Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page log from dds and zipped gmer files
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Closed Thread
 
LinkBack Thread Tools
Old 04-24-2009, 01:33 PM   #1 (permalink)
Registered User
 
Join Date: Apr 2009
Location: liverpool, uk
Posts: 7
OS: windows vista home premium


log from dds and zipped gmer files
hi, here is the log from DDS, thanks again for the quick reply.

hi, i scanned my laptop with mcafee, and it has found the NTOSKRNL - HOOK trojan and it keeps saying that is has removed it but when i scan again it reappears i cant get any updates for mcafee or windows becuse i think it has blocked me from using the internet in full mode and safe mode, it says am connected but wont allow me to search, i am running vista home premium 32bit, i have downloaded combo fix,if u cud jst tell me what i need to do. ect post logs and things, any help wud be really apreciated thanks.

note: i have now deleted combofix.


DDS (Ver_09-03-16.01) - NTFSx86
Run by liam at 20:01:09.66 on 24/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3061.1832 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\gearsec.exe
C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k swprv
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\liam\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title =
mWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\liam\desktop\downlo~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\INetHTTPFilter.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.168,85.255.112.146
TCP: {4BDB6B1D-5E85-40DF-8F56-9B62C352EC60} = 85.255.112.168,85.255.112.146
TCP: {86D59560-C48A-45E8-8E73-43E4E2E387B5} = 85.255.112.168,85.255.112.146
TCP: {A8FE2C37-8875-441E-83B4-D611667453CF} = 85.255.112.168,85.255.112.146
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\liam\appdata\roaming\mozilla\firefox\profiles\952ltbw5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\components\nsaddestination.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\liam\appdata\local\google\update\1.2.141.5\npGoogleOneClick7.dll

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-7-20 73728]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-17 210216]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-20 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-7-20 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-7-20 7424]
S2 Apache2.2;Remote Access Media Server;c:\program files\common files\dell\apache\bin\httpd.exe [2007-9-21 15872]
S2 dsl-db;Remote Access DB;c:\program files\common files\dell\mysql\bin\mysqld.exe [2007-9-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe [2009-1-5 173296]
S2 ZeppelinService;plasservice;"c:\program files\common files\paretologic\plas\plasservice.exe" --> c:\program files\common files\paretologic\plas\plasservice.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-19 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-20 30192]
S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-12-9 23096]
S3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-8-24 23096]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-12-9 3768]
S3 MusCVideo32;MusCVideo32;c:\windows\system32\drivers\MusCVideo32.sys [2008-8-24 3768]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-12-11 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-12-11 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-12-11 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-12-11 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-12-11 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-12-11 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-12-11 115752]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-12-8 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [2008-12-8 3768]
S3 TucbAudio;TucbAudio;c:\windows\system32\drivers\TucbAudio.sys [2008-12-9 23096]
S3 TucbVideo;TucbVideo;c:\windows\system32\drivers\TucbVideo.sys [2008-12-9 3768]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-12-9 16896]

=============== Created Last 30 ================

2009-04-23 18:13 0 a------- c:\windows\system32\8104297.jun
2009-04-23 18:13 <DIR> --d----- c:\program files\Browser Hijack Recover
2009-04-23 02:08 <DIR> --d----- c:\users\liam\appdata\roaming\MalwareRemovalBot
2009-04-21 23:33 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-21 23:33 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-21 01:42 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-04-21 01:42 53,248 a------- c:\windows\system32\Process.exe
2009-04-17 21:00 <DIR> --d----- c:\program files\Trend Micro
2009-04-17 19:28 <DIR> --d----- c:\program files\NVT Malware Remover Tool
2009-04-16 22:09 255,731,998 a------- c:\windows\MEMORY.DMP
2009-04-10 21:45 <DIR> --d----- c:\program files\SpywareBlaster
2009-04-10 15:43 <DIR> --d----- c:\program files\QuickyPlaeyr
2009-04-10 07:15 6,944,032 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-10 07:15 94,064 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-10 07:15 4,936 a------- C:\rollback.ini
2009-04-10 07:03 <DIR> --d----- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-04-10 07:03 <DIR> --d----- c:\programdata\ParetoLogic
2009-04-10 07:03 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-04-10 07:03 <DIR> --d----- c:\progra~2\ParetoLogic Anti-Virus PLUS
2009-04-10 07:03 <DIR> --d----- c:\progra~2\ParetoLogic
2009-03-31 23:13 <DIR> --d----- c:\program files\Panda Security
2009-03-28 03:25 <DIR> -cd-h--- c:\programdata\{65723BD7-8477-4ADF-8686-B75D0C3C0E4D}
2009-03-28 03:25 <DIR> -cd-h--- c:\progra~2\{65723BD7-8477-4ADF-8686-B75D0C3C0E4D}
2009-03-28 03:13 <DIR> --d----- c:\programdata\UltraVNC
2009-03-28 03:13 <DIR> --d----- c:\progra~2\UltraVNC
2009-03-28 02:53 <DIR> --d----- c:\program files\Dell Remote Access
2009-03-28 02:53 <DIR> --d----- c:\program files\common files\Dell
2009-03-27 23:48 <DIR> --d----- C:\MSNCleaner

==================== Find3M ====================

2009-04-23 02:40 5,780 a------- c:\windows\bthservsdp.dat
2009-04-21 01:45 691 a------- c:\users\liam\appdata\roaming\GetValue.vbs
2009-04-21 01:45 35 a------- c:\users\liam\appdata\roaming\SetValue.bat
2009-04-21 01:45 5,068 a------- c:\windows\system32\tmp.reg
2009-03-28 02:53 86,016 a------- c:\windows\inf\infpub.dat
2009-03-28 02:53 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-28 02:53 143,360 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 20:03 307,576 a------- c:\windows\WLXPGSS.SCR
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2008-07-29 16:28 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-07-20 12:34 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 20:02:03.59 ===============


thanks again
Attached Files
File Type: zip ark.zip (748 Bytes, 4 views)
File Type: zip Attach.zip (3.1 KB, 2 views)
morgo19 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-25-2009, 02:04 PM   #2 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,646
OS: XP SP3


Re: log from dds and zipped gmer files
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-26-2009, 05:57 PM   #3 (permalink)
Registered User
 
Join Date: Apr 2009
Location: liverpool, uk
Posts: 7
OS: windows vista home premium


Re: log from dds and zipped gmer files
hi, i was just wondering if the combofix scan can be done in safe or only full mode. becuse my pc in full mode has a mind of its own and i get a blue screen most of the time (due to the trojan) and i have to shut the pc down and start it back up again and the scan cant run becuse of that, when the pc allowed to scan to run for a bit before it decided to show me the blue screen again (sighs) i got this error code c:test 0123 (or sumthing like that becuse i only got a split second to read it) i hope that made sense.

thanks for the help so far cheers
morgo19 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-26-2009, 07:34 PM   #4 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,646
OS: XP SP3


Re: log from dds and zipped gmer files
Try it in Normal Mode first.

If that doesn't work, run it in Safe Mode with Networking. If ComboFix says it needs to reboot your computer, make sure to reboot into Safe Mode.
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 08:23 AM   #5 (permalink)
Registered User
 
Join Date: Apr 2009
Location: liverpool, uk
Posts: 7
OS: windows vista home premium


Re: log from dds and zipped gmer files
ok thanks i will try that now
morgo19 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 04:47 PM   #6 (permalink)
Registered User
 
Join Date: Apr 2009
Location: liverpool, uk
Posts: 7
OS: windows vista home premium


Re: log from dds and zipped gmer files
FINALLY!!!! it allowed me enough time to run combofix and get the log file,

the log is as follows:

ComboFix 09-04-25.A3 - liam 27/04/2009 22:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3061.2096 [GMT 1:00]
Running from: c:\users\liam\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\liam\AppData\Local\Temp\catchme.dll
c:\windows\system32\drivers\gxvxctqpqxixhiokjfrcbpecitrsvwjmpifbv.sys
c:\windows\system32\gxvxcnsxdpiwptkmemilxxumqlmcrscduexrq.dll
c:\windows\TEMP\Com2970.tmp
.
---- Previous Run -------
.
c:\users\liam\AppData\Roaming\.#
c:\users\liam\AppData\Roaming\.#\MBX@1010@17E2970.###
c:\users\liam\AppData\Roaming\.#\MBX@1010@17E29A0.###
c:\users\liam\AppData\Roaming\.#\MBX@1010@17E29D0.###
c:\users\liam\AppData\Roaming\.#\MBX@830@1722970.###
c:\users\liam\AppData\Roaming\.#\MBX@830@17229A0.###
c:\users\liam\AppData\Roaming\.#\MBX@830@17229D0.###
c:\users\liam\AppData\Roaming\.#\MBX@B74@1882970.###
c:\users\liam\AppData\Roaming\.#\MBX@B74@18829A0.###
c:\users\liam\AppData\Roaming\.#\MBX@B74@18829D0.###
c:\users\liam\AppData\Roaming\.#\MBX@B78@3D2970.###
c:\users\liam\AppData\Roaming\.#\MBX@B78@3D29A0.###
c:\users\liam\AppData\Roaming\.#\MBX@B78@3D29D0.###
c:\users\liam\AppData\Roaming\.#\MBX@CA4@1A62970.###
c:\users\liam\AppData\Roaming\.#\MBX@CA4@1A629A0.###
c:\users\liam\AppData\Roaming\.#\MBX@CA4@1A629D0.###
c:\windows\system32\drivers\gxvxctqpqxixhiokjfrcbpecitrsvwjmpifbv.sys
c:\windows\system32\gxvxcnsxdpiwptkmemilxxumqlmcrscduexrq.dll
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\TEMP\reg58B9.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_PACKET
-------\Service_NPF
-------\Service_Packet
-------\Legacy_NPF
-------\Legacy_PACKET


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-23 17:13 . 2009-04-23 17:13 0 ----a-w c:\windows\system32\8104297.jun
2009-04-23 17:13 . 2009-04-23 17:14 -------- d-----w c:\program files\Browser Hijack Recover
2009-04-23 01:08 . 2009-04-23 01:09 -------- d-----w c:\users\liam\AppData\Roaming\MalwareRemovalBot
2009-04-21 01:07 . 2009-04-21 01:07 -------- d-----w c:\users\liam\AppData\Local\Dell
2009-04-21 00:42 . 2008-12-12 00:57 78336 ----a-w c:\windows\system32\Agent.OMZ.Fix.exe
2009-04-21 00:42 . 2003-06-05 20:13 53248 ----a-w c:\windows\system32\Process.exe
2009-04-17 20:00 . 2009-04-17 20:00 -------- d-----w c:\program files\Trend Micro
2009-04-17 18:28 . 2009-04-17 18:28 -------- d-----w c:\program files\NVT Malware Remover Tool
2009-04-16 21:09 . 2009-04-27 22:05 227825918 ----a-w c:\windows\MEMORY.DMP
2009-04-10 20:45 . 2009-04-10 21:02 -------- d-----w c:\program files\SpywareBlaster
2009-04-10 14:43 . 2009-04-10 14:43 -------- d-----w c:\program files\QuickyPlaeyr
2009-04-10 06:15 . 2009-04-10 23:36 6944032 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 06:15 . 2009-04-10 21:21 94064 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-10 06:15 . 2009-04-10 06:15 4936 ----a-w C:\rollback.ini
2009-04-10 06:03 . 2009-04-10 23:35 -------- d-----w c:\users\All Users\ParetoLogic
2009-04-10 06:03 . 2009-04-10 23:35 -------- d-----w c:\programdata\ParetoLogic
2009-04-10 06:03 . 2009-04-10 23:35 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-10 06:03 . 2009-04-10 06:03 -------- d-----w c:\users\All Users\ParetoLogic Anti-Virus PLUS
2009-04-10 06:03 . 2009-04-10 06:03 -------- d-----w c:\programdata\ParetoLogic Anti-Virus PLUS
2009-03-31 22:13 . 2009-04-16 20:11 -------- d-----w c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 22:06 . 2008-08-07 21:00 -------- d---a-w c:\programdata\TEMP
2009-04-27 21:48 . 2008-08-08 02:30 680 ----a-w c:\users\liam\AppData\Local\d3d9caps.dat
2009-04-27 15:25 . 2008-10-23 00:14 -------- d-----w c:\programdata\Google Updater
2009-04-21 00:46 . 2008-10-21 18:21 4919 ----a-w C:\rapport.txt
2009-04-21 00:45 . 2008-10-21 18:31 691 ----a-w c:\users\liam\AppData\Roaming\GetValue.vbs
2009-04-21 00:45 . 2008-10-21 18:31 35 ----a-w c:\users\liam\AppData\Roaming\SetValue.bat
2009-04-21 00:45 . 2008-10-21 18:21 5068 ----a-w c:\windows\System32\tmp.reg
2009-04-16 19:12 . 2009-01-31 22:20 0 ----a-w C:\Tech_Vista.log
2009-04-10 20:03 . 2008-11-22 01:01 -------- d-----w c:\users\liam\AppData\Roaming\uTorrent
2009-04-07 19:15 . 2008-07-20 11:31 -------- d-----w c:\program files\Java
2009-04-02 00:01 . 2008-10-26 20:23 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-01 23:59 . 2008-10-26 20:23 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-28 02:25 . 2009-03-28 02:25 -------- dc-h--w c:\programdata\{65723BD7-8477-4ADF-8686-B75D0C3C0E4D}
2009-03-28 02:13 . 2009-03-28 02:13 -------- d-----w c:\programdata\UltraVNC
2009-03-28 01:53 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infpub.dat
2009-03-28 01:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-28 01:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstor.dat
2009-03-28 01:53 . 2009-03-28 01:53 -------- d-----w c:\program files\Dell Remote Access
2009-03-28 01:53 . 2009-03-28 01:53 -------- d-----w c:\program files\Common Files\Dell
2009-03-28 01:53 . 2008-07-20 11:53 -------- d-----w c:\programdata\Dell
2009-03-23 17:23 . 2009-03-23 17:23 -------- d-----w c:\program files\CCleaner
2009-03-21 17:22 . 2009-03-17 17:03 -------- d-----w c:\program files\VirtualDJ
2009-03-21 16:35 . 2009-03-21 16:35 -------- d-----w c:\program files\Bonjour
2009-03-21 16:35 . 2009-03-21 16:35 -------- d-----w c:\program files\QuickTime
2009-03-21 16:35 . 2009-03-21 16:35 -------- d-----w c:\programdata\Apple Computer
2009-03-21 16:34 . 2008-10-17 01:28 -------- d-----w c:\program files\Common Files\Apple
2009-03-20 15:49 . 2008-07-20 11:47 -------- d-----w c:\program files\McAfee
2009-03-19 15:57 . 2008-12-06 03:18 -------- d-----w c:\program files\Windows Live
2009-03-19 15:57 . 2008-12-06 03:53 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-19 15:56 . 2009-03-19 15:56 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 15:55 . 2009-03-19 15:55 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 15:52 . 2009-01-20 16:52 -------- d-----w c:\program files\Microsoft
2009-03-19 15:51 . 2009-03-19 15:51 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 15:46 . 2009-03-19 15:46 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-17 11:42 . 2009-03-17 11:40 -------- d-----w c:\program files\Virgin Broadband Wireless
2009-03-17 11:41 . 2009-03-17 11:40 -------- d-----w c:\programdata\Affinegy
2009-03-17 01:49 . 2009-03-17 01:49 -------- d-----w c:\program files\Nimbuzz
2009-03-11 05:22 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 . 2008-12-23 15:22 410984 ----a-w c:\windows\System32\deploytk.dll
2009-02-27 15:43 . 2008-08-06 03:17 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-09 03:10 . 2009-03-11 01:31 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-21 00:59 . 2008-07-23 07:49 101432 ----a-w c:\users\liam\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-14 22:54 . 2008-12-14 22:54 92 ----a-w c:\users\liam\AppData\Local\fusioncache.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-18 20:2008-12-18 20:34 34:46 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-24 13:2008-11-04 04:05 19:46 . c:\program files\mozilla firefox\components\nsaddestination.dll
2008-07-20 11:34 . 2008-07-20 11:34 76 --sh--r c:\windows\CT4CET.bin
2008-07-20 20:12 . 2008-07-20 20:12 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-18 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\users\liam\Desktop\Downloads\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-12-18 1312096]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-20 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-20 11:55 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3DCBDCD2-477D-4F82-A4B2-68B9FCF99AF9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92931955-37D6-49FF-8916-EF6257E45E99}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D3706DAF-4904-4C26-9293-90CDD8A5C9C2}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{31554597-149B-410C-9B6A-E55E74AFBA60}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{4FAA754D-B785-4916-AF0F-ABB8F419AB5C}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{5F1311D6-BA03-40D8-A7DC-5F62465FDA5F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{701AA359-33B9-4529-ACC8-B5D7E252A96F}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{0D4122CB-B341-48FA-806A-F81E9078268E}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{B199832A-A410-4382-AFD0-53DBFE2E427A}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"TCP Query User{903A6E29-6ADD-47C4-A710-CB1D2DD75D3F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{53AF956E-610E-4988-8CDB-117D3F057835}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C525AA80-5735-404D-A3E4-9E87B3A75666}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{B2F37818-AA45-41E9-93C6-1ABCC1A419A7}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{E2B3A8D9-A6FC-44FB-B3CF-468A66C1F6B4}c:\\program files\\napster\\napster.exe"= UDP:c:\program files\napster\napster.exe:Napster
"UDP Query User{D6F4818F-F5E3-4750-9951-2FDCF8EFF14F}c:\\program files\\napster\\napster.exe"= TCP:c:\program files\napster\napster.exe:Napster
"TCP Query User{232EF9A0-2987-45EE-BC39-9772BC95D156}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{431B040E-1F4A-4A61-9A62-CC69CBE1D793}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A776FF49-BD26-4297-924E-89FAF40B1781}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1F49D421-A584-467C-B62B-52A9C574F7C4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6E88326D-9F06-4334-A7EB-6B0471F259AE}c:\\program files\\rockstar games\\midnight club ii demo\\mc2_demo.exe"= UDP:c:\program files\rockstar games\midnight club ii demo\mc2_demo.exe:mc2_demo
"UDP Query User{191A8C59-B089-4D6C-A5C3-520E4F7CFAC7}c:\\program files\\rockstar games\\midnight club ii demo\\mc2_demo.exe"= TCP:c:\program files\rockstar games\midnight club ii demo\mc2_demo.exe:mc2_demo
"{712DF48D-C93D-408A-AE57-CD2B3B4CFE87}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{5CD9221F-1761-444B-B42B-C2752AED6167}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{0DD79478-2C1F-4C32-B539-E9578A79B628}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{FDE3C69E-C42C-4B16-9DDD-841B211621EA}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{3F367AA4-2723-429F-A2D0-6D51C7FE953B}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E187E6BF-0F45-4A10-803A-6FF1F5AA4859}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{AC433661-1C0F-4445-966F-0DE0235EC40C}"= UDP:c:\program files\AstoundStereo\astoundstereo.exe:AstoundStereo
"{9D3A046F-0904-41C5-B74D-71DD3775B456}"= TCP:c:\program files\AstoundStereo\astoundstereo.exe:AstoundStereo
"{ECD98B97-978A-4DE8-A4C4-979359773BBC}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{07A4C22E-8BCE-49DA-8A31-8B9C1B8A4B4C}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{0AB8639A-08B5-4679-9241-C4D6AD407E58}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{AD7ECB41-7605-4681-A798-028091D1D9FE}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{2E386303-C1A8-4D9F-AE16-B31A73008236}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{18F6B1FB-692E-4E26-A21A-89BAEB009498}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{50D702BD-2908-4746-BB12-EBFC8CCF959C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{C800610A-C15D-442B-8270-295628BC6464}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E564A3A2-F2C4-47EB-8BAA-4F590F661EE5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDC59827-05E5-4CA9-AD12-C42636EBAD55}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{D371499F-A2ED-425C-9907-59B91BEA91F4}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{A2847B88-AF91-42A9-BE46-B14D300BFE5E}"= UDP:c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{D161CAAC-88F0-4833-BE4C-B9BB1A33E0AE}"= TCP:c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{0629F74D-C202-44B7-A2AE-A22241D8EB8C}"= UDP:c:\program files\Common Files\Dell\VLC\vlc.exe:Remote Access VLC
"{BBD3D2A1-6253-488C-835F-03C9DA784178}"= TCP:c:\program files\Common Files\Dell\VLC\vlc.exe:Remote Access VLC
"{CF7CD0EF-8748-42C0-81EF-33060A2FCABC}"= UDP:c:\program files\Common Files\Dell\apache\bin\httpd.exe:Remote Access Media Server
"{A589067F-2C7C-40C2-BC03-5DD32DF36E65}"= TCP:c:\program files\Common Files\Dell\apache\bin\httpd.exe:Remote Access Media Server
"{CD6B2562-8867-437E-90D9-695860B3B239}"= UDP:c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe:Remote Access DB
"{7BE5E46D-A9C5-47C7-B34A-8E497E7CBC92}"= TCP:c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe:Remote Access DB
"{65A71FD2-83AA-4F22-89FD-0254B8C2203E}"= UDP:c:\program files\Common Files\Dell\MySQL\bin\mysql.exe:Remote Access CLI
"{8761D3DF-EB37-4273-8485-E0810157387A}"= TCP:c:\program files\Common Files\Dell\MySQL\bin\mysql.exe:Remote Access CLI
"{5D812926-3600-4C9D-A149-A1AE251EB323}"= UDP:c:\program files\Common Files\Dell\apache\php.exe:Remote Access PHP
"{04CFB792-1490-45DF-BF61-A3E8915F54DC}"= TCP:c:\program files\Common Files\Dell\apache\php.exe:Remote Access PHP
"{6C7B7738-E172-4926-99D0-7A39D7A5208A}"= UDP:c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe:Remote Access File Sync Service
"{3EF97B52-C3C4-42F5-A74E-33C11DD825E9}"= TCP:c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe:Remote Access File Sync Service
"{28A9E4FF-E7BE-40F9-8FE8-D6CB83A52C14}"= UDP:40080:Remote Access Media Server
"{2691C809-6506-44A3-A320-17E36815556A}"= UDP:40090:Streaming Web Cam
"{2AC32B8D-C821-4525-ADED-B3C258E744F4}"= UDP:40091:Streaming Web Cam
"{067DCEB8-D5ED-456E-9919-0BB80E6A7A21}"= UDP:40092:Streaming Web Cam
"{39FF17AD-349A-4C1C-ACCC-3D49BD4D2C33}"= UDP:40093:Streaming Web Cam
"{9A50CC3F-A975-4038-9A00-12CF7DE76A98}"= UDP:40094:Streaming Web Cam
"{582ED067-1498-4351-B68B-B4316F5B8942}"= UDP:c:\programdata\UltraVNC\winvnc.exe:UltraVNC Server
"{73DEC88C-113C-4E4D-9268-3241323D18E2}"= TCP:c:\programdata\UltraVNC\winvnc.exe:UltraVNC Server
"{C61877CE-3EAA-4139-9968-27A9F0648988}"= UDP:5900:UltraVNC Server

R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 ZeppelinService;plasservice; [x]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-18 30192]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-11-11 23096]
R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-08-19 23096]
R3 MusCVideo;MusCVideo;c:\windows\system32\DRIVERS\MusCVideo.sys [2008-11-11 3768]
R3 MusCVideo32;MusCVideo32;c:\windows\system32\DRIVERS\MusCVideo32.sys [2008-08-19 3768]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-14 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-14 3768]
R3 TucbAudio;TucbAudio;c:\windows\system32\drivers\TucbAudio.sys [2008-11-11 23096]
R3 TucbVideo;TucbVideo;c:\windows\system32\DRIVERS\TucbVideo.sys [2008-11-11 3768]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-08-12 16896]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fa87a2b-87ef-11dd-a83d-9c6200537cf2}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad93744-867d-11dd-b8a2-c0a5df201c9c}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{957125cb-5655-11dd-9cb4-806e6f6e6963}]
\shell\AutoRun\command - E:\Install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-20 01:50]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1543339451-3817775727-4072717512-1000.job
- c:\users\liam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-18 20:46]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-14 10:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-14 10:53]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\users\liam\AppData\Roaming\Mozilla\Firefox\Profiles\952ltbw5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\nsaddestination.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\liam\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 23:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\drivers\gxvxctqpqxixhiokjfrcbpecitrsvwjmpifbv.sys 35840 bytes executable
c:\windows\system32\gxvxccounter 4 bytes
c:\windows\system32\gxvxcnsxdpiwptkmemilxxumqlmcrscduexrq.dll 13824 bytes executable
c:\users\liam\AppData\Local\Temp\gxvxc000 0 bytes
c:\windows\TEMP\TMP00000007B360F0D253F3B44F

scan completed successfully
hidden files: 5

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\gxvxcserv.sys]
"imagepath"="\systemroot\system32\drivers\gxvxctqpqxixhiokjfrcbpecitrsvwjmpifbv.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(636)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'Explorer.exe'(1760)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Completion time: 2009-04-27 23:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 22:13

Pre-Run: 36,449,730,560 bytes free
Post-Run: 36,296,929,280 bytes free

411 --- E O F --- 2009-04-06 17:01


NOTE: now that i have the combofix log, do i simply just delete combofix from my desktop,

once again thanks for sticking with me and guiding me through the process. u have been a real help, cheers.
morgo19 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 05:27 PM   #7 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,646
OS: XP SP3


Re: log from dds and zipped gmer files
Hello again, morgo19. Please tell us how your system is behaving. Is your connection back to normal?

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:
do i simply just delete combofix from my desktop
Please don't. It needs to be on your desktop in order to properly uninstall when we are done.

------------------------------------------------------

One or more of the identified infections was a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Registry::
[-HKEY_LOCAL_MACHINE\System\controlset002\Services\gxvxcserv.sys]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0D4122CB-B341-48FA-806A-F81E9078268E}"=-
"{B199832A-A410-4382-AFD0-53DBFE2E427A}"=-
"TCP Query User{E2B3A8D9-A6FC-44FB-B3CF-468A66C1F6B4}c:\\program files\\napster\\napster.exe"=-
"UDP Query User{D6F4818F-F5E3-4750-9951-2FDCF8EFF14F}c:\\program files\\napster\\napster.exe"=-

Folder::
c:\users\liam\AppData\Roaming\uTorrent

RegLock::
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]

File::
c:\windows\system32\8104297.jun
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall.

------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Programs and Features):

Java(TM) 6 Update 5
Java(TM) 6 Update 7

These are all outdated, and security risks by having them installed still.

Leave this one as it has the latest definitions:

Java(TM) 6 Update 13

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.
  • Right-click ATF-Cleaner.exe and choose Run as Administrator to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista, you must open the Web browser via a right-click using the Run as Administrator command.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected.
  • It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
report on system behavior
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 05:49 PM   #8 (permalink)
Registered User
 
Join Date: Apr 2009
Location: liverpool, uk
Posts: 7
OS: windows vista home premium


Re: log from dds and zipped gmer files
hi, my computer is ok it takes about 5-6 restarts (sometimes more) for the desktop to stay on for a while, becuse the blue screen apears as soon as i enter my password to reach the desktop, jst to let you know i am using my desktop to give u all this information as my internet connection is still not working on my laptop with the virus.

NOTE: do i do the copy and pasting of the "codebox" first off before anything else.

quote
Please save this page to Notepad in order to assist you when carrying out the following instructions. do you mean this whole webpage, (sorry if this question seems obvious. i just want to make sure am doing all the steps correctly)

thanks
morgo19 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 06:04 PM   #9 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,646
OS: XP SP3


Re: log from dds and zipped gmer files
Just copy the text inside the codebox, starting with Registry:: and ending with c:\windows\system32\8104297.jun

If you still don't have internet access, just skip the rest of the instructions as you won't be able to do the online scan, and just post the ComboFix.txt in your next reply.

Odd though, I don't see anything that would prevent you accessing the internet.

Can you connect in Safe Mode with Networking?

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-27-2009, 08:23 PM   #10 (permalink)
Registered User
 
Join Date: Apr 2009
Location: liverpool, uk
Posts: 7
OS: windows vista home premium


Re: log from dds and zipped gmer files
hey, no i cant connect in safe mode either the icon in the system tray says am connected but when i load internet explorer i get "internet explorer cannot display the webpage", then when i enter an addess it says "address not valid"

the log file from combofix is:

ComboFix 09-04-25.A3 - liam 28/04/2009 2:51.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3061.2096 [GMT 1:00]
Running from: c:\users\liam\Desktop\ComboFix.exe
Command switches used :: c:\users\liam\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\8104297.jun
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\liam\AppData\Local\Temp\catchme.dll
c:\users\liam\AppData\Roaming\uTorrent
c:\users\liam\AppData\Roaming\uTorrent\[PC][-GTA San Andreas With Online Multiplayer-].1.torrent
c:\users\liam\AppData\Roaming\uTorrent\[PC][-GTA San Andreas With Online Multiplayer-].torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland 11.1.torrent
c:\users\liam\AppData\Roaming\uTorrent\clubland 11.torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland 13 [2CD's] WOLF_SERROS.torrent
c:\users\liam\AppData\Roaming\uTorrent\clubland 13 + covers.torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland 14 - Various(split tracks + covers).torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland X-treme Hardcore 4 - 3cd's - Resource RG.torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland X-treme Hardcore 4 - 3cd's.torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland X-Treme Hardcore Vol.4.torrent
c:\users\liam\AppData\Roaming\uTorrent\Clubland Xtreme Hardcore 5.torrent
c:\users\liam\AppData\Roaming\uTorrent\dht.dat
c:\users\liam\AppData\Roaming\uTorrent\dht.dat.old
c:\users\liam\AppData\Roaming\uTorrent\Extreme.Ty.8(DVDRiP)(www.pornorip.net).torrent
c:\users\liam\AppData\Roaming\uTorrent\FL Studio 8 XXL Producer Edition v8.0.0.torrent
c:\users\liam\AppData\Roaming\uTorrent\FL.Studio.8.0.0.XXL.Producer.Edition+Crack.torrent
c:\users\liam\AppData\Roaming\uTorrent\Fruity Loops Studio 8.0.0 Producer Edition FINAL -Incl. Crack.torrent
c:\users\liam\AppData\Roaming\uTorrent\gay porn - Teen Boy gang****** (sex.rakebackoffers.org).torrent
c:\users\liam\AppData\Roaming\uTorrent\Girls.With.Daddy.Issues(DVDRiP)(www.pornorip.net).torrent
c:\users\liam\AppData\Roaming\uTorrent\GTA San Andreas Downgrader From v1.01&v2.0 into 1.0.torrent
c:\users\liam\AppData\Roaming\uTorrent\GTASanAndreas.rar.torrent
c:\users\liam\AppData\Roaming\uTorrent\Mixmeister 7.0.2.0 Fusion with Crack.torrent
c:\users\liam\AppData\Roaming\uTorrent\Numark Cue v4.1-BEAN.torrent
c:\users\liam\AppData\Roaming\uTorrent\ParetoLogic AntiSpyware.2008.FULL.rar.torrent
c:\users\liam\AppData\Roaming\uTorrent\resume.dat
c:\users\liam\AppData\Roaming\uTorrent\resume.dat.old
c:\users\liam\AppData\Roaming\uTorrent\rss.dat
c:\users\liam\AppData\Roaming\uTorrent\rss.dat.old
c:\users\liam\AppData\Roaming\uTorrent\settings.dat
c:\users\liam\AppData\Roaming\uTorrent\settings.dat.old
c:\users\liam\AppData\Roaming\uTorrent\Ultimate NRG-4-.torrent
c:\users\liam\AppData\Roaming\uTorrent\Ultimate NRG 4-320kbps (split tracks).torrent
c:\users\liam\AppData\Roaming\uTorrent\Ultimate NRG 4 covers.torrent
c:\users\liam\AppData\Roaming\uTorrent\utorrent.lng
c:\users\liam\AppData\Roaming\uTorrent\VA-Clubland 13-2CD-2008 [Atomic RG] Phoenix.torrent
c:\users\liam\AppData\Roaming\uTorrent\VA-Wigan_Pier_Presents_Bounce-.torrent
c:\users\liam\AppData\Roaming\uTorrent\VA-Wigan_Pier_Presents_Bounce-4CD-READNFO-WEB-2008-Homely.torrent
c:\users\liam\AppData\Roaming\uTorrent\Vista DELL RED Xtasy 2008(HD)Widescreen ultimate Seduction--ajblade™.1.torrent
c:\users\liam\AppData\Roaming\uTorrent\Vista DELL RED Xtasy 2008(HD)Widescreen ultimate Seduction--ajblade™.torrent
c:\users\liam\AppData\Roaming\uTorrent\wigan pier 58.torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier 59 - 2cd's.torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier Klub Klassics Vol 2(Immortalis RG)rabbit48.torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier Presents Bounce(SPLIT TRACKS + 2 BOUNS CD'S).torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier vol 62(split ttracks).torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier Vol. 58 apipe.torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier Volume 56.1.torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier Volume 56.2.torrent
c:\users\liam\AppData\Roaming\uTorrent\Wigan Pier Volume 56.torrent
c:\windows\system32\drivers\gxvxctqpqxixhiokjfrcbpecitrsvwjmpifbv.sys
c:\windows\system32\gxvxcnsxdpiwptkmemilxxumqlmcrscduexrq.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_PACKET


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-23 17:13 . 2009-04-23 17:13 0 ----a-w c:\windows\system32\8104297.jun
2009-04-23 17:13 . 2009-04-23 17:14 -------- d-----w c:\program files\Browser Hijack Recover
2009-04-23 01:08 . 2009-04-23 01:09 -------- d-----w c:\users\liam\AppData\Roaming\MalwareRemovalBot
2009-04-21 01:07 . 2009-04-21 01:07 -------- d-----w c:\users\liam\AppData\Local\Dell
2009-04-21 00:42 . 2008-12-12 00:57 78336 ----a-w c:\windows\system32\Agent.OMZ.Fix.exe
2009-04-21 00:42 . 2003-06-05 20:13 53248 ----a-w c:\windows\system32\Process.exe
2009-04-17 20:00 . 2009-04-17 20:00 -------- d-----w c:\program files\Trend Micro
2009-04-17 18:28 . 2009-04-17 18:28 -------- d-----w c:\program files\NVT Malware Remover Tool
2009-04-16 21:09 . 2009-04-28 01:48 223394078 ----a-w c:\windows\MEMORY.DMP
2009-04-10 20:45 . 2009-04-10 21:02 -------- d-----w c:\program files\SpywareBlaster
2009-04-10 14:44 . 2009-04-28 01:48 4 ----a-w c:\windows\system32\gxvxccounter
2009-04-10 14:43 . 2009-04-10 14:43 -------- d-----w c:\program files\QuickyPlaeyr
2009-04-10 06:15 . 2009-04-10 23:36 6944032 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-10 06:15 . 2009-04-10 21:21 94064 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-10 06:15 . 2009-04-10 06:15 4936 ----a-w C:\rollback.ini
2009-04-10 06:03 . 2009-04-10 23:35 -------- d-----w c:\users\All Users\ParetoLogic
2009-04-10 06:03 . 2009-04-10 23:35 -------- d-----w c:\programdata\ParetoLogic
2009-04-10 06:03 . 2009-04-10 23:35 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-10 06:03 . 2009-04-10 06:03 -------- d-----w c:\users\All Users\ParetoLogic Anti-Virus PLUS
2009-04-10 06:03 . 2009-04-10 06:03 -------- d-----w c:\programdata\ParetoLogic Anti-Virus PLUS
2009-03-31 22:13 . 2009-04-16 20:11 -------- d-----w c:\program files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 02:00 . 2008-08-07 21:00 -------- d---a-w c:\programdata\TEMP
2009-04-28 01:45 . 2008-08-08 02:30 5972 ----a-w c:\users\liam\AppData\Local\d3d9caps.dat
2009-04-27 15:25 . 2008-10-23 00:14 -------- d-----w c:\programdata\Google Updater
2009-04-21 00:46 . 2008-10-21 18:21 4919 ----a-w C:\rapport.txt
2009-04-21 00:45 . 2008-10-21 18:31 691 ----a-w c:\users\liam\AppData\Roaming\GetValue.vbs
2009-04-21 00:45 . 2008-10-21 18:31 35 ----a-w c:\users\liam\AppData\Roaming\SetValue.bat
2009-04-21 00:45 . 2008-10-21 18:21 5068 ----a-w c:\windows\System32\tmp.reg
2009-04-16 19:12 . 2009-01-31 22:20 0 ----a-w C:\Tech_Vista.log
2009-04-07 19:15 . 2008-07-20 11:31 -------- d-----w c:\program files\Java
2009-04-02 00:01 . 2008-10-26 20:23 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-01 23:59 . 2008-10-26 20:23 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-28 02:25 . 2009-03-28 02:25 -------- dc-h--w c:\programdata\{65723BD7-8477-4ADF-8686-B75D0C3C0E4D}
2009-03-28 02:13 . 2009-03-28 02:13 -------- d-----w c:\programdata\UltraVNC
2009-03-28 01:53 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infpub.dat
2009-03-28 01:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-03-28 01:53 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstor.dat
2009-03-28 01:53 . 2009-03-28 01:53 -------- d-----w c:\program files\Dell Remote Access
2009-03-28 01:53 . 2009-03-28 01:53 -------- d-----w c:\program files\Common Files\Dell
2009-03-28 01:53 . 2008-07-20 11:53 -------- d-----w c:\programdata\Dell
2009-03-23 17:23 . 2009-03-23 17:23 -------- d-----w c:\program files\CCleaner
2009-03-21 17:22 . 2009-03-17 17:03 -------- d-----w c:\program files\VirtualDJ
2009-03-21 16:35 . 2009-03-21 16:35 -------- d-----w c:\program files\Bonjour
2009-03-21 16:35 . 2009-03-21 16:35 -------- d-----w c:\program files\QuickTime
2009-03-21 16:35 . 2009-03-21 16:35 -------- d-----w c:\programdata\Apple Computer
2009-03-21 16:34 . 2008-10-17 01:28 -------- d-----w c:\program files\Common Files\Apple
2009-03-20 15:49 . 2008-07-20 11:47 -------- d-----w c:\program files\McAfee
2009-03-19 15:57 . 2008-12-06 03:18 -------- d-----w c:\program files\Windows Live
2009-03-19 15:57 . 2008-12-06 03:53 -------- d-----w c:\program files\Windows Live Toolbar
2009-03-19 15:56 . 2009-03-19 15:56 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-19 15:55 . 2009-03-19 15:55 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-19 15:52 . 2009-01-20 16:52 -------- d-----w c:\program files\Microsoft
2009-03-19 15:51 . 2009-03-19 15:51 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-19 15:46 . 2009-03-19 15:46 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-17 11:42 . 2009-03-17 11:40 -------- d-----w c:\program files\Virgin Broadband Wireless
2009-03-17 11:41 . 2009-03-17 11:40 -------- d-----w c:\programdata\Affinegy
2009-03-17 01:49 . 2009-03-17 01:49 -------- d-----w c:\program files\Nimbuzz
2009-03-11 05:22 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-03-09 04:19 . 2008-12-23 15:22 410984 ----a-w c:\windows\System32\deploytk.dll
2009-02-27 15:43 . 2008-08-06 03:17 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-09 03:10 . 2009-03-11 01:31 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 19:03 . 2009-02-06 19:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-21 00:59 . 2008-07-23 07:49 101432 ----a-w c:\users\liam\AppData\Local\GDIPFONTCACHEV1.DAT
2008-12-14 22:54 . 2008-12-14 22:54 92 ----a-w c:\users\liam\AppData\Local\fusioncache.dat
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-12-18 20:2008-12-18 20:34 34:46 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-24 13:2008-11-04 04:05 19:46 . c:\program files\mozilla firefox\components\nsaddestination.dll
2008-07-20 11:34 . 2008-07-20 11:34 76 --sh--r c:\windows\CT4CET.bin
2008-07-20 20:12 . 2008-07-20 20:12 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-04-27_22.06.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-04-28 02:01 76876 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-23 07:51 . 2009-04-28 02:01 13560 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1543339451-3817775727-4072717512-1000_UserData.bin
- 2008-07-23 07:51 . 2009-04-27 21:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-23 07:51 . 2009-04-28 01:58 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-23 07:51 . 2009-04-28 01:58 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-23 07:51 . 2009-04-27 21:54 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-23 07:51 . 2009-04-28 01:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-23 07:51 . 2009-04-27 21:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-21 02:09 . 2009-04-28 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-21 02:09 . 2009-04-21 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-21 02:09 . 2009-04-28 00:24 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-21 02:09 . 2009-04-21 02:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-21 02:09 . 2009-04-21 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-21 02:09 . 2009-04-28 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-27 22:00 . 2009-04-27 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-28 01:59 . 2009-04-28 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-27 22:00 . 2009-04-27 22:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-28 01:59 . 2009-04-28 01:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-04-28 02:01 117182 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 12:47 . 2009-04-28 02:00 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-27 22:06 262144 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-28 02:00 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-27 22:06 262144 c:\windows\ServiceProfiles\LocalService\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-18 30192]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\users\liam\Desktop\Downloads\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-12-18 1312096]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-7-20 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-20 11:55 10536 ----a-w c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3DCBDCD2-477D-4F82-A4B2-68B9FCF99AF9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{92931955-37D6-49FF-8916-EF6257E45E99}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D3706DAF-4904-4C26-9293-90CDD8A5C9C2}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{31554597-149B-410C-9B6A-E55E74AFBA60}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{4FAA754D-B785-4916-AF0F-ABB8F419AB5C}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{5F1311D6-BA03-40D8-A7DC-5F62465FDA5F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{701AA359-33B9-4529-ACC8-B5D7E252A96F}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"TCP Query User{903A6E29-6ADD-47C4-A710-CB1D2DD75D3F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{53AF956E-610E-4988-8CDB-117D3F057835}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{C525AA80-5735-404D-A3E4-9E87B3A75666}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"{B2F37818-AA45-41E9-93C6-1ABCC1A419A7}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.2
"TCP Query User{232EF9A0-2987-45EE-BC39-9772BC95D156}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{431B040E-1F4A-4A61-9A62-CC69CBE1D793}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A776FF49-BD26-4297-924E-89FAF40B1781}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{1F49D421-A584-467C-B62B-52A9C574F7C4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6E88326D-9F06-4334-A7EB-6B0471F259AE}c:\\program files\\rockstar games\\midnight club ii demo\\mc2_demo.exe"= UDP:c:\program files\rockstar games\midnight club ii demo\mc2_demo.exe:mc2_demo
"UDP Query User{191A8C59-B089-4D6C-A5C3-520E4F7CFAC7}c:\\program files\\rockstar games\\midnight club ii demo\\mc2_demo.exe"= TCP:c:\program files\rockstar games\midnight club ii demo\mc2_demo.exe:mc2_demo
"{712DF48D-C93D-408A-AE57-CD2B3B4CFE87}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{5CD9221F-1761-444B-B42B-C2752AED6167}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{0DD79478-2C1F-4C32-B539-E9578A79B628}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{FDE3C69E-C42C-4B16-9DDD-841B211621EA}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{3F367AA4-2723-429F-A2D0-6D51C7FE953B}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{E187E6BF-0F45-4A10-803A-6FF1F5AA4859}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{AC433661-1C0F-4445-966F-0DE0235EC40C}"= UDP:c:\program files\AstoundStereo\astoundstereo.exe:AstoundStereo
"{9D3A046F-0904-41C5-B74D-71DD3775B456}"= TCP:c:\program files\AstoundStereo\astoundstereo.exe:AstoundStereo
"{ECD98B97-978A-4DE8-A4C4-979359773BBC}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{07A4C22E-8BCE-49DA-8A31-8B9C1B8A4B4C}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{0AB8639A-08B5-4679-9241-C4D6AD407E58}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{AD7ECB41-7605-4681-A798-028091D1D9FE}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{2E386303-C1A8-4D9F-AE16-B31A73008236}"= UDP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{18F6B1FB-692E-4E26-A21A-89BAEB009498}"= TCP:c:\program files\Virgin Broadband Wireless\Wireless Manager.exe:Wireless Manager
"{50D702BD-2908-4746-BB12-EBFC8CCF959C}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{C800610A-C15D-442B-8270-295628BC6464}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E564A3A2-F2C4-47EB-8BAA-4F590F661EE5}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BDC59827-05E5-4CA9-AD12-C42636EBAD55}"= UDP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{D371499F-A2ED-425C-9907-59B91BEA91F4}"= TCP:c:\program files\Dell Remote Access\ezi_ra.exe:Dell Remote Access
"{A2847B88-AF91-42A9-BE46-B14D300BFE5E}"= UDP:c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{D161CAAC-88F0-4833-BE4C-B9BB1A33E0AE}"= TCP:c:\program files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe:Advanced Networking Service
"{0629F74D-C202-44B7-A2AE-A22241D8EB8C}"= UDP:c:\program files\Common Files\Dell\VLC\vlc.exe:Remote Access VLC
"{BBD3D2A1-6253-488C-835F-03C9DA784178}"= TCP:c:\program files\Common Files\Dell\VLC\vlc.exe:Remote Access VLC
"{CF7CD0EF-8748-42C0-81EF-33060A2FCABC}"= UDP:c:\program files\Common Files\Dell\apache\bin\httpd.exe:Remote Access Media Server
"{A589067F-2C7C-40C2-BC03-5DD32DF36E65}"= TCP:c:\program files\Common Files\Dell\apache\bin\httpd.exe:Remote Access Media Server
"{CD6B2562-8867-437E-90D9-695860B3B239}"= UDP:c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe:Remote Access DB
"{7BE5E46D-A9C5-47C7-B34A-8E497E7CBC92}"= TCP:c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe:Remote Access DB
"{65A71FD2-83AA-4F22-89FD-0254B8C2203E}"= UDP:c:\program files\Common Files\Dell\MySQL\bin\mysql.exe:Remote Access CLI
"{8761D3DF-EB37-4273-8485-E0810157387A}"= TCP:c:\program files\Common Files\Dell\MySQL\bin\mysql.exe:Remote Access CLI
"{5D812926-3600-4C9D-A149-A1AE251EB323}"= UDP:c:\program files\Common Files\Dell\apache\php.exe:Remote Access PHP
"{04CFB792-1490-45DF-BF61-A3E8915F54DC}"= TCP:c:\program files\Common Files\Dell\apache\php.exe:Remote Access PHP
"{6C7B7738-E172-4926-99D0-7A39D7A5208A}"= UDP:c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe:Remote Access File Sync Service
"{3EF97B52-C3C4-42F5-A74E-33C11DD825E9}"= TCP:c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe:Remote Access File Sync Service
"{28A9E4FF-E7BE-40F9-8FE8-D6CB83A52C14}"= UDP:40080:Remote Access Media Server
"{2691C809-6506-44A3-A320-17E36815556A}"= UDP:40090:Streaming Web Cam
"{2AC32B8D-C821-4525-ADED-B3C258E744F4}"= UDP:40091:Streaming Web Cam
"{067DCEB8-D5ED-456E-9919-0BB80E6A7A21}"= UDP:40092:Streaming Web Cam
"{39FF17AD-349A-4C1C-ACCC-3D49BD4D2C33}"= UDP:40093:Streaming Web Cam
"{9A50CC3F-A975-4038-9A00-12CF7DE76A98}"= UDP:40094:Streaming Web Cam
"{582ED067-1498-4351-B68B-B4316F5B8942}"= UDP:c:\programdata\UltraVNC\winvnc.exe:UltraVNC Server
"{73DEC88C-113C-4E4D-9268-3241323D18E2}"= TCP:c:\programdata\UltraVNC\winvnc.exe:UltraVNC Server
"{C61877CE-3EAA-4139-9968-27A9F0648988}"= UDP:5900:UltraVNC Server

R2 Apache2.2;Remote Access Media Server;c:\program files\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
R2 dsl-db;Remote Access DB;c:\program files\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service;c:\program files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 ZeppelinService;plasservice; [x]
R3 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 GoogleDesktopManager-110408-113106;Google Desktop Manager 5.8.811.4345;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-18 30192]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2008-11-11 23096]
R3 MusCDriverV32;MusCDriverV32;c:\windows\system32\drivers\MusCDriverV32.sys [2008-08-19 23096]
R3 MusCVideo;MusCVideo;c:\windows\system32\DRIVERS\MusCVideo.sys [2008-11-11 3768]
R3 MusCVideo32;MusCVideo32;c:\windows\system32\DRIVERS\MusCVideo32.sys [2008-08-19 3768]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-14 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2008-11-14 3768]
R3 TucbAudio;TucbAudio;c:\windows\system32\drivers\TucbAudio.sys [2008-11-11 23096]
R3 TucbVideo;TucbVideo;c:\windows\system32\DRIVERS\TucbVideo.sys [2008-11-11 3768]
R3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-08-12 16896]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2005-11-30 58952]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fa87a2b-87ef-11dd-a83d-9c6200537cf2}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ad93744-867d-11dd-b8a2-c0a5df201c9c}]
\shell\AutoRun\command - G:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{957125cb-5655-11dd-9cb4-806e6f6e6963}]
\shell\AutoRun\command - E:\Install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-20 01:50]

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1543339451-3817775727-4072717512-1000.job
- c:\users\liam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-18 20:46]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-14 10:53]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-14 10:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mWindow Title =
uInternet Settings,ProxyServer = 192.168.1.2:80
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\INetHTTPFilter.dll
FF - ProfilePath - c:\users\liam\AppData\Roaming\Mozilla\Firefox\Profiles\952ltbw5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\nsaddestination.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\liam\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 03:00
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\gxvxcserv.sys]
"imagepath"="\systemroot\system32\drivers\gxvxccusrodrbbytwiutrjiexrrnpxecpqqtw.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\System\controlset002\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxccusrodrbbytwiutrjiexrrnpxecpqqtw.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'Explorer.exe'(5644)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\drivers\XAudio.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\System32\BCMWLTRY.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Completion time: 2009-04-28 3:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 02:07
ComboFix2.txt 2009-04-27 22:13

Pre-Run: 36,290,035,712 bytes free
Post-Run: 36,124,352,512 bytes free

462 --- E O F --- 2009-04-06 17:01


thanks again
morgo19 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-28-2009, 06:13 AM   #11 (permalink)
Moderator, Analyst, Security Team; Rangemaster, TSF Academy
 
Join Date: Oct 2007
Location: Georgia
Posts: 10,646
OS: XP SP3


Re: log from dds and zipped gmer files
Quote:
c:\users\liam\AppData\Roaming\uTorrent\[PC][-GTA San Andreas With Online Multiplayer-].torrent
c:\users\liam\AppData\Roaming\uTorrent\FL.Studio.8.0.0.XXL.Producer.Edition+Crack.torrent
c:\users\liam\AppData\Roaming\uTorrent\Fruity Loops Studio 8.0.0 Producer Edition FINAL -Incl. Crack.torrent
c:\users\liam\AppData\Roaming\uTorrent\GTASanAndreas.rar.torrent
c:\users\liam\AppData\Roaming\uTorrent\Mixmeister 7.0.2.0 Fusion with Crack.torrent
c:\users\liam\AppData\Roaming\uTorrent\Numark Cue v4.1-BEAN.torrent
This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

==== Installed Programs ====

FL Studio 8
GTA San Andreas
Numark Cue (Atomix Productions)

------------------------------------------------------
__________________
Our help is free but please donate

Proud member of ASAP
Proud member of UNITE
chemist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Closed Thread

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:24 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85