\All Users\Adobe
2008-05-20 20:53:36 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-20 20:52:58 0 d--hs---- C:\Windows\Installer
2008-05-20 20:52:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-20 20:31:14 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-20 20:14:46 0 dr------- C:\Users\Matthew\Searches
2008-05-20 20:14:38 0 dr------- C:\Users\Matthew\Contacts
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\Templates
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\Start Menu
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\SendTo
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\Recent
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\PrintHood
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\NetHood
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\My Documents
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\Local Settings
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\Cookies
2008-05-20 20:14:34 0 d--hs---- C:\Users\Matthew\Application Data
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Videos
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Saved Games
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Pictures
2008-05-20 20:14:33 2621440 --ahs---- C:\Users\Matthew\NTUSER.DAT
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Music
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Links
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Favorites
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Downloads
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Documents
2008-05-20 20:14:33 0 dr------- C:\Users\Matthew\Desktop
2008-05-20 20:14:33 0 d--h----- C:\Users\Matthew\AppData
2008-05-18 23:17:36 0 d-------- C:\NVIDIA


-- Find3M Report ---------------------------------------------------------------

2008-06-11 03:07:08 0 d-------- C:\Program Files\Windows Mail
2008-06-08 14:16:52 0 d-------- C:\Users\Matthew\AppData\Roaming\acccore
2008-06-08 14:16:51 0 d-------- C:\Users\Matthew\AppData\Roaming\AIMPro
2008-06-08 14:16:37 0 d-------- C:\Program Files\Common Files
2008-06-08 14:16:20 0 d-------- C:\Users\Matthew\AppData\Roaming\AIM
2008-06-08 14:09:03 0 d-------- C:\Users\Matthew\AppData\Roaming\uTorrent
2008-05-31 12:13:33 0 d-------- C:\Users\Matthew\AppData\Roaming\Malwarebytes
2008-05-28 18:20:19 35 --a------ C:\Users\Matthew\AppData\Roaming\SetValue.bat
2008-05-28 18:20:19 691 --a------ C:\Users\Matthew\AppData\Roaming\GetValue.vbs
2008-05-28 00:17:21 0 d-------- C:\Users\Matthew\AppData\Roaming\DellFaxCtr
2008-05-27 23:22:09 0 d-------- C:\Users\Matthew\AppData\Roaming\Xfire
2008-05-25 23:47:59 0 d-------- C:\Users\Matthew\AppData\Roaming\Adobe
2008-05-25 21:50:38 174 --ahs---- C:\Program Files\desktop.ini
2008-05-25 21:45:05 0 d-------- C:\Program Files\Windows Sidebar
2008-05-25 21:45:05 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-25 21:45:05 0 d-------- C:\Program Files\Windows Collaboration
2008-05-25 21:45:05 0 d-------- C:\Program Files\Windows Calendar
2008-05-25 21:45:05 0 d-------- C:\Program Files\Movie Maker
2008-05-25 21:45:02 0 d-------- C:\Program Files\Windows Defender
2008-05-23 20:21:55 0 d-------- C:\Users\Matthew\AppData\Roaming\Nero
2008-05-22 22:37:59 0 d-------- C:\Users\Matthew\AppData\Roaming\Mozilla
2008-05-21 19:22:12 0 d-------- C:\Users\Matthew\AppData\Roaming\goombah
2008-05-21 18:43:56 0 d-------- C:\Users\Matthew\AppData\Roaming\Ruckus Network
2008-05-20 22:29:44 0 d-------- C:\Users\Matthew\AppData\Roaming\Macromedia
2008-05-20 21:09:08 0 d-------- C:\Users\Matthew\AppData\Roaming\AdobeUM
2008-05-20 20:14:39 0 d-------- C:\Users\Matthew\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"RestartNeroSetup"="C:\Users\Matthew\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe" []
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-11-03 18:09]
"dlcxmon.exe"="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 12:57]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 18:04]
"DLCXCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 01:31]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-28 08:29]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" [2007-10-09 03:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-26 22:13]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-26 22:13:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-11 22:30:55 ------------
  • 0

#39
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Edit : Double Post

Edited by johnny boy, 11 June 2008 - 08:39 PM.

  • 0

#40
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
the tea-timer didnt do it this time, and the Entries are gone. Dunno why it worked this time.
I do have a log of what Tea-timer was doing though, ill post a peice of it because the entire thing is wayyyyyyyyyyy to long, plus all it is is the same thing over and over again.

Here it is:

5/27/2008 11:31:12 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\scit.exe!
5/27/2008 11:31:12 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\scm.exe!
5/27/2008 11:31:12 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\sbmntr.exe!
5/27/2008 11:31:12 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\sbsm.exe!
5/27/2008 11:31:14 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\sbmntr.exe!
5/27/2008 11:31:14 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\sbsm.exe!
5/27/2008 11:35:54 PM Allowed (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") changed in Session manager!
5/27/2008 11:48:04 PM Encountered and terminated Zlob.Downloader.vdt in C:\Program Files\NetProject\scu.exe!
5/27/2008 11:50:15 PM Denied (based on Spybot-S&D scan) value "{51D81DD5-55B7-497F-95DB-D356429BB54E}" (new data: "") deleted in User-specific browser toolbar!
5/27/2008 11:50:15 PM Denied (based on Spybot-S&D scan) value "{51D81DD5-55B7-497F-95DB-D356429BB54E}" (new data: "") deleted in Global browser toolbar!
5/27/2008 11:50:41 PM Denied (based on user decision) value "SpybotDeletingB7875" (new data: "command /c del "C:\Program Files\NetProject\wamdl.dll_old"") added in System Startup user entry!
5/27/2008 11:50:44 PM Denied (based on user decision) value "SpybotDeletingD2470" (new data: "cmd /c del "C:\Program Files\NetProject\wamdl.dll_old"") added in System Startup user entry!
5/27/2008 11:50:47 PM Denied (based on user decision) value "SpybotDeletingA6554" (new data: "command /c del "C:\Program Files\NetProject\wamdl.dll_old"") added in System Startup global entry!
5/27/2008 11:50:49 PM Denied (based on user decision) value "SpybotDeletingC9660" (new data: "cmd /c del "C:\Program Files\NetProject\wamdl.dll_old"") added in System Startup global entry!
5/27/2008 11:50:49 PM Denied (based on user decision) value "SpybotDeletingA1765" (new data: "command /c del "C:\Program Files\NetProject\sbmntr.exe_old"") added in System Startup global entry!
5/27/2008 11:50:50 PM Denied (based on user decision) value "SpybotDeletingC7119" (new data: "cmd /c del "C:\Program Files\NetProject\sbmntr.exe_old"") added in System Startup global entry!
5/27/2008 11:50:50 PM Allowed (based on authenticode whitelist) value "SpybotSnD" (new data: ""C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck") added in System Startup global entry!
5/27/2008 11:51:36 PM Denied (based on user decision) value "{7C109800-A5D5-438F-9640-18D17E168B88}" (new data: "") deleted in Browser Helper Object!
5/28/2008 12:17:34 AM Denied (based on user decision) value "SpybotDeletingB3738" (new data: "") deleted in System Startup user entry!
5/28/2008 12:17:36 AM Denied (based on user decision) value "SpybotDeletingD983" (new data: "") deleted in System Startup user entry!
5/28/2008 12:17:38 AM Denied (based on user decision) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:42 AM Denied (based on user decision) value "{51D81DD5-55B7-497F-95DB-D356429BB54E}" (new data: "") deleted in User-specific browser toolbar!
5/28/2008 12:17:44 AM Denied (based on user decision) value "{51D81DD5-55B7-497F-95DB-D356429BB54E}" (new data: "") deleted in Global browser toolbar!
5/28/2008 12:17:49 AM Denied (based on user decision) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:50 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:50 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:51 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:51 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:53 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:53 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:54 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:54 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:55 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:55 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:56 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:56 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:57 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:57 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:17:59 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:17:59 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:00 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:00 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:01 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:01 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:03 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:03 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:04 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:04 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:05 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:05 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:06 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:06 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
") added in Session manager!
5/28/2008 12:18:07 AM Denied (based on user blacklist) value "SpybotSnD" (new data: "") deleted in System Startup global entry!
5/28/2008 12:18:07 AM Denied (based on user blacklist) value "BootExecute" (new data: "autocheck autochk *
lsdelete
  • 0

Advertisements


#41
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Tell me about your computer condition

Regards
fenzodahl512
  • 0

#42
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, June 14, 2008
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, June 14, 2008 01:24:38
Records in database: 862158
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 89054
Threat name: 1
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:01:30


File name / Threat name / Threats count
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Users\Matthew\DoctorWeb\Quarantine\SmitfraudFi0.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.
  • 0

#43
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello.. At last.. Your logs look clean to my eyes.. Congratulations! :)

Now, lets do the following..

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Please note that the space between x and / is needed

    Posted Image




NEXT


Please Install/Update Sun Java

Updating Java:
  • Go to Start --> Control Panel --> Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  • It should have next icon next to it: Posted Image
  • Select it and click Remove. This will uninstall the previous (outdated) version of Java.
  • Then Download and install the newest version from here: Java Runtime Environment (JRE) 6 Update 6




NEXT


I noticed that you already have:
1. AVG8 as your antivirus
2. SpywareBot S&D, Lavasoft Ad-Aware as your antispyware

However, I haven't seen any third-party firewall in your logs.. Do you have any? If you don't, please install ONLY ONE of these free and excellent firewal below:
After you install the third party firewall, please disable your Windows firewall. Please go to My Computer >> Control Panel >> Windows Firewall and choose Off (not recommended) option. Then please click Apply and Ok.



Lastly, to keep your operating system up to date please visit the link below monthly

To learn more about how to protect yourself while on the internet read this excellent article by Tony Klein: So how did I get infected in the first place?

Please also read an excellent article by miekiemoes :Help! My computer is slow!

And another excellent article by CastleCops Malware Prevention: Prevent Re-infection

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#44
johnny boy

johnny boy

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Well, everything is running as it should, however i cannot access any "Listen Live" options on say a radio stations site. I used to before, however i can not now. I have exhausted everything i can think to do, so maybe you can help me out with that too.

Thanks,
Matt
  • 0

#45
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ouch.. I wish I can help with that.. But I believe it's not related with Malware..

Please seek further assistance at our Windows Vista forum.. link below.. Tell them I send you there..

http://www.geekstogo...-Vista-f79.html




Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP