Tech Support Forum - View Single Post - constant popups, few website problems, possible vundo

joolies · 05-13-2008, 03:03 AM

ok here it is.

ComboFix 08-05-12.1 - Kevin V 2008-05-13 17:49:05.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2076 [GMT 8:00]
Running from: C:\Users\Kevin V\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 09:38 --------- d-----w C:\Program Files\Steam
2008-05-12 14:47 262,144 ----a-w C:\ntuser.dat
2008-05-12 10:34 67,225 ----a-w C:\Users\Kevin V\AppData\Roaming\nvModes.dat
2008-05-12 10:10 --------- d---a-w C:\ProgramData\TEMP
2008-05-09 13:07 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-09 11:44 --------- d-----w C:\Program Files\Panda Security
2008-05-09 11:31 --------- d-----w C:\ProgramData\Symantec
2008-05-09 11:26 --------- d-----w C:\Program Files\Common Files\Motive
2008-05-09 10:59 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 16:06 --------- d-----w C:\Program Files\Image-Line
2008-05-08 09:49 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Xfire
2008-05-08 08:49 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-07 10:24 --------- d-----w C:\Program Files\VstPlugins
2008-05-06 13:59 --------- d-----w C:\Program Files\Outsim
2008-05-06 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 13:41 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-04 01:07 --------- d-----w C:\ProgramData\Xfire
2008-05-04 01:07 --------- d-----w C:\Program Files\Xfire
2008-04-30 17:53 --------- d-----w C:\Program Files\TVAnts
2008-04-30 16:29 --------- d-----w C:\Program Files\Microsoft Games
2008-04-30 16:28 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Microsoft Games
2008-04-30 16:15 --------- d-----w C:\Program Files\SopCast
2008-04-30 00:58 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-04-29 12:19 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Hamachi
2008-04-29 10:28 --------- d-----w C:\Program Files\Hamachi
2008-04-29 10:27 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-04-28 13:27 --------- d-----w C:\Users\Kevin V\AppData\Roaming\BSplayer
2008-04-28 13:27 --------- d-----w C:\Program Files\Webteh
2008-04-28 13:21 --------- d-----w C:\Users\Kevin V\AppData\Roaming\BSplayer Pro
2008-04-28 13:15 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Media Player Classic
2008-04-26 02:00 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Skype
2008-04-26 01:58 --------- d-----w C:\Users\Kevin V\AppData\Roaming\skypePM
2008-04-24 14:37 32 ----a-w C:\Users\All Users\ezsid.dat
2008-04-24 14:37 32 ----a-w C:\ProgramData\ezsid.dat
2008-04-24 14:30 --------- d-----w C:\ProgramData\Skype
2008-04-24 14:30 --------- d-----w C:\Program Files\Skype
2008-04-24 14:30 --------- d-----w C:\Program Files\Common Files\Skype
2008-04-24 08:58 --------- d-----w C:\Users\Kevin V\AppData\Roaming\LimeWire
2008-04-21 10:22 --------- d-----w C:\ProgramData\Motive
2008-04-18 14:04 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Motive
2008-04-18 13:21 --------- d-----w C:\Program Files\SingTelACT
2008-04-13 15:46 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-04-11 15:58 --------- d-----w C:\Program Files\PFConfig
2008-04-05 14:07 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Ventrilo
2008-04-02 14:17 --------- d-----w C:\ProgramData\WinZip
2008-03-18 14:20 --------- d-----w C:\Program Files\BitComet
2008-03-18 14:15 --------- d-----w C:\Program Files\LimeWire
2008-03-18 10:36 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-18 09:30 --------- d-----w C:\Users\Kevin V\AppData\Roaming\SystemRequirementsLab
2008-03-18 09:30 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-03-15 12:18 --------- d-----w C:\Program Files\GoldWave
2008-03-15 08:10 --------- d-----w C:\Program Files\AVIcodec
2008-03-15 06:46 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-15 05:50 --------- d-----w C:\Program Files\VirtualDub
2008-03-13 02:12 --------- d-----w C:\Program Files\Windows Mail
2008-03-10 10:27 22,328 ----a-w C:\Users\Kevin V\AppData\Roaming\PnkBstrK.sys
2008-03-10 10:27 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-03-10 10:26 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-03-10 10:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-03-10 04:57 174 --sha-w C:\Program Files\desktop.ini
2008-03-10 04:35 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-03-10 04:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-03-10 04:35 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-03-10 04:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-03-10 04:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-03-10 04:35 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-03-10 04:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-03-10 04:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-03-10 04:35 2,923,520 ----a-w C:\Windows\explorer.exe
2008-03-10 04:34 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-03-10 04:34 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-03-10 04:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-10 04:30 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-03-10 04:29 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-03-10 04:28 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-03-10 04:28 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-03-10 04:28 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-03-10 04:28 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-03-10 04:28 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-03-10 04:28 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-03-10 04:28 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-03-10 04:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-03-10 04:28 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-03-10 04:28 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-03-10 04:26 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-03-10 04:26 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-03-10 04:26 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-03-10 04:26 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-03-10 04:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-03-10 04:24 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-10 04:24 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-10 04:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-10 04:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-03-10 04:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-03-10 04:23 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-03-10 04:23 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-03-10 04:23 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-03-10 04:23 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-03-10 04:23 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-03-10 04:23 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@={F2F31467-B1AC-4df0-AE79-FD5FA085E22B}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@={A3E208F7-0E3A-4182-A7A6-B169D5D691AA}

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-10 12:20 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 09:14 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 18:02 174616]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 10:23 405504]
"OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 01:01 36864]
"PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 12:59 115816]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 17:45 222208]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2aa276e5]
C:\Users\KEVINV~1\AppData\Local\Temp\hyueuwss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
C:\Users\KEVINV~1\AppData\Local\Temp\ljJYQHby.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"cmds"=rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c
"BM29914579"=Rundll32.exe "C:\Users\KEVINV~1\AppData\Local\Temp\ssrmiogr.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4399A8B1-E284-4931-A46B-42DDC3251AD7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44C6ADA9-D8E5-4B43-AB7C-5FBAEAE0A74A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B584ADBB-900A-49EA-A966-3B35FC4D37A9}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{F85E551C-AF35-40EC-8E74-6CCBC2D2A49A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{FD28876A-EBDE-4916-B05E-E569F210A1A4}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{44AEDD18-5FCB-420F-81B5-9FBD1C9A13FF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{97E78873-AB0F-46B9-AC00-9C1A518CEB5D}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{DBEF6AA3-C720-429D-BE2C-7F01E9785F9D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{02B76D10-931A-4193-A90B-17EFD0D48A4B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C8F45911-B126-43E6-B1C1-4CED55854C83}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{01AAD0EF-87F5-4356-8FFE-51C320A9B3F9}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{2C545E59-CA75-4D98-8263-76997A16DA78}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3878FD1D-B4A2-45E2-AC3D-56A64562A64F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{D44969EE-FCC1-4CCC-A65C-3E90349081CA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0F10ED1E-875C-4AA9-8DC9-4E1CD7F568FA}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{E73E25C6-BDE6-4B9F-88FD-B67D994E1D29}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-14 02:51]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 13:25]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 22:44]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-05 14:21]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-05 14:30]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-07 17:11]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47aa591a-ee5c-11dc-be9e-001d09397728}]
\shell\AutoRun\command - F:\autorun.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-05 12:00:08 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Kevin V.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 17:55:37
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\System32\stacsv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-13 17:58:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 09:58:23

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

258 --- E O F --- 2008-05-11 15:13:22

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:23 PM, on 13/5/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\Kevin V.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 8162 bytes

05-13-2008, 03:03 AM	#4 (permalink)
joolies Registered User Join Date: May 2008 Posts: 5 OS: vista	Re: constant popups, few website problems, possible vundo ok here it is. ComboFix 08-05-12.1 - Kevin V 2008-05-13 17:49:05.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2076 [GMT 8:00] Running from: C:\Users\Kevin V\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-13 09:38 --------- d-----w C:\Program Files\Steam 2008-05-12 14:47 262,144 ----a-w C:\ntuser.dat 2008-05-12 10:34 67,225 ----a-w C:\Users\Kevin V\AppData\Roaming\nvModes.dat 2008-05-12 10:10 --------- d---a-w C:\ProgramData\TEMP 2008-05-09 13:07 --------- d-----w C:\Program Files\SpywareBlaster 2008-05-09 11:44 --------- d-----w C:\Program Files\Panda Security 2008-05-09 11:31 --------- d-----w C:\ProgramData\Symantec 2008-05-09 11:26 --------- d-----w C:\Program Files\Common Files\Motive 2008-05-09 10:59 --------- d-----w C:\Program Files\Trend Micro 2008-05-08 16:06 --------- d-----w C:\Program Files\Image-Line 2008-05-08 09:49 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Xfire 2008-05-08 08:49 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-07 10:24 --------- d-----w C:\Program Files\VstPlugins 2008-05-06 13:59 --------- d-----w C:\Program Files\Outsim 2008-05-06 13:41 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-06 13:41 --------- d-----w C:\ProgramData\Media Center Programs 2008-05-04 01:07 --------- d-----w C:\ProgramData\Xfire 2008-05-04 01:07 --------- d-----w C:\Program Files\Xfire 2008-04-30 17:53 --------- d-----w C:\Program Files\TVAnts 2008-04-30 16:29 --------- d-----w C:\Program Files\Microsoft Games 2008-04-30 16:28 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Microsoft Games 2008-04-30 16:15 --------- d-----w C:\Program Files\SopCast 2008-04-30 00:58 41,296 ----a-w C:\Windows\System32\xfcodec.dll 2008-04-29 12:19 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Hamachi 2008-04-29 10:28 --------- d-----w C:\Program Files\Hamachi 2008-04-29 10:27 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-04-28 13:27 --------- d-----w C:\Users\Kevin V\AppData\Roaming\BSplayer 2008-04-28 13:27 --------- d-----w C:\Program Files\Webteh 2008-04-28 13:21 --------- d-----w C:\Users\Kevin V\AppData\Roaming\BSplayer Pro 2008-04-28 13:15 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Media Player Classic 2008-04-26 02:00 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Skype 2008-04-26 01:58 --------- d-----w C:\Users\Kevin V\AppData\Roaming\skypePM 2008-04-24 14:37 32 ----a-w C:\Users\All Users\ezsid.dat 2008-04-24 14:37 32 ----a-w C:\ProgramData\ezsid.dat 2008-04-24 14:30 --------- d-----w C:\ProgramData\Skype 2008-04-24 14:30 --------- d-----w C:\Program Files\Skype 2008-04-24 14:30 --------- d-----w C:\Program Files\Common Files\Skype 2008-04-24 08:58 --------- d-----w C:\Users\Kevin V\AppData\Roaming\LimeWire 2008-04-21 10:22 --------- d-----w C:\ProgramData\Motive 2008-04-18 14:04 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Motive 2008-04-18 13:21 --------- d-----w C:\Program Files\SingTelACT 2008-04-13 15:46 --------- d-----w C:\Program Files\Common Files\Microsoft Games 2008-04-11 15:58 --------- d-----w C:\Program Files\PFConfig 2008-04-05 14:07 --------- d-----w C:\Users\Kevin V\AppData\Roaming\Ventrilo 2008-04-02 14:17 --------- d-----w C:\ProgramData\WinZip 2008-03-18 14:20 --------- d-----w C:\Program Files\BitComet 2008-03-18 14:15 --------- d-----w C:\Program Files\LimeWire 2008-03-18 10:36 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-03-18 09:30 --------- d-----w C:\Users\Kevin V\AppData\Roaming\SystemRequirementsLab 2008-03-18 09:30 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-03-15 12:18 --------- d-----w C:\Program Files\GoldWave 2008-03-15 08:10 --------- d-----w C:\Program Files\AVIcodec 2008-03-15 06:46 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-15 05:50 --------- d-----w C:\Program Files\VirtualDub 2008-03-13 02:12 --------- d-----w C:\Program Files\Windows Mail 2008-03-10 10:27 22,328 ----a-w C:\Users\Kevin V\AppData\Roaming\PnkBstrK.sys 2008-03-10 10:27 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-03-10 10:26 669,184 ----a-w C:\Windows\System32\pbsvc.exe 2008-03-10 10:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-03-10 04:57 174 --sha-w C:\Program Files\desktop.ini 2008-03-10 04:35 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2008-03-10 04:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2008-03-10 04:35 542,720 ----a-w C:\Windows\System32\sysmain.dll 2008-03-10 04:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2008-03-10 04:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2008-03-10 04:35 297,984 ----a-w C:\Windows\System32\wlansec.dll 2008-03-10 04:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2008-03-10 04:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2008-03-10 04:35 2,923,520 ----a-w C:\Windows\explorer.exe 2008-03-10 04:34 49,664 ----a-w C:\Windows\System32\csrsrv.dll 2008-03-10 04:34 376,320 ----a-w C:\Windows\System32\winsrv.dll 2008-03-10 04:34 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-03-10 04:30 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2008-03-10 04:29 414,208 ----a-w C:\Windows\System32\msscp.dll 2008-03-10 04:28 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2008-03-10 04:28 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2008-03-10 04:28 7,680 ----a-w C:\Windows\System32\spwmp.dll 2008-03-10 04:28 61,952 ----a-w C:\Windows\System32\cmifw.dll 2008-03-10 04:28 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2008-03-10 04:28 396,800 ----a-w C:\Windows\System32\MPSSVC.dll 2008-03-10 04:28 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll 2008-03-10 04:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2008-03-10 04:28 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll 2008-03-10 04:28 16,896 ----a-w C:\Windows\System32\wfapigp.dll 2008-03-10 04:26 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-03-10 04:26 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-03-10 04:26 2,048 ----a-w C:\Windows\System32\msxml3r.dll 2008-03-10 04:26 104,448 ----a-w C:\Windows\System32\DWWIN.EXE 2008-03-10 04:26 1,191,936 ----a-w C:\Windows\System32\msxml3.dll 2008-03-10 04:24 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-03-10 04:24 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-03-10 04:24 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-03-10 04:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-03-10 04:23 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-03-10 04:23 57,856 ----a-w C:\Windows\System32\SLUINotify.dll 2008-03-10 04:23 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll 2008-03-10 04:23 39,936 ----a-w C:\Windows\System32\slcinst.dll 2008-03-10 04:23 351,232 ----a-w C:\Windows\System32\SLUI.exe 2008-03-10 04:23 33,280 ----a-w C:\Windows\System32\slwmi.dll 2008-03-10 04:23 268,288 ----a-w C:\Windows\System32\mcbuilder.exe . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @={F2F31467-B1AC-4df0-AE79-FD5FA085E22B} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @={A3E208F7-0E3A-4182-A7A6-B169D5D691AA} [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2007-04-16 23:13 721408 --a------ C:\Program Files\Fingerprint Reader Suite\farchns.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-10 12:20 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "Steam"="c:\program files\steam\steam.exe" [2008-03-28 09:14 1271032] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 20:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-24 18:02 174616] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 10:23 405504] "OEM02Mon.exe"="C:\Windows\OEM02Mon.exe" [2007-05-10 01:01 36864] "PSQLLauncher"="C:\Program Files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 22:50 49168] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 12:59 115816] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-04 21:24 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-04 21:24 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-04 21:24 81920] "NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-10-04 21:24 86016] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 17:45 222208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 16:27:08 1180952] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] C:\Windows\system32\psqlpwd.dll 2007-04-16 23:04 86528 C:\Windows\System32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2aa276e5] C:\Users\KEVINV~1\AppData\Local\Temp\hyueuwss.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Users\KEVINV~1\AppData\Local\Temp\ljJYQHby.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "cmds"=rundll32.exe C:\Users\KEVINV~1\AppData\Local\Temp\mlJBRKAp.dll,c "BM29914579"=Rundll32.exe "C:\Users\KEVINV~1\AppData\Local\Temp\ssrmiogr.dll",s [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE "Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide "MSConfig"="C:\Windows\system32\msconfig.exe" /auto [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4399A8B1-E284-4931-A46B-42DDC3251AD7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{44C6ADA9-D8E5-4B43-AB7C-5FBAEAE0A74A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{B584ADBB-900A-49EA-A966-3B35FC4D37A9}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{F85E551C-AF35-40EC-8E74-6CCBC2D2A49A}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{FD28876A-EBDE-4916-B05E-E569F210A1A4}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{44AEDD18-5FCB-420F-81B5-9FBD1C9A13FF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{97E78873-AB0F-46B9-AC00-9C1A518CEB5D}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{DBEF6AA3-C720-429D-BE2C-7F01E9785F9D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{02B76D10-931A-4193-A90B-17EFD0D48A4B}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{C8F45911-B126-43E6-B1C1-4CED55854C83}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{01AAD0EF-87F5-4356-8FFE-51C320A9B3F9}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{2C545E59-CA75-4D98-8263-76997A16DA78}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3878FD1D-B4A2-45E2-AC3D-56A64562A64F}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{D44969EE-FCC1-4CCC-A65C-3E90349081CA}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{0F10ED1E-875C-4AA9-8DC9-4E1CD7F568FA}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{E73E25C6-BDE6-4B9F-88FD-B67D994E1D29}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys [2008-02-14 02:51] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 13:25] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-10-10 17:03] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 18:45] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39] R3 TcUsb;TC USB Kernel Driver;C:\Windows\system32\Drivers\tcusb.sys [2007-04-16 22:44] S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2008-02-05 14:21] S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2008-02-05 14:30] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-07 17:11] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47aa591a-ee5c-11dc-be9e-001d09397728}] \shell\AutoRun\command - F:\autorun.exe Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-05-05 12:00:08 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Kevin V.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-13 17:55:37 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Fingerprint Reader Suite\upeksvr.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\wlanext.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\System32\stacsv.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Windows\System32\dllhost.exe . ************************************************************************ . Completion time: 2008-05-13 17:58:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-13 09:58:23 The system cannot find message text for message number 0x2379 in the message file for Application. The system cannot find message text for message number 0x2379 in the message file for Application. 258 --- E O F --- 2008-05-11 15:13:22 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:13:23 PM, on 13/5/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe C:\Windows\OEM02Mon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Fingerprint Reader Suite\psqltray.exe C:\Windows\Explorer.exe C:\Program Files\Trend Micro\HijackThis\Kevin V.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8162 bytes Last edited by joolies : 05-13-2008 at 03:14 AM.