Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stubborn vundo [RESOLVED]

Started by Zeld4 , Jun 15 2008 12:56 PM

  • This topic is locked This topic is locked

#1
Zeld4
Posted 15 June 2008 - 12:56 PM

Zeld4

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:48 PM, on 6/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Users\Zeld4\Program Files\DNA\btdna.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: (no name) - {3CA60057-9277-49C0-8D64-280DBAD9C3E1} - C:\Windows\system32\ssqQhiJC.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\ssqQhiJC.dll,#1
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM ®] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Zeld4\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Zeld4\AppData\Local\Temp\urqPgdaW.dll,c
O4 - HKCU\..\Run: [BM7516971d] Rundll32.exe "C:\Users\Zeld4\AppData\Local\Temp\gymitemc.dll",s
O4 - HKCU\..\Run: [7625a481] rundll32.exe "C:\Users\Zeld4\AppData\Local\Temp\ljkoxejr.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0191811213541383) (0191811213541383mcinstcleanup) - Unknown owner - C:\Users\Zeld4\AppData\Local\Temp\019181~1.EXE (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 9790 bytes

vundofix is running but has been for the last ten minutes almost and nothing has happened... its scanning but not finding or doing much of anything. sigh =(
  • 0

Advertisements

#2
Zeld4
Posted 15 June 2008 - 01:29 PM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did a system restore to yesterday but I'm still having some problems heres a new hijack this thing

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:29:10 PM, on 6/15/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Zeld4\Program Files\DNA\btdna.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM ®] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Zeld4\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Zeld4\AppData\Local\Temp\geBtRhIa.dll,#1
O4 - HKCU\..\Run: [BM7516971d] Rundll32.exe "C:\Users\Zeld4\AppData\Local\Temp\lfjjowmw.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7795 bytes


and I did vundo fix and it didnt find any problems but my windows explorer keeps encountering problems and restarting.
  • 0

#3
Rorschach112
Posted 15 June 2008 - 01:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.






Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#4
Zeld4
Posted 15 June 2008 - 08:23 PM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Um I'm using Vista so I'm a little confused about the recovery thing... ?_?
  • 0

#5
Rorschach112
Posted 16 June 2008 - 07:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Just leave that and run ComboFix
  • 0

#6
Zeld4
Posted 16 June 2008 - 10:26 AM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay here is combofix log

ComboFix 08-06-15.4 - Zeld4 2008-06-16 11:15:58.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2702 [GMT -5:00]
Running from: C:\Users\Zeld4\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-15 13:46 . 2008-06-15 13:46 <DIR> d-------- C:\VundoFix Backups
2008-06-15 10:08 . 2008-06-15 10:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 10:05 . 2008-06-15 10:05 <DIR> d-------- C:\Deckard
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\SiteAdvisor
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-06-15 09:49 . 2008-06-15 09:49 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-15 09:49 . 2008-06-15 09:52 <DIR> d-------- C:\Program Files\McAfee
2008-06-15 09:45 . 2008-06-15 09:52 <DIR> d-------- C:\Users\All Users\McAfee
2008-06-15 09:45 . 2008-06-15 09:52 <DIR> d-------- C:\PROGRA~2\McAfee
2008-06-13 11:00 . 2008-06-13 11:00 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-12 11:18 . 2008-06-12 11:18 <DIR> d-------- C:\Users\Zeld4\Program Files
2008-06-12 01:24 . 2008-06-16 11:11 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\DNA
2008-06-12 01:24 . 2008-06-14 00:54 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\BitTorrent
2008-06-12 01:24 . 2008-06-12 01:24 <DIR> d-------- C:\Program Files\DNA
2008-06-12 01:24 . 2008-06-12 01:24 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-10 15:09 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-10 15:09 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-10 15:08 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-10 15:08 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 15:07 . 2008-06-10 15:07 150 --a------ C:\Windows\Lexstat.ini
2008-06-10 15:06 . 2008-06-10 15:08 <DIR> d-------- C:\Program Files\Lexmark Z500-Z600 Series
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Apple Computer
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Program Files\iTunes
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Program Files\iPod
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Program Files\Bonjour
2008-06-07 22:55 . 2008-06-07 22:56 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-07 22:55 . 2008-06-07 22:55 <DIR> d-------- C:\Program Files\QuickTime
2008-06-07 22:55 . 2008-06-07 22:56 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\Users\All Users\Apple
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\PROGRA~2\Apple
2008-06-07 22:50 . 2008-06-07 22:50 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Purple Ghost Software, Inc
2008-06-07 22:50 . 2008-06-07 22:50 <DIR> d-------- C:\Program Files\Purple Ghost
2008-06-07 22:48 . 2008-06-07 22:48 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-06-07 22:46 . 2008-06-07 22:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-07 01:30 . 2008-06-07 01:30 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\acccore
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-06-07 01:29 . 2008-06-07 01:30 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\Users\All Users\AOL
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\PROGRA~2\Viewpoint
2008-06-07 01:29 . 2008-06-07 01:30 <DIR> d-------- C:\PROGRA~2\AOL OCP
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\PROGRA~2\AOL
2008-06-07 01:28 . 2008-06-07 01:29 <DIR> d-------- C:\Program Files\AIM6
2008-06-07 01:28 . 2008-06-07 01:29 365 --ah----- C:\IPH.PH
2008-06-07 01:24 . 2008-06-07 01:29 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-07 01:24 . 2001-11-19 13:58 278,581 --a------ C:\Windows\System32\temp.001
2008-06-07 01:24 . 2001-11-19 13:58 58,938 --a------ C:\Windows\System32\temp.000
2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\CyberLink
2008-06-02 21:30 . 2008-06-02 21:30 <DIR> dr-h----- C:\Users\Zeld4\AppData\Roaming\SecuROM
2008-06-02 21:05 . 2008-06-05 13:41 <DIR> d-------- C:\Program Files\EA GAMES
2008-06-02 21:05 . 2007-04-04 17:39 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-06-01 22:13 . 2008-06-12 15:12 27,335 --a------ C:\Users\Zeld4\AppData\Roaming\nvModes.dat
2008-06-01 21:31 . 2008-06-01 22:07 <DIR> d-------- C:\Program Files\Trillian
2008-06-01 19:38 . 2008-06-01 19:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-01 19:37 . 2008-06-01 19:37 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Nikon
2008-06-01 19:37 . 2008-06-01 19:37 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-01 19:32 . 2008-06-07 15:04 20 ---h----- C:\Users\All Users\PKP_DLdw.DAT
2008-06-01 19:32 . 2008-06-07 15:04 20 ---h----- C:\PROGRA~2\PKP_DLdw.DAT
2008-06-01 19:31 . 2008-06-01 19:31 <DIR> d-------- C:\Users\All Users\Nikon
2008-06-01 19:31 . 2008-06-01 19:32 <DIR> d-------- C:\Program Files\Nikon
2008-06-01 19:31 . 2008-06-01 19:34 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-06-01 19:31 . 2008-06-01 19:31 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-01 19:31 . 2008-06-01 19:31 <DIR> d-------- C:\PROGRA~2\Nikon
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\Users\All Users\Ultima_T15
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\Users\All Users\EnterNHelp
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\PROGRA~2\Ultima_T15
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\PROGRA~2\EnterNHelp
2008-06-01 19:30 . 2008-06-07 15:03 20 ---h----- C:\Users\All Users\PKP_DLdu.DAT
2008-06-01 19:30 . 2008-06-07 15:03 20 ---h----- C:\PROGRA~2\PKP_DLdu.DAT
2008-06-01 19:18 . 2008-06-01 19:18 <DIR> d-------- C:\Program Files\RescuePRO
2008-06-01 19:18 . 2008-06-01 19:18 286,720 --a------ C:\Windows\iun507.exe
2008-06-01 19:00 . 2008-06-01 19:00 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Creative
2008-06-01 18:46 . 2008-06-01 18:46 <DIR> d-------- C:\Program Files\Codemasters
2008-06-01 11:35 . 2008-06-01 11:35 0 --a------ C:\Windows\nsreg.dat
2008-06-01 11:28 . 2008-06-01 11:28 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Symantec
2008-06-01 11:28 . 2008-06-01 11:43 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-06-01 11:28 . 2008-06-01 11:43 <DIR> d-------- C:\PROGRA~2\NVIDIA
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Videos
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Searches
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Saved Games
2008-06-01 11:27 . 2008-06-10 16:35 <DIR> dr------- C:\Users\Zeld4\Pictures
2008-06-01 11:27 . 2008-06-07 22:57 <DIR> dr------- C:\Users\Zeld4\Music
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Links
2008-06-01 11:27 . 2008-06-01 11:34 <DIR> dr------- C:\Users\Zeld4\Downloads
2008-06-01 11:27 . 2008-06-16 11:07 <DIR> dr------- C:\Users\Zeld4\Documents
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Contacts
2008-06-01 11:27 . 2006-11-02 07:37 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Media Center Programs
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> d--h----- C:\Users\Zeld4\AppData\Roaming\GTek
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> d--h----- C:\Users\Zeld4\AppData
2008-06-01 11:27 . 2008-06-16 11:14 <DIR> d-------- C:\Users\Zeld4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 04:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-03 03:34 --------- d-----w C:\PROGRA~2\CyberLink
2008-06-02 00:30 106,496 ----a-w C:\Windows\System32\ATL71.DLL
2008-06-02 00:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-01 16:50 --------- d-----w C:\PROGRA~2\Symantec
2008-06-01 16:40 --------- d-----w C:\Program Files\Google
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Templates
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Start Menu
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Favorites
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Documents
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Desktop
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Application Data
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 21:23 2153472 C:\Windows\System32\oobefldr.dll]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 04:18 68856]
"AIM ®"="C:\PROGRA~1\AIM95\aim.exe" [ ]
"Aim6"="" []
"BitTorrent DNA"="C:\Users\Zeld4\Program Files\DNA\btdna.exe" [2008-06-12 11:18 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 06:40 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 03:50 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 00:51 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-02 23:28 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-28 01:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-28 01:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-28 01:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-09-28 01:24 81920]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 14:33 1548288]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-15 04:18 1838592]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Users\Zeld4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 20:10:42 479232]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

C:\Users\Zeld4\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 20:10:42 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B966801C-0858-4C39-92CB-93F951994C87}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5C145BBC-E0C0-4D73-A167-BD6E96C61C6A}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{073EC001-EC50-4FB8-8F72-EBAA663E9397}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{83A36271-2232-4AF4-98A8-D433432F8DCB}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{638B76CA-228A-417D-B3A5-311D1D36CEBB}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FD7FB0B4-10A3-4254-BBCA-E65DDD5D4EA6}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8066CABE-E53E-42BF-A325-73D587B4AF89}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{26645419-D8D6-4179-8CD9-85E47243EE2F}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{D85DF1CE-D7AD-40BA-A1BF-74A1F0DB3CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A8969998-F03C-4521-8024-C4FD1AFC67DD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E62C38EF-C4CC-4BFA-8EF6-D8941C32C956}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CB83FFB1-1F96-42BC-A2BF-E5144250D1E4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7C7CCC9D-0EAA-49A3-B1DC-77048142E32F}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{21409CD8-9BA0-456C-A8E5-87A37BF4314A}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{3A86B09F-D1E5-4B69-A088-84DC3D6EF5C0}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{1CF5D373-4AEE-4E9E-AF2E-4857E0EFFFCA}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{503E7AE6-848A-473B-9906-A444F2D6E90D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{3C4F9643-9E9E-4E95-9D54-8FEAF9E02356}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F3B8D499-1010-4F87-A267-E9F2F47B2688}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2376B56B-B3A2-4E34-88C5-117B36ADC0C9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{972BDA54-B7E1-4DF4-888A-2AD81304D7CC}C:\\users\\zeld4\\program files\\dna\\btdna.exe"= UDP:C:\users\zeld4\program files\dna\btdna.exe:btdna.exe
"UDP Query User{2E37CEA1-08CB-4407-8CE1-DF2D9846233B}C:\\users\\zeld4\\program files\\dna\\btdna.exe"= TCP:C:\users\zeld4\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-12-02 23:27]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe [2007-03-16 01:24]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 00:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 00:51]
R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 22:44]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 01:40]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 21:23]
S4 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 04:27]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 21:23]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 11:19:45
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-16 11:22:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 16:22:28

The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 170,882,228,224 bytes free

257 --- E O F --- 2008-06-15 19:12:22


Here is hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:32 AM, on 6/16/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Zeld4\Program Files\DNA\btdna.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AIM ®] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Zeld4\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbc_device - - C:\Windows\system32\lxbccoms.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 7103 bytes


And here is kaspersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 16, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 16, 2008 02:43:29
Records in database: 870683
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 92339
Threat name: 6
Infected objects: 39
Suspicious objects: 0
Duration of the scan: 00:59:44


File name / Threat name / Threats count
C:\Users\Zeld4\AppData\Local\Temp\qcalvuaw.dll/C:\Users\Zeld4\AppData\Local\Temp\qcalvuaw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 26
C:\$Recycle.Bin\S-1-5-21-3226078838-398028864-1407408023-1000\$RQDBMPA\Coldplay - Viva La Vida Or Death & All His Friends [2008] CDRip + Bonus + Covers\Coldplay - Viva La Vida Or Death & All His Friends [2008] CD + Bonus + Covers.exe Infected: Trojan.Win32.Monder.gen 1
C:\Users\Zeld4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYK6ZRXF\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.ytc 1
C:\Users\Zeld4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FV17UZ9T\kb671231[1] Infected: Trojan.Win32.Monder.qx 1
C:\Users\Zeld4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OT9Z07HY\kb456456[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1
C:\Users\Zeld4\AppData\Local\Temp\csddbikg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ytc 1
C:\Users\Zeld4\AppData\Local\Temp\fnahmuyf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1
C:\Users\Zeld4\AppData\Local\Temp\geBtRhIa.dll Infected: Trojan.Win32.Monder.gen 1
C:\Users\Zeld4\AppData\Local\Temp\jjydofrw.dll Infected: Trojan.Win32.Monder.qf 1
C:\Users\Zeld4\AppData\Local\Temp\lfjjowmw.dll Infected: Trojan.Win32.Monder.qx 1
C:\Users\Zeld4\AppData\Local\Temp\nlfuvyvi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ytd 1
C:\Users\Zeld4\AppData\Local\Temp\qcalvuaw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.yuv 1
C:\Users\Zeld4\AppData\Local\Temp\tmvijecp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ytc 1
C:\Users\Zeld4\AppData\Local\Temp\yywotvtf.dll Infected: Trojan.Win32.Monder.qx 1

The selected area was scanned.
  • 0

#7
Zeld4
Posted 16 June 2008 - 10:35 AM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Oh I guess I should re-do kaspersky. I did it yesterday before running combo fix... Hehe =D
  • 0

#8
Rorschach112
Posted 16 June 2008 - 11:51 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
No need

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\System32\temp.001
C:\Windows\System32\temp.000
C:\$Recycle.Bin\S-1-5-21-3226078838-398028864-1407408023-1000\$RQDBMPA\Coldplay - Viva La Vida Or Death & All His Friends [2008] CDRip + Bonus + Covers

Folder::
C:\$Recycle.Bin\S-1-5-21-3226078838-398028864-1407408023-1000\$RQDBMPA\Coldplay - Viva La Vida Or Death & All His Friends [2008] CDRip + Bonus + Covers

DirLook::
C:\Users\Zeld4\Downloads

Driver::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#9
Zeld4
Posted 16 June 2008 - 02:17 PM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ComboFix 08-06-15.4 - Zeld4 2008-06-16 15:09:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1921 [GMT -5:00]
Running from: C:\Users\Zeld4\Desktop\ComboFix.exe
Command switches used :: C:\Users\Zeld4\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\$Recycle.Bin\S-1-5-21-3226078838-398028864-1407408023-1000\$RQDBMPA\Coldplay - Viva La Vida Or Death & All His Friends [2008] CDRip + Bonus + Covers
C:\Windows\System32\temp.000
C:\Windows\System32\temp.001
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$Recycle.Bin\S-1-5-21-3226078838-398028864-1407408023-1000\$RQDBMPA\Coldplay - Viva La Vida Or Death & All His Friends [2008] CDRip + Bonus + Covers
C:\Windows\System32\temp.000
C:\Windows\System32\temp.001

.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 11:45 . 2008-06-16 11:45 <DIR> d-------- C:\Windows\Sun
2008-06-15 13:46 . 2008-06-15 13:46 <DIR> d-------- C:\VundoFix Backups
2008-06-15 10:08 . 2008-06-15 10:08 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-15 10:05 . 2008-06-15 10:05 <DIR> d-------- C:\Deckard
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\SiteAdvisor
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\Users\All Users\SiteAdvisor
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-06-15 09:52 . 2008-06-15 09:52 <DIR> d-------- C:\PROGRA~2\SiteAdvisor
2008-06-15 09:49 . 2008-06-15 09:49 <DIR> d-------- C:\Program Files\McAfee.com
2008-06-15 09:49 . 2008-06-15 09:52 <DIR> d-------- C:\Program Files\McAfee
2008-06-15 09:45 . 2008-06-15 09:52 <DIR> d-------- C:\Users\All Users\McAfee
2008-06-15 09:45 . 2008-06-15 09:52 <DIR> d-------- C:\PROGRA~2\McAfee
2008-06-13 11:00 . 2008-06-13 11:00 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-12 11:18 . 2008-06-12 11:18 <DIR> d-------- C:\Users\Zeld4\Program Files
2008-06-12 01:24 . 2008-06-16 15:11 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\DNA
2008-06-12 01:24 . 2008-06-14 00:54 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\BitTorrent
2008-06-12 01:24 . 2008-06-12 01:24 <DIR> d-------- C:\Program Files\DNA
2008-06-12 01:24 . 2008-06-12 01:24 <DIR> d-------- C:\Program Files\BitTorrent
2008-06-10 15:09 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-10 15:09 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-10 15:08 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-10 15:08 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-10 15:07 . 2008-06-10 15:07 150 --a------ C:\Windows\Lexstat.ini
2008-06-10 15:06 . 2008-06-10 15:08 <DIR> d-------- C:\Program Files\Lexmark Z500-Z600 Series
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Apple Computer
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Program Files\iTunes
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Program Files\iPod
2008-06-07 22:56 . 2008-06-07 22:56 <DIR> d-------- C:\Program Files\Bonjour
2008-06-07 22:55 . 2008-06-07 22:56 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-07 22:55 . 2008-06-07 22:55 <DIR> d-------- C:\Program Files\QuickTime
2008-06-07 22:55 . 2008-06-07 22:56 <DIR> d-------- C:\PROGRA~2\Apple Computer
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\Users\All Users\Apple
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-07 22:53 . 2008-06-07 22:53 <DIR> d-------- C:\PROGRA~2\Apple
2008-06-07 22:50 . 2008-06-07 22:50 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Purple Ghost Software, Inc
2008-06-07 22:50 . 2008-06-07 22:50 <DIR> d-------- C:\Program Files\Purple Ghost
2008-06-07 22:48 . 2008-06-07 22:48 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-06-07 22:46 . 2008-06-07 22:46 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-06-07 01:30 . 2008-06-07 01:30 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\acccore
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\Users\All Users\Viewpoint
2008-06-07 01:29 . 2008-06-07 01:30 <DIR> d-------- C:\Users\All Users\AOL OCP
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\Users\All Users\AOL
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\PROGRA~2\Viewpoint
2008-06-07 01:29 . 2008-06-07 01:30 <DIR> d-------- C:\PROGRA~2\AOL OCP
2008-06-07 01:29 . 2008-06-07 01:29 <DIR> d-------- C:\PROGRA~2\AOL
2008-06-07 01:28 . 2008-06-07 01:29 <DIR> d-------- C:\Program Files\AIM6
2008-06-07 01:28 . 2008-06-07 01:29 365 --ah----- C:\IPH.PH
2008-06-07 01:24 . 2008-06-07 01:29 <DIR> d-------- C:\Program Files\Viewpoint
2008-06-02 22:34 . 2008-06-02 22:34 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\CyberLink
2008-06-02 21:30 . 2008-06-02 21:30 <DIR> dr-h----- C:\Users\Zeld4\AppData\Roaming\SecuROM
2008-06-02 21:05 . 2008-06-05 13:41 <DIR> d-------- C:\Program Files\EA GAMES
2008-06-02 21:05 . 2007-04-04 17:39 442,368 -ra------ C:\Windows\System32\vp6vfw.dll
2008-06-01 22:13 . 2008-06-12 15:12 27,335 --a------ C:\Users\Zeld4\AppData\Roaming\nvModes.dat
2008-06-01 21:31 . 2008-06-01 22:07 <DIR> d-------- C:\Program Files\Trillian
2008-06-01 19:38 . 2008-06-01 19:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-06-01 19:37 . 2008-06-01 19:37 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Nikon
2008-06-01 19:37 . 2008-06-01 19:37 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-01 19:32 . 2008-06-07 15:04 20 ---h----- C:\Users\All Users\PKP_DLdw.DAT
2008-06-01 19:32 . 2008-06-07 15:04 20 ---h----- C:\PROGRA~2\PKP_DLdw.DAT
2008-06-01 19:31 . 2008-06-01 19:31 <DIR> d-------- C:\Users\All Users\Nikon
2008-06-01 19:31 . 2008-06-01 19:32 <DIR> d-------- C:\Program Files\Nikon
2008-06-01 19:31 . 2008-06-01 19:34 <DIR> d-------- C:\Program Files\Common Files\Nikon
2008-06-01 19:31 . 2008-06-01 19:31 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2008-06-01 19:31 . 2008-06-01 19:31 <DIR> d-------- C:\PROGRA~2\Nikon
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-06-01 19:30 . 2008-06-01 19:30 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\Users\All Users\Ultima_T15
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\Users\All Users\EnterNHelp
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\PROGRA~2\Ultima_T15
2008-06-01 19:30 . 2008-06-01 19:32 <DIR> d-------- C:\PROGRA~2\EnterNHelp
2008-06-01 19:30 . 2008-06-07 15:03 20 ---h----- C:\Users\All Users\PKP_DLdu.DAT
2008-06-01 19:30 . 2008-06-07 15:03 20 ---h----- C:\PROGRA~2\PKP_DLdu.DAT
2008-06-01 19:18 . 2008-06-01 19:18 <DIR> d-------- C:\Program Files\RescuePRO
2008-06-01 19:18 . 2008-06-01 19:18 286,720 --a------ C:\Windows\iun507.exe
2008-06-01 19:00 . 2008-06-01 19:00 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Creative
2008-06-01 18:46 . 2008-06-01 18:46 <DIR> d-------- C:\Program Files\Codemasters
2008-06-01 11:35 . 2008-06-01 11:35 0 --a------ C:\Windows\nsreg.dat
2008-06-01 11:28 . 2008-06-01 11:28 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Symantec
2008-06-01 11:28 . 2008-06-01 11:43 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-06-01 11:28 . 2008-06-01 11:43 <DIR> d-------- C:\PROGRA~2\NVIDIA
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Videos
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Searches
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Saved Games
2008-06-01 11:27 . 2008-06-10 16:35 <DIR> dr------- C:\Users\Zeld4\Pictures
2008-06-01 11:27 . 2008-06-07 22:57 <DIR> dr------- C:\Users\Zeld4\Music
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Links
2008-06-01 11:27 . 2008-06-01 11:34 <DIR> dr------- C:\Users\Zeld4\Downloads
2008-06-01 11:27 . 2008-06-16 15:03 <DIR> dr------- C:\Users\Zeld4\Documents
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> dr------- C:\Users\Zeld4\Contacts
2008-06-01 11:27 . 2006-11-02 07:37 <DIR> d-------- C:\Users\Zeld4\AppData\Roaming\Media Center Programs
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> d--h----- C:\Users\Zeld4\AppData\Roaming\GTek
2008-06-01 11:27 . 2008-06-01 11:27 <DIR> d--h----- C:\Users\Zeld4\AppData
2008-06-01 11:27 . 2008-06-16 11:14 <DIR> d-------- C:\Users\Zeld4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 04:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-03 03:34 --------- d-----w C:\PROGRA~2\CyberLink
2008-06-02 00:30 106,496 ----a-w C:\Windows\System32\ATL71.DLL
2008-06-02 00:30 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-01 16:50 --------- d-----w C:\PROGRA~2\Symantec
2008-06-01 16:40 --------- d-----w C:\Program Files\Google
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Templates
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Start Menu
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Favorites
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Documents
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Desktop
2008-06-01 16:23 --------- d-sh--w C:\PROGRA~2\Application Data
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Users\Zeld4\Downloads ----

2008-06-01 11:34 6039048 --a------ C:\Users\Zeld4\Downloads\Firefox Setup 2.0.0.14.exe
2008-06-01 11:27 282 --ahs---- C:\Users\Zeld4\Downloads\desktop.ini


((((((((((((((((((((((((((((( snapshot@2008-06-16_11.21.57.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 16:19:13 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-16 20:12:36 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-16 16:19:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-16 20:12:55 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-16 16:19:33 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-16 20:12:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-06-15 19:15:47 105,376 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-16 16:26:50 105,376 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-15 19:15:47 604,452 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-16 16:26:50 604,452 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-15 19:09:49 3,268 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3226078838-398028864-1407408023-1000_UserData.bin
+ 2008-06-16 16:21:05 3,750 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3226078838-398028864-1407408023-1000_UserData.bin
- 2008-06-15 19:09:49 66,044 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 16:21:05 66,838 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-12 16:19:26 30,314 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-16 16:20:59 30,660 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-16 02:06:41 212,148 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-06-16 20:03:07 213,670 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 21:23 2153472 C:\Windows\System32\oobefldr.dll]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-15 04:18 68856]
"AIM ®"="C:\PROGRA~1\AIM95\aim.exe" [ ]
"Aim6"="" []
"BitTorrent DNA"="C:\Users\Zeld4\Program Files\DNA\btdna.exe" [2008-06-12 11:18 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-01-18 06:40 17920]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-09-07 03:50 159744]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-08-28 00:51 36864]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-02 23:28 405504]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-28 01:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-28 01:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-28 01:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-09-28 01:24 81920]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-03-21 14:33 1548288]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 16:43 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-04-15 04:18 1838592]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 15:39 189736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Users\Zeld4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 20:10:42 479232]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B966801C-0858-4C39-92CB-93F951994C87}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{5C145BBC-E0C0-4D73-A167-BD6E96C61C6A}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{073EC001-EC50-4FB8-8F72-EBAA663E9397}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{83A36271-2232-4AF4-98A8-D433432F8DCB}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{638B76CA-228A-417D-B3A5-311D1D36CEBB}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FD7FB0B4-10A3-4254-BBCA-E65DDD5D4EA6}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8066CABE-E53E-42BF-A325-73D587B4AF89}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{26645419-D8D6-4179-8CD9-85E47243EE2F}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{D85DF1CE-D7AD-40BA-A1BF-74A1F0DB3CCB}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A8969998-F03C-4521-8024-C4FD1AFC67DD}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E62C38EF-C4CC-4BFA-8EF6-D8941C32C956}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CB83FFB1-1F96-42BC-A2BF-E5144250D1E4}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7C7CCC9D-0EAA-49A3-B1DC-77048142E32F}"= UDP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{21409CD8-9BA0-456C-A8E5-87A37BF4314A}"= TCP:C:\Windows\System32\lxbccoms.exe:Lexmark Communications System
"{3A86B09F-D1E5-4B69-A088-84DC3D6EF5C0}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{1CF5D373-4AEE-4E9E-AF2E-4857E0EFFFCA}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxbcpswx.exe:Printer Status Window
"{503E7AE6-848A-473B-9906-A444F2D6E90D}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{3C4F9643-9E9E-4E95-9D54-8FEAF9E02356}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F3B8D499-1010-4F87-A267-E9F2F47B2688}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{2376B56B-B3A2-4E34-88C5-117B36ADC0C9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{972BDA54-B7E1-4DF4-888A-2AD81304D7CC}C:\\users\\zeld4\\program files\\dna\\btdna.exe"= UDP:C:\users\zeld4\program files\dna\btdna.exe:btdna.exe
"UDP Query User{2E37CEA1-08CB-4407-8CE1-DF2D9846233B}C:\\users\\zeld4\\program files\\dna\\btdna.exe"= TCP:C:\users\zeld4\program files\dna\btdna.exe:btdna.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-12-02 23:27]
R2 lxbc_device;lxbc_device;C:\Windows\system32\lxbccoms.exe [2007-03-16 01:24]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-28 00:51]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 00:51]
R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 22:44]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 01:40]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 21:23]
S4 iaNvStor;Intel® Turbo Memory Controller;C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 04:27]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 21:23]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 15:13:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\BCMWLTRY.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\hidfind.exe
C:\Program Files\DellTPad\ApntEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-16 15:16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 20:15:53
ComboFix2.txt 2008-06-16 16:22:37

Pre-Run: 165,049,655,296 bytes free
Post-Run: 164,772,032,512 bytes free

291 --- E O F --- 2008-06-15 19:12:22



Seems to have worked alright. I guess I'll just go BUY the [bleep] new coldplay album -_-. lol <3
  • 0

#10
Rorschach112
Posted 16 June 2008 - 02:43 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Well the album had malware in it, so it had to go :)

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
Zeld4
Posted 16 June 2008 - 07:29 PM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you and expect a donation soon. I hate IE I use firefox. I'll be sure to download something to keep my computer safer. Thank you thank you thank you. =D
  • 0

#12
Zeld4
Posted 16 June 2008 - 07:47 PM

Zeld4

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
That spyware guard wont download corrctly
  • 0

#13
Rorschach112
Posted 17 June 2008 - 06:10 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Try from this link

http://majorgeeks.co...wnload3045.html

Go on with the other steps if it doesn't
  • 0

#14
Rorschach112
Posted 22 June 2008 - 10:21 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP