Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Possible Hijack/Malware IE8

This is a discussion on Possible Hijack/Malware IE8 within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Guys Every morning when I boot my machine i get a popup that opens for aboit 1.5 seconds then


 
 
Thread Tools Search this Thread
Old 06-12-2010, 01:27 AM   #1
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista


Mistake

Hi Guys

Every morning when I boot my machine i get a popup that opens for aboit 1.5 seconds then closes again. when I check my usage it says my IE has visited some sites. please see below..

TODAYS USAGE

https://www.10fast.net/404.jsp

file:///C:/Users/TheNostradamus/Pictures/1280x1024.jpg

file:///C:/Users/TheNostradamus/Desktop/Attach.txt

file:///C:/Users/TheNostradamus/Desktop/DDS.txt

file:///C:/Users/TheNostradamus/Documents/initial.log

https://www.myplanets.netai.net/ipaddressd.php

https://redvase.bravenet.com/deliver/test_pop

LOGS..


DDS (Ver_10-03-17.01) - NTFSx86
Run by TheNostradamus at 8:56:54.51 on 12/06/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1049 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\tdmic.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\StartupMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe
C:\Users\TheNostradamus\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\TheNostradamus\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\ehome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TheNostradamus\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.itv-f1.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [googletalk] c:\users\thenostradamus\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BitTorrent DNA] "c:\users\thenostradamus\program files\dna\btdna.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [tdmic] c:\windows\system32\tdmic.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DataCardMonitor] c:\program files\t-mobile\web'n'walk manager\DataCardMonitor.exe
StartupFolder: c:\users\thenos~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: bmnet.dll
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\common files\hewlett-packard\hp device communication services\app\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\thenos~1\appdata\roaming\mozilla\firefox\profiles\hpxqd8dw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-25 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-11 42392]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-12-30 20392]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20100604.001\IDSvix86.sys [2010-6-8 286768]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-9-23 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 gupdate1c98bb3a2193e23;Google Update Service (gupdate1c98bb3a2193e23);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-12 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-13 1245064]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-4-7 79888]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-23 16896]
S4 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8dotnetservice\CF8DotNetsvc.exe [2008-10-30 77824]
S4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-10-30 65536]
S4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "coldfusion 8 odbc agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
S4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "coldfusion 8 odbc server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
S4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-10-30 2743056]
S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-22 47640]
S4 Macromedia JRun Admin Server;Macromedia JRun Admin Server;c:\jrun4\bin\jrunsvc.exe [2008-10-30 65536]
S4 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;c:\jrun4\bin\jrunsvc.exe [2008-10-30 65536]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-06-11 21:16:03 264142865 ----a-w- c:\windows\MEMORY.DMP
2010-06-08 21:36:26 0 d-----w- c:\users\thenos~1\appdata\roaming\Bytemobile
2010-06-08 21:30:41 0 d-----w- c:\users\thenostradamus\{6fc5bbaa-eff8-418a-9264-9de64473e627}
2010-06-08 21:26:19 8464 ----a-w- c:\windows\system32\sporder.dll
2010-06-08 21:26:19 719360 ----a-w- c:\windows\system32\bmutil.dll
2010-06-08 21:26:19 471040 ----a-w- c:\windows\system32\bmnet.dll
2010-06-08 21:26:19 270336 ----a-w- c:\windows\system32\bminstall.dll
2010-06-08 21:26:19 18816 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2010-06-08 21:26:19 126976 ----a-w- c:\windows\system32\bmdumpd.bin
2010-06-08 21:25:46 0 d-----w- c:\program files\T-Mobile
2010-06-08 21:13:21 0 d-----w- c:\program files\DC-Unlocker
2010-06-07 08:24:13 0 d-sh--w- C:\$RECYCLE.BIN
2010-06-07 07:04:34 0 d-----w- C:\CF
2010-06-06 17:54:03 0 d-----r- c:\program files\MameUI32
2010-06-01 22:34:00 0 d-----w- c:\program files\common files\xing shared
2010-05-26 11:48:51 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-23 06:17:47 0 d-----w- c:\program files\common files\Sonic Shared
2010-05-23 06:17:46 0 d-----w- c:\program files\Roxio
2010-05-22 17:59:00 0 d-----w- c:\users\thenos~1\appdata\roaming\RIM Palm&PPC Upgrade Wizard
2010-05-21 12:16:23 256 ----a-w- c:\windows\system32\pool.bin
2010-05-21 12:16:17 0 d-----w- c:\users\thenos~1\appdata\roaming\Research In Motion
2010-05-21 12:15:35 0 d-----w- c:\programdata\Research In Motion
2010-05-21 12:13:27 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-05-21 12:11:47 0 d-----w- c:\program files\common files\Research In Motion
2010-05-21 12:11:45 0 d-----w- c:\program files\Research In Motion
2010-05-14 22:28:34 81920 ----a-w- c:\windows\system32\Startup.cpl

==================== Find3M ====================

2010-06-09 21:59:28 155 ----a-w- c:\users\thenos~1\appdata\roaming\ftpfile.dat
2010-06-09 20:37:25 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 20:37:24 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-08 21:32:23 86016 ----a-w- c:\windows\inf\infpub.dat
2010-06-08 21:32:23 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-08 21:32:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 1741 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 14:15:56 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-28 20:49:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-26 14:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-18 06:49:21 54037 ----a-w- c:\programdata\nvModes.dat
2010-04-06 17:56:08 47360 ----a-w- c:\users\thenos~1\appdata\roaming\pcouffin.sys
2010-04-05 18:16:27 237568 ----a-w- c:\windows\system32\tdmic.exe
2010-04-05 18:16:27 158208 ----a-w- c:\windows\system32\tdmic.dll
2010-04-05 17:01:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 22:55:31 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55:31 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55:31 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 22:55:31 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55:31 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-02 15:54:38 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2009-11-17 19:22:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-09-24 14:22:16 174 --sha-w- c:\program files\desktop.ini
2007-08-03 17:03:05 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-07-31 18:55:12 106 --sh--w- c:\windows\WSYS049.SYS
2009-06-17 06:35:00 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-02-04 11:49:46 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-02-04 11:49:46 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-02-04 11:49:46 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-02-01 1730 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-03-30 18:43:49 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 8:58:51.61 ===============

I have no access to a windows install disk

Many thanks guys,, I trust you will let if me know if i have missed anything...

Sorry guys, forgot to say that the gmer scan kept crashing the pc so i only got the initial scan....
Attached Files
File Type: zip Attach.zip (4.9 KB, 22 views)
TheNostradamus is offline  
Sponsored Links
Advertisement
 
Old 06-16-2010, 06:13 AM   #2
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



**Bump**
TheNostradamus is offline  
Old 06-19-2010, 10:59 AM   #3
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



don't mean to bump this again but the last few day I have got a new error when shutting down. the error says "can not quit project1" ???
TheNostradamus is offline  
Sponsored Links
Advertisement
 
Old 06-20-2010, 09:09 PM   #4
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Hello TheNostradamus,

You mentioned in your previous thread that you had cleaned your system of malware yourself, and it appears you may have run ComboFix. If so, please post the C:\ComboFix.txt
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2010, 01:49 AM   #5
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



I dont seem to have the report, do you want me to download combofix and run again as per???
TheNostradamus is offline  
Old 06-21-2010, 05:16 AM   #6
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Yes. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2010, 07:42 AM   #7
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



Here you go...

ComboFix 10-06-20.06 - TheNostradamus 21/06/2010 14:46:33.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.768 [GMT 1:00]
Running from: c:\users\TheNostradamus\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))))))
.

2010-06-21 14:00 . 2010-06-21 14:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-21 14:00 . 2010-06-21 14:00 -------- d-----w- c:\users\MissyLooby\AppData\Local\temp
2010-06-21 14:00 . 2010-06-21 14:00 -------- d-----w- c:\users\Kayelle\AppData\Local\temp
2010-06-21 14:00 . 2010-06-21 14:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-21 14:00 . 2010-06-21 14:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-08 21:36 . 2010-06-08 21:36 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Bytemobile
2010-06-08 21:30 . 2010-06-08 21:30 -------- d-----w- c:\users\TheNostradamus\{6fc5bbaa-eff8-418a-9264-9de64473e627}
2010-06-08 21:26 . 2008-05-08 19:52 18816 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2010-06-08 21:26 . 2008-05-08 18:45 8464 ----a-w- c:\windows\system32\sporder.dll
2010-06-08 21:26 . 2008-05-08 18:43 471040 ----a-w- c:\windows\system32\bmnet.dll
2010-06-08 21:26 . 2008-05-08 18:42 270336 ----a-w- c:\windows\system32\bminstall.dll
2010-06-08 21:26 . 2008-05-08 18:42 126976 ----a-w- c:\windows\system32\bmdumpd.bin
2010-06-08 21:26 . 2008-05-08 18:42 719360 ----a-w- c:\windows\system32\bmutil.dll
2010-06-08 21:25 . 2010-06-08 21:25 -------- d-----w- c:\program files\T-Mobile
2010-06-08 21:13 . 2010-06-08 21:13 -------- d-----w- c:\program files\DC-Unlocker
2010-06-07 07:04 . 2010-06-07 07:42 -------- d-----w- C:\CF
2010-06-06 17:54 . 2010-06-06 21:31 -------- d-----r- c:\program files\MameUI32
2010-06-01 22:34 . 2010-06-01 22:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-26 11:48 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-23 06:17 . 2010-05-23 06:17 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-23 06:17 . 2010-05-23 06:18 -------- d-----w- c:\program files\Roxio
2010-05-22 17:59 . 2010-05-22 17:59 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\RIM Palm&PPC Upgrade Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 14:01 . 2009-03-16 14:02 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\DNA
2010-06-21 13:37 . 2010-04-04 20:26 163 ----a-w- c:\users\TheNostradamus\AppData\Roaming\ftpfile.dat
2010-06-21 07:03 . 2008-09-22 10:46 -------- d-----w- c:\program files\LogMeIn
2010-06-20 18:39 . 2009-07-08 15:55 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Uniblue
2010-06-20 18:05 . 2010-04-28 12:03 -------- d-----w- c:\program files\Spyware Doctor
2010-06-11 20:28 . 2007-04-04 21:01 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\BitTorrent
2010-06-11 18:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 18:42 . 2007-04-15 07:28 -------- d-----w- c:\progra~2\Microsoft Help
2010-06-11 13:24 . 2007-08-05 07:22 -------- d-----w- c:\program files\MagicISO
2010-06-09 20:37 . 2008-09-22 10:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 20:37 . 2008-09-22 10:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-09 09:08 . 2010-04-25 17:28 -------- d-----w- c:\program files\ewido anti-malware
2010-06-09 09:08 . 2008-01-13 22:07 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Media Player Classic
2010-06-09 09:00 . 2008-11-11 13:00 -------- d-----w- c:\program files\CCleaner
2010-06-09 06:51 . 2008-07-19 09:41 -------- d-----w- c:\program files\Safari
2010-06-06 14:36 . 2010-04-13 11:52 -------- d-----w- c:\progra~2\Norton
2010-06-06 09:49 . 2008-01-11 15:25 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\DivX
2010-06-05 11:48 . 2007-08-04 19:39 -------- d-----w- c:\program files\AoA Audio Extractor
2010-06-05 08:31 . 2009-05-09 17:17 -------- d-----w- c:\program files\Kidzui
2010-06-05 07:21 . 2008-07-10 16:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 18:56 . 2010-05-11 22:02 -------- d-----w- c:\progra~2\DivX
2010-06-04 18:55 . 2007-04-21 10:02 -------- d-----w- c:\program files\DivX
2010-06-01 22:34 . 2007-08-04 19:21 -------- d-----w- c:\program files\Common Files\Real
2010-06-01 22:34 . 2008-03-01 14:33 -------- d-----w- c:\program files\Real
2010-05-27 18:04 . 2010-03-27 08:47 439816 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-05-27 08:10 . 2009-03-21 16:40 -------- d-----w- c:\program files\Microsoft
2010-05-26 17:06 . 2010-06-11 10:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 08:04 . 2007-04-04 19:33 244392 ----a-w- c:\users\TheNostradamus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-23 06:18 . 2007-03-30 10:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-23 06:18 . 2008-01-10 21:23 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-23 06:17 . 2007-03-30 11:01 -------- d-----w- c:\progra~2\Roxio
2010-05-23 05:56 . 2010-05-21 12:15 -------- d-----w- c:\progra~2\Research In Motion
2010-05-22 19:45 . 2007-12-28 11:02 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\InstallShield
2010-05-21 13:14 . 2010-04-14 08:46 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 12:41 . 2010-05-21 12:16 256 ----a-w- c:\windows\system32\pool.bin
2010-05-21 12:16 . 2010-05-21 12:16 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Research In Motion
2010-05-21 12:15 . 2010-05-21 12:11 -------- d-----w- c:\program files\Research In Motion
2010-05-21 12:12 . 2010-05-21 12:11 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-17 01:09 . 2007-03-30 11:03 -------- d-----w- c:\program files\Google
2010-05-14 21:40 . 2010-05-14 21:40 1078 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe
2010-05-12 21:24 . 2007-04-08 09:01 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Apple Computer
2010-05-11 22:30 . 2007-10-26 18:06 1356 ----a-w- c:\users\TheNostradamus\AppData\Local\d3d9caps.dat
2010-05-11 22:16 . 2010-05-11 22:16 -------- d-----w- c:\program files\Xiph.Org
2010-05-11 22:04 . 2010-05-11 22:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-09 21:16 . 2007-10-11 20:44 -------- d-----w- c:\program files\Kontiki
2010-05-09 21:16 . 2007-10-11 20:44 -------- d-----w- c:\progra~2\Kontiki
2010-05-04 05:59 . 2010-06-11 10:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 10:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 10:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 23:49 . 2008-10-31 20:03 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2010-05-02 14:21 . 2007-03-30 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 14:15 . 2010-04-28 19:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 13:54 . 2007-03-30 10:54 -------- d-----w- c:\program files\Java
2010-05-02 13:54 . 2007-03-30 10:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:42 . 2009-03-16 14:02 -------- d-----w- c:\program files\DNA
2010-05-02 13:23 . 2009-01-18 14:14 -------- d-----w- c:\users\Kayelle\AppData\Roaming\Apple Computer
2010-05-01 22:15 . 2010-05-01 22:15 3584 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-01 22:15 . 2010-05-01 22:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-01 22:13 . 2009-12-03 15:46 -------- d-----w- c:\program files\MSECache
2010-05-01 22:00 . 2010-03-13 11:29 -------- d-----w- c:\progra~2\Ulead Systems
2010-05-01 14:13 . 2010-06-11 10:04 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 13:25 . 2008-09-18 11:10 -------- d-----w- c:\program files\Opera
2010-04-28 21:24 . 2009-06-15 10:49 -------- d-----w- c:\program files\Common Files\Stardock
2010-04-28 20:49 . 2010-04-28 20:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-26 08:49 . 2010-04-26 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 09:30 . 2010-04-25 09:30 -------- d-----w- c:\program files\Panda Security
2010-04-18 06:49 . 2009-07-08 19:03 54037 ----a-w- c:\progra~2\nvModes.dat
2010-04-12 12:00 . 2010-04-12 11:58 26694 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-04-12 12:00 . 2010-04-12 11:58 26694 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-05 18:16 . 2010-04-05 18:16 237568 ----a-w- c:\windows\system32\tdmic.exe
2010-04-05 18:16 . 2010-04-05 18:16 158208 ----a-w- c:\windows\system32\tdmic.dll
2010-04-05 17:01 . 2010-06-11 10:04 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 22:55 . 2010-04-15 14:34 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-04-15 14:34 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2010-04-15 14:34 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 22:55 . 2010-04-15 14:34 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2010-04-15 14:34 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-02 15:54 . 2007-09-17 08:07 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-31 01:58 . 2007-04-04 17:08 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-31 01:58 . 2007-03-29 08:56 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-29 14:24 . 2010-04-26 08:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:24 . 2010-04-26 08:49 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-08-03 17:03 . 2007-08-03 17:03 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-03-31 21:47 . 2009-01-13 10:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2002-07-31 18:55 . 2010-03-20 13:18 106 --sh--w- c:\windows\WSYS049.SYS
2007-03-30 18:43 . 2007-03-30 18:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\TheNostradamus\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\TheNostradamus\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-22 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"tdmic"="c:\windows\system32\tdmic.exe" [2010-04-05 237568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-01 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-06-08 253952]

c:\users\MissyLooby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\TheNostradamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-4-28 3450608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-10 16:00 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-03-09 08:22 654648 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-18 11:34 1238352 ----a-w- c:\games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,7b,7c,91,7a,44,ca,01

R2 gupdate1c98bb3a2193e23;Google Update Service (gupdate1c98bb3a2193e23);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-04-07 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8dotnetservice\CF8DotNetsvc.exe [2008-10-30 77824]
R4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-03-18 65536]
R4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [x]
R4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [x]
R4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-03-12 2743056]
R4 Macromedia JRun Admin Server;Macromedia JRun Admin Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-04-14 716272]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100604.001\IDSvix86.sys [2009-11-20 286768]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:19]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-06-21 c:\windows\Tasks\User_Feed_Synchronization-{41F550E9-2C3D-46F6-920F-BA37B5932926}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.itv-f1.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: bmnet.dll
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\TheNostradamus\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqd8dw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-06-21 15:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe? Files\Microsoft Shared\Windows??Y?hp??0;??????OM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC?PROCESSOR_ARCHITECTURE=x86?PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineInt

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3951779315-1583897901-968269241-1000\C* Å*]
@Allowed: (Read) (RestrictedCode)
"WriteErrorLog"="No"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(2660)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-06-21 15:05:56
ComboFix-quarantined-files.txt 2010-06-21 14:05
ComboFix2.txt 2010-06-07 07:42
ComboFix3.txt 2010-05-29 13:49
ComboFix4.txt 2010-05-13 08:52
ComboFix5.txt 2010-06-21 13:40


Pre-Run: 88,534,364,160 bytes free
Post-Run: 88,627,765,248 bytes free

- - End Of File - - 272B5667BEF75B0235F4C51AD5D802A1

Cheers mate....
TheNostradamus is offline  
Old 06-21-2010, 07:45 AM   #8
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Please go to Virus Total
  • Copy paste the following full path into the empty box under 'Upload a file'

    c:\windows\system32\tdmic.exe
  • Click 'Send File'
  • If you see a message 'File has already been analysed'. Click Reanalyse file now.
Copy/paste the results into Notepad and save it to your desktop. Please post the results in your next reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2010, 08:22 AM   #9
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



File tdmic.exe received on 2010.06.21 15:20:24 (UTC)
Current status: finished
Result: 1/41 (2.44%)
Compact
Print results Antivirus Version Last Update Result
a-squared 5.0.0.30 2010.06.21 -
AhnLab-V3 2010.06.21.02 2010.06.21 -
AntiVir 8.2.2.6 2010.06.21 TR/VB.237568
Antiy-AVL 2.0.3.7 2010.06.18 -
Authentium 5.2.0.5 2010.06.21 -
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
AVG 9.0.0.787 2010.06.21 -
BitDefender 7.2 2010.06.21 -
CAT-QuickHeal 10.00 2010.06.18 -
ClamAV 0.96.0.3-git 2010.06.21 -
Comodo 5174 2010.06.21 -
DrWeb 5.0.2.03300 2010.06.21 -
eSafe 7.0.17.0 2010.06.20 -
eTrust-Vet 36.1.7654 2010.06.21 -
F-Prot 4.6.1.107 2010.06.20 -
F-Secure 9.0.15370.0 2010.06.21 -
Fortinet 4.1.133.0 2010.06.21 -
GData 21 2010.06.21 -
Ikarus T3.1.1.84.0 2010.06.21 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.21 -
McAfee 5.400.0.1158 2010.06.21 -
McAfee-GW-Edition 2010.1 2010.06.21 -
Microsoft 1.5902 2010.06.21 -
NOD32 5215 2010.06.21 -
Norman 6.05.06 2010.06.21 -
nProtect 2010-06-21.01 2010.06.21 -
Panda 10.0.2.7 2010.06.20 -
PCTools 7.0.3.5 2010.06.21 -
Prevx 3.0 2010.06.21 -
Rising 22.53.00.04 2010.06.21 -
Sophos 4.54.0 2010.06.21 -
Sunbelt 6482 2010.06.21 -
Symantec 20101.1.0.89 2010.06.21 -
TheHacker 6.5.2.0.302 2010.06.20 -
TrendMicro 9.120.0.1004 2010.06.21 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.21 -
VBA32 3.12.12.5 2010.06.21 -
ViRobot 2010.6.21.3896 2010.06.21 -
VirusBuster 5.0.27.0 2010.06.21 -
Additional information
File size: 237568 bytes
MD5...: 8b5016443ec29e3f6fbd8dcf862e04df
SHA1..: b6806f2bd4ddbe4ca4bd430ed9f4f185e63e6f0d
SHA256: 1f0ec69b5380d52b131cd030511bfb673712ea988e8870a2a46f7ee512f881d2
ssdeep: 6144:E/RMTKqOyhQBC2XH253ipdkoZOPkDs1TsUhzqL2IxyJcOt0MxU2ZO62:E/R
MWZvC2XH253iPkt1oUhzqL2IxyJcJ
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2ea8
timedatestamp.....: 0x4af0386c (Tue Nov 03 14:04:28 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x36570 0x37000 5.67 06c250793df36cde70cb6840ad99a6d7
.data 0x38000 0xd90 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x39000 0x8f0 0x1000 1.94 1c81425a82c648be1498cb26b75025b0

( 1 imports )
> MSVBVM60.DLL: EVENT_SINK_GetIDsOfNames, __vbaVarTstGt, __vbaVarSub, _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaVarVargNofree, __vbaAryMove, __vbaFreeVar, __vbaLateIdCall, __vbaStrVarMove, __vbaLenBstr, __vbaLineInputStr, __vbaFreeVarList, __vbaEnd, __vbaPut3, _adj_fdiv_m64, EVENT_SINK_Invoke, __vbaFreeObjList, -, _adj_fprem1, __vbaRecAnsiToUni, -, __vbaCopyBytes, -, __vbaVarCmpNe, __vbaStrCat, __vbaRecDestruct, __vbaSetSystemError, __vbaHresultCheckObj, __vbaVargVarCopy, __vbaLenVar, _adj_fdiv_m32, __vbaVarTstLe, Zombie_GetTypeInfo, __vbaAryDestruct, __vbaStrBool, -, __vbaVarForInit, __vbaExitProc, -, __vbaFileCloseAll, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarIndexLoad, -, -, __vbaBoolVar, -, __vbaVarTstLt, __vbaBoolVarNull, __vbaRefVarAry, __vbaFpR8, _CIsin, __vbaErase, -, -, __vbaVargVarMove, -, __vbaVarCmpGt, __vbaChkstk, __vbaFileClose, -, EVENT_SINK_AddRef, -, __vbaGenerateBoundsError, __vbaStrCmp, -, __vbaGet3, __vbaAryConstruct2, __vbaPutOwner3, __vbaVarTstEq, __vbaI2I4, __vbaObjVar, DllFunctionCall, __vbaVarOr, __vbaVarLateMemSt, __vbaFpUI1, __vbaCastObjVar, __vbaRedimPreserve, __vbaLbound, _adj_fpatan, __vbaLateIdCallLd, Zombie_GetTypeInfoCount, __vbaRedim, __vbaRecUniToAnsi, EVENT_SINK_Release, __vbaNew, -, -, __vbaUI1I2, _CIsqrt, __vbaVarAnd, __vbaObjIs, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaStrUI1, __vbaExceptHandler, __vbaStrToUnicode, __vbaPrintFile, -, _adj_fprem, _adj_fdivr_m64, -, __vbaI2Str, -, -, __vbaFPException, -, __vbaInStrVar, -, __vbaGetOwner3, __vbaStrVarVal, __vbaUbound, __vbaVarCat, -, __vbaI2Var, -, -, __vbaStopExe, -, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaVar2Vec, -, __vbaVarLateMemCallLdRf, __vbaNew2, __vbaInStr, -, -, _adj_fdiv_m32i, -, _adj_fdivr_m32i, __vbaStrCopy, -, -, __vbaI4Str, __vbaVarNot, __vbaFreeStrList, _adj_fdivr_m32, __vbaPowerR8, _adj_fdiv_r, -, -, -, __vbaVarTstNe, __vbaVarSetVar, __vbaI4Var, __vbaVarCmpEq, -, __vbaAryLock, __vbaVarAdd, __vbaLateMemCall, -, __vbaVarDup, __vbaStrToAnsi, -, -, -, __vbaFpI2, __vbaVarTstGe, __vbaVarCopy, __vbaVarLateMemCallLd, -, __vbaUnkVar, __vbaFpI4, __vbaR8IntI2, -, __vbaVarSetObjAddref, _CIatan, __vbaStrMove, __vbaCastObj, -, -, __vbaR8IntI4, __vbaStrVarCopy, _allmul, __vbaLateIdSt, _CItan, __vbaAryUnlock, __vbaFPInt, __vbaVarForNext, _CIexp, __vbaMidStmtBstr, __vbaRecAssign, __vbaFreeObj, __vbaFreeStr, -

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Microsoft Visual Basic 6 (86.2%)
Win32 Executable Generic (5.8%)
Win32 Dynamic Link Library (generic) (5.1%)
Generic Win/DOS Executable (1.3%)
DOS Executable Generic (1.3%)
sigcheck:
publisher....: AdminSystem Software Limited
copyright....: n/a
product......: Project1
description..: n/a
original name: tdmic.exe
internal name: tdmic
file version.: 1.00
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
TheNostradamus is offline  
Old 06-21-2010, 11:29 AM   #10
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Quote:
I have got a new error when shutting down. the error says "can not quit project1" ???
There's your project1. This appears to be legit email software --> https://www.google.com/search?q=Admin...ware%20Limited

Does this sound familiar to you?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-21-2010, 11:59 AM   #11
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



Hi, I cant think of any program that would be and I have never had any dealings with Adminsystem Software????

Im mystified......
TheNostradamus is offline  
Old 06-21-2010, 12:09 PM   #12
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Alright, then we'll remove it.

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.


***************************************************

Open notepad and copy/paste the text in the code box below into it:

Quote:

File::
c:\windows\system32\tdmic.exe
c:\windows\system32\tdmic.dll
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe. Please allow Combofix to update if prompted.


When finished, it shall produce a log for you. Post that log in your next reply along with an update on system behavior.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2010, 02:23 AM   #13
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



Here you go dude...

ComboFix 10-06-21.01 - TheNostradamus 22/06/2010 1:13.11.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.935 [GMT 1:00]
Running from: c:\users\TheNostradamus\Desktop\ComboFix.exe
Command switches used :: c:\users\TheNostradamus\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\tdmic.dll"
"c:\windows\system32\tdmic.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tdmic.dll
c:\windows\system32\tdmic.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-22 to 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 00:29 . 2010-06-22 00:29 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-22 00:29 . 2010-06-22 00:29 -------- d-----w- c:\users\MissyLooby\AppData\Local\temp
2010-06-22 00:29 . 2010-06-22 00:29 -------- d-----w- c:\users\Kayelle\AppData\Local\temp
2010-06-22 00:29 . 2010-06-22 00:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-22 00:29 . 2010-06-22 00:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-08 21:36 . 2010-06-08 21:36 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Bytemobile
2010-06-08 21:30 . 2010-06-08 21:30 -------- d-----w- c:\users\TheNostradamus\{6fc5bbaa-eff8-418a-9264-9de64473e627}
2010-06-08 21:26 . 2008-05-08 19:52 18816 ----a-w- c:\windows\system32\drivers\tcpipBM.sys
2010-06-08 21:26 . 2008-05-08 18:45 8464 ----a-w- c:\windows\system32\sporder.dll
2010-06-08 21:26 . 2008-05-08 18:43 471040 ----a-w- c:\windows\system32\bmnet.dll
2010-06-08 21:26 . 2008-05-08 18:42 270336 ----a-w- c:\windows\system32\bminstall.dll
2010-06-08 21:26 . 2008-05-08 18:42 126976 ----a-w- c:\windows\system32\bmdumpd.bin
2010-06-08 21:26 . 2008-05-08 18:42 719360 ----a-w- c:\windows\system32\bmutil.dll
2010-06-08 21:25 . 2010-06-08 21:25 -------- d-----w- c:\program files\T-Mobile
2010-06-08 21:13 . 2010-06-08 21:13 -------- d-----w- c:\program files\DC-Unlocker
2010-06-07 07:04 . 2010-06-07 07:42 -------- d-----w- C:\CF
2010-06-06 17:54 . 2010-06-06 21:31 -------- d-----r- c:\program files\MameUI32
2010-06-01 22:34 . 2010-06-01 22:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-26 11:48 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-23 06:17 . 2010-05-23 06:17 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-05-23 06:17 . 2010-05-23 06:18 -------- d-----w- c:\program files\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-22 00:31 . 2009-03-16 14:02 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\DNA
2010-06-22 00:12 . 2008-09-22 10:46 -------- d-----w- c:\program files\LogMeIn
2010-06-22 00:00 . 2010-04-04 20:26 167 ----a-w- c:\users\TheNostradamus\AppData\Roaming\ftpfile.dat
2010-06-20 18:39 . 2009-07-08 15:55 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Uniblue
2010-06-20 18:05 . 2010-04-28 12:03 -------- d-----w- c:\program files\Spyware Doctor
2010-06-11 20:28 . 2007-04-04 21:01 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\BitTorrent
2010-06-11 18:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 18:42 . 2007-04-15 07:28 -------- d-----w- c:\progra~2\Microsoft Help
2010-06-11 13:24 . 2007-08-05 07:22 -------- d-----w- c:\program files\MagicISO
2010-06-09 20:37 . 2008-09-22 10:46 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 20:37 . 2008-09-22 10:46 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-09 09:08 . 2010-04-25 17:28 -------- d-----w- c:\program files\ewido anti-malware
2010-06-09 09:08 . 2008-01-13 22:07 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Media Player Classic
2010-06-09 09:00 . 2008-11-11 13:00 -------- d-----w- c:\program files\CCleaner
2010-06-09 06:51 . 2008-07-19 09:41 -------- d-----w- c:\program files\Safari
2010-06-06 14:36 . 2010-04-13 11:52 -------- d-----w- c:\progra~2\Norton
2010-06-06 09:49 . 2008-01-11 15:25 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\DivX
2010-06-05 11:48 . 2007-08-04 19:39 -------- d-----w- c:\program files\AoA Audio Extractor
2010-06-05 08:31 . 2009-05-09 17:17 -------- d-----w- c:\program files\Kidzui
2010-06-05 07:21 . 2008-07-10 16:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 18:56 . 2010-05-11 22:02 -------- d-----w- c:\progra~2\DivX
2010-06-04 18:55 . 2007-04-21 10:02 -------- d-----w- c:\program files\DivX
2010-06-01 22:34 . 2007-08-04 19:21 -------- d-----w- c:\program files\Common Files\Real
2010-06-01 22:34 . 2008-03-01 14:33 -------- d-----w- c:\program files\Real
2010-05-27 18:04 . 2010-03-27 08:47 439816 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-05-27 08:10 . 2009-03-21 16:40 -------- d-----w- c:\program files\Microsoft
2010-05-26 17:06 . 2010-06-11 10:04 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-11 10:04 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 08:04 . 2007-04-04 19:33 244392 ----a-w- c:\users\TheNostradamus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-23 06:18 . 2007-03-30 10:58 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-23 06:18 . 2008-01-10 21:23 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-05-23 06:17 . 2007-03-30 11:01 -------- d-----w- c:\progra~2\Roxio
2010-05-23 05:56 . 2010-05-21 12:15 -------- d-----w- c:\progra~2\Research In Motion
2010-05-22 19:45 . 2007-12-28 11:02 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\InstallShield
2010-05-22 17:59 . 2010-05-22 17:59 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\RIM Palm&PPC Upgrade Wizard
2010-05-21 13:14 . 2010-04-14 08:46 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 12:41 . 2010-05-21 12:16 256 ----a-w- c:\windows\system32\pool.bin
2010-05-21 12:16 . 2010-05-21 12:16 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Research In Motion
2010-05-21 12:15 . 2010-05-21 12:11 -------- d-----w- c:\program files\Research In Motion
2010-05-21 12:12 . 2010-05-21 12:11 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-05-17 01:09 . 2007-03-30 11:03 -------- d-----w- c:\program files\Google
2010-05-14 21:40 . 2010-05-14 21:40 1078 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe
2010-05-12 21:24 . 2007-04-08 09:01 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Apple Computer
2010-05-11 22:30 . 2007-10-26 18:06 1356 ----a-w- c:\users\TheNostradamus\AppData\Local\d3d9caps.dat
2010-05-11 22:16 . 2010-05-11 22:16 -------- d-----w- c:\program files\Xiph.Org
2010-05-11 22:04 . 2010-05-11 22:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-09 21:16 . 2007-10-11 20:44 -------- d-----w- c:\program files\Kontiki
2010-05-09 21:16 . 2007-10-11 20:44 -------- d-----w- c:\progra~2\Kontiki
2010-05-04 05:59 . 2010-06-11 10:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-11 10:04 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-11 10:04 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-11 10:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-02 23:49 . 2008-10-31 20:03 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2010-05-02 14:21 . 2007-03-30 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 14:15 . 2010-04-28 19:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 13:54 . 2007-03-30 10:54 -------- d-----w- c:\program files\Java
2010-05-02 13:54 . 2007-03-30 10:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:42 . 2009-03-16 14:02 -------- d-----w- c:\program files\DNA
2010-05-02 13:23 . 2009-01-18 14:14 -------- d-----w- c:\users\Kayelle\AppData\Roaming\Apple Computer
2010-05-01 22:15 . 2010-05-01 22:15 3584 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-01 22:15 . 2010-05-01 22:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-01 22:13 . 2009-12-03 15:46 -------- d-----w- c:\program files\MSECache
2010-05-01 22:00 . 2010-03-13 11:29 -------- d-----w- c:\progra~2\Ulead Systems
2010-05-01 14:13 . 2010-06-11 10:04 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 13:25 . 2008-09-18 11:10 -------- d-----w- c:\program files\Opera
2010-04-28 21:24 . 2009-06-15 10:49 -------- d-----w- c:\program files\Common Files\Stardock
2010-04-28 20:49 . 2010-04-28 20:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-26 08:49 . 2010-04-26 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 09:30 . 2010-04-25 09:30 -------- d-----w- c:\program files\Panda Security
2010-04-18 06:49 . 2009-07-08 19:03 54037 ----a-w- c:\progra~2\nvModes.dat
2010-04-12 12:00 . 2010-04-12 11:58 26694 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-04-12 12:00 . 2010-04-12 11:58 26694 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-05 17:01 . 2010-06-11 10:04 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 22:55 . 2010-04-15 14:34 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-04-15 14:34 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2010-04-15 14:34 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 22:55 . 2010-04-15 14:34 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2010-04-15 14:34 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-02 15:54 . 2007-09-17 08:07 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-31 01:58 . 2007-04-04 17:08 133616 ------w- c:\windows\system32\PxAFS.DLL
2010-03-31 01:58 . 2007-03-29 08:56 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-29 14:24 . 2010-04-26 08:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:24 . 2010-04-26 08:49 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-08-03 17:03 . 2007-08-03 17:03 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-03-31 21:47 . 2009-01-13 10:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2002-07-31 18:55 . 2010-03-20 13:18 106 --sh--w- c:\windows\WSYS049.SYS
2007-03-30 18:43 . 2007-03-30 18:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\TheNostradamus\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\TheNostradamus\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-22 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-10-24 206112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-01 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-06-08 253952]

c:\users\MissyLooby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\TheNostradamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-4-28 3450608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2010-3-10 1819992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-10 16:00 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-03-09 08:22 654648 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-18 11:34 1238352 ----a-w- c:\games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,7b,7c,91,7a,44,ca,01

R2 gupdate1c98bb3a2193e23;Google Update Service (gupdate1c98bb3a2193e23);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-04-07 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8dotnetservice\CF8DotNetsvc.exe [2008-10-30 77824]
R4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-03-18 65536]
R4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [x]
R4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [x]
R4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-03-12 2743056]
R4 Macromedia JRun Admin Server;Macromedia JRun Admin Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-04-14 716272]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100604.001\IDSvix86.sys [2009-11-20 286768]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:19]

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-06-22 c:\windows\Tasks\User_Feed_Synchronization-{41F550E9-2C3D-46F6-920F-BA37B5932926}.job
- c:\windows\system32\msfeedssync.exe [2010-06-11 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.itv-f1.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
LSP: bmnet.dll
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\TheNostradamus\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqd8dw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tdmic - c:\windows\system32\tdmic.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-06-22 01:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe? Files\Microsoft Shared\Windows??Y?hp??0;??????OM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC?PROCESSOR_ARCHITECTURE=x86?PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineInt

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3951779315-1583897901-968269241-1000\C* Å*]
@Allowed: (Read) (RestrictedCode)
"WriteErrorLog"="No"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\bmnet.dll
.
Completion time: 2010-06-22 01:35:02
ComboFix-quarantined-files.txt 2010-06-22 00:34
ComboFix2.txt 2010-06-21 14:05
ComboFix3.txt 2010-06-07 07:42
ComboFix4.txt 2010-05-29 13:49
ComboFix5.txt 2010-06-22 00:04

Pre-Run: 88,770,932,736 bytes free
Post-Run: 88,863,117,312 bytes free

- - End Of File - - B79FD4BC3690389FF66AD21A17CC83D7
TheNostradamus is offline  
Old 06-22-2010, 05:28 AM   #14
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



Thanks. What symptoms remain?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2010, 05:35 AM   #15
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



Seems a lot better, However,

Why would this be in my IE8 History today.

https://www.myplanets.netai.net/ipaddressd.php
file:///C:/Users/TheNostradamus/Pictures/HolidayElite/Greece/Sani%2520Holidays/4-Grade3.jpg
file:///C:/Users/TheNostradamus/Pictures/HolidayElite/Greece/Sani%2520Holidays/5-Grade2.jpg
file:///C:/Users/TheNostradamus/Documents/FOA%2520New%2520Clan%2520Members.docx

the last 3 are files I have looted at today but why are they showing in IE history and whats the ipaddressed.php web page doing????

anything to worrie about??
TheNostradamus is offline  
Old 06-22-2010, 05:41 AM   #16
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



No, it's nothing to worry about. Internet Explorer is not just an internet browser like Opera, FireFox, etc. It is an integral part of the Windows Operating System. Type any path in the address bar and it'll take you to that file, same as Windows Explorer. Type in C:\ and you'll see a list of what is on your C:\ drive.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2010, 05:44 AM   #17
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



No worries Ried thats really appreciated, but what about thats web page, its there every day and it aint me...???

https://www.myplanets.netai.net/ipaddressd.php
TheNostradamus is offline  
Old 06-22-2010, 05:52 AM   #18
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



My thought is that page was somehow accessed at one time and as you know, IE will hold browsing history.

I see you have CCleaner onboard. Launch the program and check all boxes under Internet Explorer. Click Analyze, then Run Cleaner.

Does that web address return?
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 06-22-2010, 05:54 AM   #19
Registered Member
 
TheNostradamus's Avatar
 
Join Date: Jun 2010
Location: UK
Posts: 14
OS: Vista



OK dude, Im sure i have done that but we will give it a try and let you know tomorrow.

As always many thanks for all your efforts, its really appreciated..
TheNostradamus is offline  
Old 06-22-2010, 08:39 PM   #20
TSF Security Manager
Emeritus
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,837
OS: WinXP Home, Vista, Windows 7 64bit



You're welcome. I'll be standing by... :)
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 05:52 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts