Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

MediaTubeCodec- now computer is almost unusable

This is a discussion on MediaTubeCodec- now computer is almost unusable within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. When browsing a site, I accidentally agreed to download a file called "MediaTubeCodec" via an activeX popup on my screen.


 
 
Thread Tools Search this Thread
Old 07-08-2008, 12:28 AM   #1
Guest
 
Join Date: May 2008
Posts: 10
OS:



When browsing a site, I accidentally agreed to download a file called "MediaTubeCodec" via an activeX popup on my screen. As it was downloading I went to click "cancel" in the "downloads" window, but right as I did the download finished and "cancel" turned to "open". The program insalled itself and dissapeared. I was hoping it was nothing, but shortly after I started recieving those dreaded pop-ups advertising a fake virus-protection program called System Defender. I was then notified that my "automatic updates" for Windows security stuff had been turned off.

I was looking at my McAfee options and wondering why McAfee hadn't caught anything when my desktop flickered, my icons re-arranged themselves and my wallpaper was replaced with a red background with a large bloody biohazard sign and the words, "Download privacy protection software now". To make things worse, the background is somehow a giant button, so if I click ANYWHERE on my desktop, IE pops up and takes me to the fake-virus protection site. My clock has been replaced with a thing that says "VIRUS ALERT".

I decided not to wait around for McAfee to do a full scan and went to do a System Restore, but the control panel, show-all programs tab, My Computer, and many other components of the start menu are missing. Hitting ctrl+alt+del gives me a message that says "the task manager has been disabled by the administrator".

So I can't system restore, use add-remove programs, open programs from the start menu, or click on anything on my desktop. On top of that, attempting to boot up in Safe Mode locks up the computer. I was later able to enter "windows services recovery" or something by hitting F8 during startup, and I was able to get to system restore from there, but all my restore points had been deleted and I still couldn't get to the control panel.

Other side affects include not being able to run firefox (it just crashes instantly), a large blinking red X on my start bar, windows alt-tabbing on their own (for example when I am typing this now, windows in the background will suddenly pop up to front), and some INCREDIBLY ANNOYING bug when typing. When I type it doesn't register one out of every 3-8 keys that I hit, so typing a sentence like this would look like "typng a setenc ike this" if I didn't go back and fix it. You have NO idea how long it took just to make this post readable.

I tried downloading Pandascan but there was an error every time so I just skipped it. I was able to download Deckard and run it by hitting Windows-key+R and typing in the file location (since I couldn't click on it).

Here's the log, PLEASE help as quick as you can.

Deckard's System Scanner v20071014.68
Run by Andrew on 2008-07-08 01:42:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-07-08 05:42:57 UTC - RP472 - Deckard's System Scanner Restore Point
43: 2008-07-08 05:25:54 UTC - RP471 - Last known good configuration
42: 2008-07-08 05:25:30 UTC - RP470 - Restore Operation
41: 2008-07-08 05:25:29 UTC - RP469 - Last known good configuration
40: 2008-07-08 05:25:27 UTC - RP468 - Installed VeohTV BETA


-- First Restore Point --
1: 2008-07-08 05:25:12 UTC - RP429 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.3 GiB (less than 15%) free.


-- HijackThis (run as Andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:46: VIRUS ALERT!, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\DOCUME~1\ANDREW~1.000\LOCALS~1\Temp\atmadm2.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apple Computer\[email protected]\DVDAccess.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrew.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/ig/dell?hl=en&...suk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = https://www.google.com/ig/dell?hl=en&...suk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: (no name) - {33DA9E3C-935E-4EC2-977D-AFE3A3B5E727} - C:\WINDOWS\system32\iifeBRKc.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6F5ED3A1-78C9-4D6A-9A50-6C41C1A9BB08} - C:\WINDOWS\system32\iiffGVPF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: QXK Olive - {923C5BC4-222D-4765-8B05-1DA745853776} - C:\WINDOWS\wbxdpgfekal.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: sqvgnrpx - {6A25115D-10F0-4897-9866-A8350EEEB16A} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DelayLoad] C:\DOCUME~1\ANDREW~1.000\LOCALS~1\Temp\atmadm2.exe
O4 - HKLM\..\Run: [e85541a9] rundll32.exe "C:\WINDOWS\system32\kbsovroe.dll",b
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Other Stuff\flip\Yodm3D.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: -
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: [email protected] = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/micr...?1188667937843
O16 - DPF: {A9FA983C-B8D7-4AD3-8BD0-BE7DE3FF814F} (WittConnectCheck.ctlWittConnectCheck) - https://wittconnect2.wittenberg.edu/...nnectCheck.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: iifeBRKc - C:\WINDOWS\SYSTEM32\iifeBRKc.dll
O21 - SSODL: fsrpknov - {4F8FA692-2F91-4C33-BE95-A8264DD79645} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {60DF4272-723A-403D-B87C-08ABE940D81D} - C:\WINDOWS\fdxbameg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 15977 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
R3 libusb0 (LibUsb-Win32 - Kernel Driver, Version 0.1.10.1) - c:\windows\system32\drivers\libusb0.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 BootScreen - c:\windows\\systemroot\system32\drivers\vidstub.sys (file missing)
S2 X4HSX32 - c:\program files\gametap\bin\release\x4hsx32.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 libusbd (LibUsb-Win32 - Daemon, Version 0.1.10.1) - system32\libusbd-nt.exe <Not Verified; https://libusb-win32.sourceforge.net; LibUsb-Win32>
R2 RMSvc (Media Center Extender Resource Monitor) - c:\windows\ehome\rmsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-09 02:07:58 272 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-05-26 13:55:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-10 17:29:28 394 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 01:46:12 0 d-------- C:\Program Files\Trend Micro
2008-07-08 01:40:19 0 d-------- C:\Program Files\Panda Security
2008-07-08 01:31:04 89088 --a------ C:\WINDOWS\system32\kbsovroe.dll
2008-07-07 23:17:59 4641 --ahs---- C:\WINDOWS\system32\FPVGffii.ini2
2008-07-07 23:17:56 318720 --a------ C:\WINDOWS\system32\iiffGVPF.dll
2008-07-07 23:12:51 28288 --a------ C:\WINDOWS\system32\iifeBRKc.dll
2008-07-07 23:12:29 0 d-------- C:\WINDOWS\privacy_danger
2008-07-07 23:12:27 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\TmpRecentIcons
2008-07-07 23:12:11 303104 --a------ C:\WINDOWS\wbxdpgfekal.dll
2008-07-07 23:12:11 155648 --a------ C:\WINDOWS\sqvgnrpx.dll
2008-07-07 23:12:11 86016 --a------ C:\WINDOWS\gpefaowr.exe
2008-07-07 23:12:11 196608 --a------ C:\WINDOWS\fsrpknov.dll
2008-07-07 23:12:11 229376 --a------ C:\WINDOWS\fdxbameg.dll
2008-07-07 23:12:11 94208 --a------ C:\WINDOWS\ewkg.exe
2008-07-07 23:12:01 0 d-------- C:\Program Files\Antivirus 2008 PRO
2008-07-06 02:54:37 0 d-------- C:\Program Files\Veoh Networks
2008-06-09 01:27:45 0 d-------- C:\Program Files\DivX


-- Find3M Report ---------------------------------------------------------------

2008-07-04 00:49:55 70209 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-04 00:07:23 0 d-------- C:\Program Files\Trillian
2008-06-24 23:10:38 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport
2008-06-12 00:43:12 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Publish Providers
2008-06-10 19:57:47 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Apple Computer
2008-06-09 23:10:42 0 d-------- C:\Program Files\QuickTime
2008-06-09 02:07:57 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\uTorrent
2008-06-02 21:57:01 0 d-------- C:\Program Files\Diablo II
2008-06-02 21:56:27 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-02 04:12:50 0 d-------- C:\Program Files\EA GAMES
2008-06-01 22:17:56 0 d-------- C:\Program Files\Warcraft III
2008-05-30 13:22:22 3596288 --a----c- C:\WINDOWS\system32\qt-dx331.dll
2008-05-30 13:18:56 196608 --a----c- C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-30 13:18:56 81920 --a----c- C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-30 13:18:50 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 13:18:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:48 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:48 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 13:18:00 12288 --a----c- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-28 22:52:06 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Emulators
2008-05-26 13:55:03 0 d-------- C:\Program Files\Apple Software Update
2008-05-17 15:59:12 0 d-------- C:\Program Files\Pistachio Productions
2008-05-16 18:45:07 0 d-------- C:\Program Files\Ventrilo
2008-05-16 18:44:39 0 d-------- C:\Program Files\Common Files
2008-05-16 18:44:39 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 14:00:22 0 d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Media Player Classic
2008-05-15 13:37:30 0 d-------- C:\Program Files\3ivx
2008-05-14 21:02:07 35369 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-14 20:48:30 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-05-14 20:48:30 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-05-14 20:48:30 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-05-14 17:39:36 2829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-14 17:39:36 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2008-05-14 16:42:49 0 d-------- C:\Program Files\WIDCOMM
2008-05-13 20:53:15 76058 --a------ C:\WINDOWS\War3Unin.dat
2008-05-13 20:46:14 2829 --a------ C:\WINDOWS\War3Unin.pif
2008-05-13 20:46:14 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-05-13 19:42:41 0 d-------- C:\Program Files\directx
2008-05-12 14:50:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-10 04:02:27 0 d-------- C:\Program Files\Network Stumbler
2008-05-07 14:56:35 45576 --a------ C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\wklnhst.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
02/06/2008 08:13: VIRUS ALERT! 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}]
07/07/2008 23:12: VIRUS ALERT! 28288 --a------ C:\WINDOWS\system32\iifeBRKc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
C:\Program Files\RXToolBar\sfcont.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F5ED3A1-78C9-4D6A-9A50-6C41C1A9BB08}]
07/07/2008 23:17: VIRUS ALERT! 318720 --a------ C:\WINDOWS\system32\iiffGVPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{923C5BC4-222D-4765-8B05-1DA745853776}]
07/07/2008 17:10: VIRUS ALERT! 303104 --a------ C:\WINDOWS\wbxdpgfekal.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 15:01: VIRUS ALERT!]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/01/2006 16:46: VIRUS ALERT!]
"nwiz"="nwiz.exe" [05/01/2006 15:46: VIRUS ALERT! C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [05/01/2006 15:46: VIRUS ALERT! C:\WINDOWS\system32\nvhotkey.dll]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [03/16/2007 19:10: VIRUS ALERT!]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 17:30: VIRUS ALERT! C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 12:48: VIRUS ALERT!]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 21:29: VIRUS ALERT!]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05: VIRUS ALERT!]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44: VIRUS ALERT!]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44: VIRUS ALERT!]
"BuildBU"="c:\dell\bldbubg.exe" [02/19/2004 07:23: VIRUS ALERT!]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.exe" [05/10/2005 00:00: VIRUS ALERT!]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 23:32: VIRUS ALERT!]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [04/26/2004 16:21: VIRUS ALERT!]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 00:47: VIRUS ALERT!]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25: VIRUS ALERT!]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 09:50: VIRUS ALERT!]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [11/17/2006 14:39: VIRUS ALERT!]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/11/2008 17:48: VIRUS ALERT!]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 23:37: VIRUS ALERT!]
"DelayLoad"="C:\DOCUME~1\ANDREW~1.000\LOCALS~1\Temp\atmadm2.exe" []
"e85541a9"="C:\WINDOWS\system32\kbsovroe.dll" [07/08/2008 01:31: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24: VIRUS ALERT!]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 06:00: VIRUS ALERT!]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/19/2006 17:18: VIRUS ALERT!]
"Yodm3D"="C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Other Stuff\flip\Yodm3D.exe" [04/04/2007 23:11: VIRUS ALERT!]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [01/29/2008 09:46: VIRUS ALERT!]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [06/19/2008 15:15: VIRUS ALERT!]
"@"="" []
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" []

C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\STUFF\Other Crap\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [11/21/1996]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [11/21/1996]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/26/2006 8:24:54 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [8/3/2007 9:59:10 AM]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [6/5/2006 3:27:40 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/12/2006 12:34:04 AM]
[email protected] - C:\Program Files\Apple Computer\[email protected]\DVDAccess.exe [3/11/2007 5:19:46 PM]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [10/20/2005 6:55:40 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/10/2007 5:36:00 PM]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [11/30/2007 12:33:27 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{33DA9E3C-935E-4EC2-977D-AFE3A3B5E727}"= C:\WINDOWS\system32\iifeBRKc.dll [07/07/2008 23:12: VIRUS ALERT! 28288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {4F8FA692-2F91-4C33-BE95-A8264DD79645} - C:\WINDOWS\fsrpknov.dll [07/07/2008 17:10: VIRUS ALERT! 196608]
"fdxbameg"= {60DF4272-723A-403D-B87C-08ABE940D81D} - C:\WINDOWS\fdxbameg.dll [07/07/2008 17:10: VIRUS ALERT! 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifeBRKc]
iifeBRKc.dll 07/07/2008 23:12: VIRUS ALERT! 28288 C:\WINDOWS\system32\iifeBRKc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiffGVPF

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd7dcdb-0a56-11dd-b108-00038a000015}]
- G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ae62e1-3146-11db-b05b-00038a000015}]
- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97395ba3-d78e-11dc-b0f7-00038a000015}]
- wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4977b72-bd7d-11dc-b0e1-00038a000015}]
- G:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea007b21-9e2b-11dc-b0d0-00038a000015}]




-- End of Deckard's System Scanner: finished at 2008-07-08 01:48:23 ------------
Mtown is offline  
Sponsored Links
Advertisement
 
Old 07-10-2008, 08:47 PM   #2
Guest
 
Join Date: May 2008
Posts: 10
OS:



Bump

Please, I really need help.

I managed to get rid of the background button (there was an invisible "x" button at the top right) but I still cannot access the task manager, my computer and so many other things.
Mtown is offline  
Old 07-10-2008, 09:01 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.


------------------------------------------------------

Please download Combofix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

First, we need to install the Windows Recovery Console.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from this Microsoft page:

If you have XP Home download this file:

https://www.microsoft.com/downloads/d...displaylang=en

If you have XP Professional or Media Center download this file:

https://www.microsoft.com/downloads/d...displaylang=en

Save it as it is originally named, to the desktop, next to ComboFix.exe

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
  • Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
  • Please click Yes to continue scanning for malware.
When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------


Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log


If you have any questions along the way...STOP and ask them before proceeding.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 07-13-2008, 08:58 PM   #4
Guest
 
Join Date: May 2008
Posts: 10
OS:



The link to the combofix download that you gave me brought up a blank page for some reason so I tried to download it from a different site. Before it finished downloading, a popup appeared that informed me that my security settings did now allow this type of file to be downloaded and the download was canceled. Unfortunately, the virus or whatever took away my administrative privileges so I can no longer change my security settings.

I ended up downloading combofix on a different computer and using a flash disk to put it on my desktop. I have XP with media center so I downloaded the 2nd file, but when I dragged it to the combofix on my desktop, it said, "some files are corrupt, please re-download" or something. I'm not sure if this means the combofix files are corrupt or the recovery console files are corrupt.

Also after it informed me of this, combofix did not close. It is still open (on the taskbar it's a blank window with the combofix "X" symbol on it) and there is a green progress bar (showing 100% full) on my desktop right over the combofix icon.

What should I do? I can't close the combofix window on my start bar (even right clicking it brinks up nothing) and I don't have access to the task manager so I can't delete the process. I can use my secondary "fake" task manager to delete the process, but I wanted to check with you first before I did anything.
Mtown is offline  
Old 07-13-2008, 10:17 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Mtown.

Stop the process if you can. Restart your computer if you can't. Files do get corrupted sometimes during downloading.

Delete both from the desktop and flash drive and try re-downloading both of them and try again.

If you still get an error, just double-click on ComboFix.exe and post ComboFix.txt in your next reply.

If you still get an error, rename ComboFix to Combo-Fix before you save it to the USB drive and try again.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-14-2008, 01:08 AM   #6
Guest
 
Join Date: May 2008
Posts: 10
OS:



After combofix ran, my start menu and administrative privileges were back. So was that weird "virus alert" thing with my clock. However even though I turned off McAfee before starting the scan, after the restart McAfee booted back up and completely deleted combofix from computer, saying it was a "remote desktop administrative tools" something or other. I think combofix completely finished before it was deleted (it saved a log file) but I hope it didn't mess anything up.

Here are the logs.
Combofix

ComboFix 08-07-13.6 - Andrew 2008-07-14 0:28:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT -4:00]
Running from: C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\ProfileReg.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf_update.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Zango
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\WeatherDPA
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Zango
C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Error Cleaner.url
C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Privacy Protector.url
C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Andrew.D95G4MB1.000\Favorites\Error Cleaner.url
C:\Documents and Settings\Andrew.D95G4MB1.000\Favorites\Privacy Protector.url
C:\Documents and Settings\Andrew.D95G4MB1.000\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Andrew.D95G4MB1.000\My Documents\My Videos\Desktop.ini
C:\Documents and Settings\Andrew.D95G4MB1.000\Start Menu\Programs\Antivirus 2008 PRO
C:\Documents and Settings\Andrew.D95G4MB1.000\Start Menu\Programs\Antivirus 2008 PRO\antivirus-2008pro.lnk
C:\Program Files\Antivirus 2008 PRO
C:\Program Files\Antivirus 2008 PRO\vscan.tsi
C:\Program Files\Antivirus 2008 PRO\zlib.dll
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\ewkg.exe
C:\WINDOWS\fdxbameg.dll
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\fsrpknov.dll
C:\WINDOWS\gpefaowr.exe
C:\WINDOWS\MSTask.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\ahxjgojp.ini
C:\WINDOWS\system32\eorvosbk.ini
C:\WINDOWS\system32\FPVGffii.ini
C:\WINDOWS\system32\FPVGffii.ini2
C:\WINDOWS\system32\fsxzqe.dll
C:\WINDOWS\system32\gbvwbghj.dll
C:\WINDOWS\system32\gcpwheov.ini
C:\WINDOWS\system32\gtlleu.dll
C:\WINDOWS\system32\iifeBRKc.dll
C:\WINDOWS\system32\iiffGVPF.dll
C:\WINDOWS\system32\jhgbwvbg.ini
C:\WINDOWS\system32\jkedeg.dll
C:\WINDOWS\system32\ltytcrnv.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\menbowuk.dll
C:\WINDOWS\system32\mhabgnma.dll
C:\WINDOWS\system32\nohwksya.dll
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\pmoxbotw.dll
C:\WINDOWS\system32\pvabfigu.ini
C:\WINDOWS\system32\vnrctytl.dll
C:\WINDOWS\system32\voehwpcg.dll
C:\WINDOWS\system32\wufhjrcx.ini
C:\WINDOWS\system32\xcrjhfuw.dll
C:\WINDOWS\system32\xwsjnc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-12-22 00:59 . 2008-12-22 00:59 332,512 --a------ C:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-22 00:58 . 2008-12-22 00:58 1,155,808 --a------ C:\WINDOWS\system32\3ivx.dll
2008-07-11 05:48 . 2008-07-11 05:48 <DIR> d-------- C:\Program Files\MegauploadToolbar
2008-07-11 05:48 . 2008-07-13 22:30 <DIR> d-------- C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\MegauploadToolbar
2008-07-09 00:38 . 2008-07-10 03:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-09 00:38 . 2008-07-09 00:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-08 01:46 . 2008-07-08 01:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-08 01:42 . 2008-07-08 01:42 <DIR> d-------- C:\Deckard
2008-07-08 01:40 . 2008-07-08 01:40 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 02:54 . 2008-07-06 02:54 <DIR> d-------- C:\Program Files\Veoh Networks
2008-06-26 22:31 . 2008-06-27 21:46 529 --a------ C:\WINDOWS\SIMPARK.INI
2008-06-14 02:45 . 2008-06-14 04:37 2,480 --a------ C:\WINDOWS\SubCreator.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 02:01 --------- d-----w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\uTorrent
2008-07-14 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 06:36 --------- d-----w C:\Program Files\Trillian
2008-07-06 06:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-01 05:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-12 04:43 --------- d-----w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Publish Providers
2008-06-10 23:57 --------- d-----w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Apple Computer
2008-06-10 03:10 --------- d-----w C:\Program Files\QuickTime
2008-06-09 05:28 --------- d-----w C:\Program Files\DivX
2008-06-08 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-03 01:57 --------- d-----w C:\Program Files\Diablo II
2008-06-02 08:12 --------- d-----w C:\Program Files\EA GAMES
2008-06-02 02:17 --------- d-----w C:\Program Files\Warcraft III
2008-05-30 17:22 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-05-30 17:22 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-30 17:22 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-05-29 02:52 --------- d-----w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Emulators
2008-05-26 17:55 --------- d-----w C:\Program Files\Apple Software Update
2008-05-26 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-17 19:59 --------- d-----w C:\Program Files\Pistachio Productions
2008-05-16 22:45 --------- d-----w C:\Program Files\Ventrilo
2008-05-16 22:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-15 18:00 --------- d-----w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\Media Player Classic
2008-05-15 17:37 --------- d-----w C:\Program Files\3ivx
2008-05-14 21:39 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2008-05-14 21:39 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2008-05-14 20:42 --------- d-----w C:\Program Files\WIDCOMM
2008-05-14 00:46 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-05-14 00:46 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-05-07 18:56 45,576 ----a-w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\wklnhst.dat
2007-03-08 01:58 251 -c--a-w C:\Program Files\wt3d.ini
2007-01-30 17:35 1,027,090 -c--a-w C:\Documents and Settings\Desktop\wowclient-downloader.exe
2006-08-30 14:00 92,712 -c--a-w C:\Documents and Settings\Andrew.D95G4MB1.000\Application Data\GDIPFONTCACHEV1.DAT
2008-03-12 18:41 88 --sh--r C:\WINDOWS\system32\4356BBA83B.sys
2008-03-12 18:41 3,610 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2006-05-19 17:18 68856]
"Yodm3D"="C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Other Stuff\flip\Yodm3D.exe" [2007-04-04 23:11 2339840]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-29 09:46 9442584]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-06-19 15:15 3664944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 16:46 7561216]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 07:23 61440]
"EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 00:00 98304]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 23:32 53248]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 09:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 14:39 136768]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-11 17:48 29744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"nwiz"="nwiz.exe" [2006-05-01 15:46 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-05-01 15:46 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-08-03 09:59:10 572008]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2006-06-05 15:27:40 1577035]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-12 00:34:04 24576]
[email protected] - C:\Program Files\Apple Computer\[email protected]\DVDAccess.exe [2007-03-11 17:19:46 888832]
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-10-10 17:36:00 126136]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2007-11-30 12:33:27 6144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\-
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2006-11-27 01:28:25 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" /startup
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Documents and Settings\\Andrew.D95G4MB1.000\\Desktop\\Other Stuff\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Diablo II\\Diablo II.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\SecondLifeWindLight\\SecondLifeWindLight.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\UltraVNC\\vncviewer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience
"13000:TCP"= 13000:TCP:Second Life
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
"1080:TCP"= 1080:TCP:freedom
"1080:UDP"= 1080:UDP:yourfreedom

R2 DVDAccss;DVDAccss;C:\WINDOWS\system32\drivers\DVDAccss.sys [2003-11-21 16:15]
R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
R2 uvnc_service;uvnc_service;C:\Program Files\UltraVNC\WinVNC.exe [2008-01-09 00:06]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-11 17:48]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 22:12]
S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dd7dcdb-0a56-11dd-b108-00038a000015}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ae62e1-3146-11db-b05b-00038a000015}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97395ba3-d78e-11dc-b0f7-00038a000015}]
\Shell\AutoRun\command - wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4977b72-bd7d-11dc-b0e1-00038a000015}]
\Shell\AutoRun\command - G:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea007b21-9e2b-11dc-b0d0-00038a000015}]
\Shell\AutoRun\command - G:\WittConnectPrepTool.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 17:55:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 06:07:58 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-10 21:29:28 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-e85541a9 - C:\WINDOWS\system32\gbvwbghj.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-07-14 00:41:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
.
**************************************************************************
.
Completion time: 2008-07-14 0:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 04:50:06

Pre-Run: 2,594,631,680 bytes free
Post-Run: 2,552,508,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

317 --- E O F --- 2008-04-30 21:08:12

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:01, on 7/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Other Stuff\flip\Yodm3D.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apple Computer\[email protected]\DVDAccess.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = https://www.google.com/ig/dell?hl=en&...suk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\Andrew.D95G4MB1.000\Desktop\Other Stuff\flip\Yodm3D.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: -
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: [email protected] = ?
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - https://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://www.update.microsoft.com/micr...?1188667937843
O16 - DPF: {A9FA983C-B8D7-4AD3-8BD0-BE7DE3FF814F} (WittConnectCheck.ctlWittConnectCheck) - https://wittconnect2.wittenberg.edu/...nnectCheck.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13101 bytes



Everything seems back to normal except a scary drop in the free space on my C drive. Looking at the scan in my first post it says I had 7.3 GB free or something, but now I have barely over 3GB left.

I only used this computer to check these forums and run the fixes so I have no idea where those 4gb went.
Mtown is offline  
Old 07-14-2008, 06:54 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Mtown.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Not sure what's up with the free space. You may want to move pics, music, documents to an external drive or uninstall any programs that are never or hardly ever used.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with HijackThis.

------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist: (Make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - Global Startup: -
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll


Please remember to close all other windows, including browsers then click Fix checked.

Please close HijackThis now.

------------------------------------------------------

Run dss.exe again, but use these instructions(this assumes dss.exe is on your desktop):
  • Click Start >> Run then copy/paste the following text into the Run box & click OK
    "%userprofile%\desktop\dss.exe" /config
  • Click Run
  • Click Check All
  • Click Uncheck All
  • Under the Extra Log heading, check all the boxes except Event Logs.
  • Click Scan!
  • Please attach extra.txt to your post. To attach a file to a new post, simply
    • Click the Manage Attachments button under Additional Options > Attach Files on the post composition page, and
    • Copy and Paste the following into the Upload File from your Computer box:
      C:\Deckard\System Scanner\extra.txt
    • Click Upload.
------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and Save a Logfile'. Save the logfile and post it here.

------------------------------------------------------

Please post the following in your next reply:

an attached extra.txt
new HijackThis log
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-17-2008, 08:33 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, Mtown? Any problems with those last instructions?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:58 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts