Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

please help

  • 29-03-2008 8:42pm
    #1
    Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭


    Ok i am getting banner adds coming up for porn sites ( on bbc news site and on boards) i am pretty sure they are not supposed to be there.
    i think i may have some kind of virus.
    from the Trojan Issue thread i have run sid fix here is the report





    SDFix: Version 1.164

    Run by JOhn on 29/03/2008 at 17:36

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    No Trojan Files Found






    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-29 17:42:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00a326]
    "00119fbf9eb7"=hex:9d,a2,38,6a,75,4d,29,ee,d6,d5,6b,62,30,fa,77,bb
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b00a326]
    "00119fbf9eb7"=hex:9d,a2,38,6a,75,4d,29,ee,d6,d5,6b,62,30,fa,77,bb

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :



    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"="C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe:*:Enabled:CyberLink PowerCinema"
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"="C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
    "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 15 May 2007 5,375,800 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Mon 5 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
    Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
    Thu 14 Feb 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
    Thu 14 Feb 2008 211 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
    Sun 28 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"

    Finished!






    then i ran Dss






    Deckard's System Scanner v20071014.68
    Run by JOhn on 2008-03-29 18:02:37
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    89: 2008-03-29 18:02:42 UTC - RP542 - Deckard's System Scanner Restore Point
    88: 2008-03-29 09:20:41 UTC - RP541 - Removed 4oD.
    87: 2008-03-28 21:25:57 UTC - RP540 - System Checkpoint
    86: 2008-03-27 20:55:46 UTC - RP539 - Last known good configuration
    85: 2008-03-27 20:55:42 UTC - RP538 - Installed WinZip 11.1


    -- First Restore Point --
    1: 2008-03-27 20:55:26 UTC - RP454 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as JOhn.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:07:33, on 29/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\ABIT\uGuru\uGuru.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\JOhn\Desktop\removal of virus\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\JOhn.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {060BB0AB-4B09-4C51-9ECB-9580A6D08D7F} - C:\WINDOWS\system32\nnnOIxVm.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: {00a73069-5911-0019-ce24-519b62768f91} - {19f86726-b915-42ec-9100-119596037a00} - C:\WINDOWS\system32\kmhrfmwh.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {B7E8AE16-D750-44D5-A1AB-9C7F3BB27E8F} - C:\WINDOWS\system32\opnnkkHy.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [d4f304e7] rundll32.exe "C:\WINDOWS\system32\fyqigvbs.dll",b
    O4 - HKLM\..\Run: [BMd7c0377b] Rundll32.exe "C:\WINDOWS\system32\veldoidb.dll",s
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: TV Schedule Tray.lnk = C:\Program Files\Club 3D\ZAP-TV1101\yTvTray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172059411531
    O16 - DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} (DigiMeldOcx Control) - http://www.digimeld.com/download/digimeldOcx.CAB
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: nnnOIxVm - C:\WINDOWS\SYSTEM32\nnnOIxVm.dll
    O23 - Service: McAfee Application Installer Cleanup (0287401206781151) (0287401206781151mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\028740~1.EXE (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10738 bytes

    -- File Associations

    .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R0 UGURU - c:\windows\system32\drivers\uguru.sys <Not Verified; ABIT; ABIT uGuru Micro-Processor Device Driver>
    R3 catchme - c:\docume~1\john\locals~1\temp\catchme.sys (file missing)

    S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
    S3 Memctl - c:\program files\abit\flashmenu\memctl.sys
    S3 TCCrystalCpuInfo - c:\docume~1\john\locals~1\temp\tccpuinfo.sys (file missing)
    S3 Winflash - c:\program files\abit\flashmenu\winflash.sys


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
    R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\cyberlink\powercinema\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
    R2 CyberLink Media Library Service - "c:\program files\cyberlink\powercinema\kernel\clml_ntservice\clmlserver.exe" <Not Verified; Cyberlink; Cyberlink Media Library Server>
    R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
    R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

    S2 0287401206781151mcinstcleanup (McAfee Application Installer Cleanup (0287401206781151)) - c:\windows\temp\028740~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)


    -- Device Manager: Disabled

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_107A147B&REV_01\4&522B953&0&00E4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC #2
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_107A147B&REV_01\4&522B953&0&00E4
    Service: RTLE8023xp

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 6630
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd


    -- Scheduled Tasks

    2008-03-29 17:13:00 268 --a
    C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
    2008-03-25 19:55:00 284 --a
    C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2008-02-18 17:13:18 390 --a
    C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
    2007-02-21 16:28:46 348 --a
    C:\WINDOWS\Tasks\McDefragTask.job
    2007-02-21 16:28:45 350 --a
    C:\WINDOWS\Tasks\McQcTask.job


    -- Files created between 2008-02-29 and 2008-03-29

    2008-03-29 17:32:15 0 d
    C:\WINDOWS\ERUNT
    2008-03-29 17:27:33 0 dr-h
    C:\Documents and Settings\Administrator\SendTo
    2008-03-29 17:27:33 0 d--h
    C:\Documents and Settings\Administrator\Recent
    2008-03-29 17:27:33 0 d--h
    C:\Documents and Settings\Administrator\PrintHood
    2008-03-29 17:27:33 0 d--h
    C:\Documents and Settings\Administrator\NetHood
    2008-03-29 17:27:33 0 d
    C:\Documents and Settings\Administrator\My Documents
    2008-03-29 17:27:33 0 d--h
    C:\Documents and Settings\Administrator\Local Settings
    2008-03-29 17:27:33 0 d
    C:\Documents and Settings\Administrator\Favorites
    2008-03-29 17:27:33 0 d
    C:\Documents and Settings\Administrator\Desktop
    2008-03-29 17:27:33 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
    2008-03-29 17:27:33 0 dr-h
    C:\Documents and Settings\Administrator\Application Data
    2008-03-29 17:27:33 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
    2008-03-29 17:27:32 0 d--h
    C:\Documents and Settings\Administrator\Templates
    2008-03-29 17:27:32 0 dr
    C:\Documents and Settings\Administrator\Start Menu
    2008-03-29 17:27:32 524288 --ah
    C:\Documents and Settings\Administrator\NTUSER.DAT
    2008-03-29 09:01:42 85568 --a
    C:\WINDOWS\system32\fyqigvbs.dll
    2008-03-29 08:58:49 90176 --a
    C:\WINDOWS\system32\kmhrfmwh.dll
    2008-03-29 08:58:42 86592 --a
    C:\WINDOWS\system32\veldoidb.dll
    2008-03-28 08:59:55 93760 --a
    C:\WINDOWS\system32\uceuxmqw.dll
    2008-03-28 08:56:55 93248 --a
    C:\WINDOWS\system32\eapsslcd.dll
    2008-03-27 20:57:57 39424 --a
    C:\WINDOWS\system32\fccyXOef.dll
    2008-03-27 20:55:15 213056 --ahs---- C:\WINDOWS\system32\yHkknnpo.ini2
    2008-03-27 20:55:10 273920 --a
    C:\WINDOWS\system32\opnnkkHy.dll
    2008-03-27 20:50:51 39424 --a
    C:\WINDOWS\system32\pmnkJdbb.dll
    2008-03-27 20:50:06 39424 --a
    C:\WINDOWS\system32\nnnOIxVm.dll
    2008-03-27 20:47:21 0 d
    C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-20 20:46:43 0 --a
    C:\WINDOWS\popcreg.dat
    2008-03-20 20:46:43 20 --a
    C:\WINDOWS\popcinfot.dat
    2008-03-20 20:46:43 0 d
    C:\Program Files\PopCap Games
    2008-03-14 21:59:23 0 d
    C:\Jmw1DA.tmp
    2008-03-14 21:35:55 0 d
    C:\CBEEBIES
    2008-03-05 11:23:45 0 d
    C:\Program Files\Common Files\Adobe
    2008-02-29 14:03:19 0 d
    C:\Program Files\iPod
    2008-02-29 14:01:48 0 d
    C:\Program Files\QuickTime


    -- Find3M Report

    2008-03-29 10:01:01 0 d
    C:\Program Files\DivX
    2008-03-29 08:59:08 0 d
    C:\Program Files\McAfee
    2008-03-13 12:03:23 0 d
    C:\Program Files\Java
    2008-03-05 11:23:45 0 d
    C:\Program Files\Common Files
    2008-02-29 23:34:26 0 d
    C:\Documents and Settings\JOhn\Application Data\uTorrent
    2008-02-29 14:03:30 0 d
    C:\Program Files\iTunes
    2008-02-21 02:05:44 3596288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 02:04:16 196608 --a
    C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-02-21 02:04:16 81920 --a
    C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-02-21 02:04:04 802816 --a
    C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-02-21 02:04:04 823296 --a
    C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 823296 --a
    C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:04:04 682496 --a
    C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
    2008-02-21 02:03:24 12288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-18 17:19:06 0 d
    C:\Documents and Settings\JOhn\Application Data\Uniblue
    2008-02-13 17:50:45 0 d
    C:\Program Files\uTorrent
    2008-02-10 17:30:02 0 d
    C:\Program Files\Last.fm
    2008-02-05 08:31:15 0 d
    C:\Documents and Settings\JOhn\Application Data\Nokia Multimedia Player


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}]
    27/03/2008 20:50 39424 --a
    C:\WINDOWS\system32\nnnOIxVm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19f86726-b915-42ec-9100-119596037a00}]
    29/03/2008 08:58 90176 --a
    C:\WINDOWS\system32\kmhrfmwh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
    19/09/2007 06:15 329032 --a
    C:\Program Files\McAfee\MSK\mcapbho.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7E8AE16-D750-44D5-A1AB-9C7F3BB27E8F}]
    27/03/2008 20:55 273920 --a
    C:\WINDOWS\system32\opnnkkHy.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [29/07/2007 07:17]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
    "RTHDCPL"="RTHDCPL.EXE" [10/08/2007 14:21 C:\WINDOWS\RTHDCPL.exe]
    "Alcmtr"="ALCMTR.EXE" [03/05/2005 17:43 C:\WINDOWS\Alcmtr.exe]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" []
    "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 07:56 C:\WINDOWS\system32\bthprops.cpl]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [03/08/2007 22:33]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 13:10]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [02/11/2004 20:24]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 23:13]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [16/05/2006 16:35]
    "d4f304e7"="C:\WINDOWS\system32\fyqigvbs.dll" [29/03/2008 09:01]
    "BMd7c0377b"="C:\WINDOWS\system32\veldoidb.dll" [29/03/2008 08:58]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 11:35]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [07/11/2007 17:35]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 07:56]
    "ABIT uGuruIII"="C:\Program Files\ABIT\uGuru\uGuru.exe" [24/07/2006 13:21]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [10/12/2007 10:12]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

    C:\Documents and Settings\JOhn\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [10/02/2008 17:30:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}"= C:\WINDOWS\system32\nnnOIxVm.dll [27/03/2008 20:50 39424]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnOIxVm]
    nnnOIxVm.dll 27/03/2008 20:50 39424 C:\WINDOWS\system32\nnnOIxVm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\opnnkkHy.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=&quot;"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ




    -- End of Deckard's System Scanner: finished at 2008-03-29 18:08:34




    firefox is closing when i try and play a video from the bbc news website.
    i can open the video while using ie7!

    Please help .:(:(:(:confused:


Comments

  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    have just run spy bot .
    here is the log.
    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\eapsslcd.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\fyqigvbs.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\goprqrqa.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\kmhrfmwh.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\opnnkkHy.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\plwgwtih.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\uceuxmqw.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\veldoidb.dll

    Virtumonde.dll: [SBI $8AEDD710] Library (File, nothing done)
    C:\WINDOWS\system32\vqyunlrd.dll

    Virtumonde.dll: [SBI $E6921A50] Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47c655ca-a78a-488c-b9d2-d6a6f1937a55}

    Virtumonde.dll: [SBI $E6921A50] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47c655ca-a78a-488c-b9d2-d6a6f1937a55}

    Virtumonde.dll: [SBI $E6921A50] Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71D13D25-ECDF-423B-BA04-67D5F935F6A6}

    Virtumonde.dll: [SBI $E6921A50] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71D13D25-ECDF-423B-BA04-67D5F935F6A6}

    Virtumonde.dll: [SBI $F62A486E] Library (File, nothing done)
    C:\WINDOWS\system32\nnnOIxVm.dll

    Virtumonde.dll: [SBI $F62A486E] Library (File, nothing done)
    C:\WINDOWS\system32\pmnkJdbb.dll

    Virtumonde.dll: [SBI $468A1B10] Browser helper object (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}

    Virtumonde.dll: [SBI $468A1B10] Class ID (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{060BB0AB-4B09-4C51-9ECB-9580A6D08D7F}

    WildTangent: [SBI $3A3BDC07] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\

    WildTangent: [SBI $595CAE40] Library (File, nothing done)
    C:\WINDOWS\wt\WDInUsePlugin.dll

    WildTangent: [SBI $DFEDBBEE] Library (File, nothing done)
    C:\WINDOWS\wt\webdriver.dll

    WildTangent: [SBI $76830867] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\wtupdates\

    WildTangent: [SBI $E30EC8B1] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\updater\

    WildTangent: [SBI $7E3A8D37] Program directory (Directory, nothing done)
    C:\WINDOWS\wt\webdriver\

    Microsoft.Windows.AppFirewallBypass: [SBI $9FD0556E] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Microsoft.Windows.AppFirewallBypass: [SBI $2AF14C29] Settings (Registry value, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\usmt\migwiz.exe

    Virtumonde: [SBI $42352499] User settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-1004\Software\Microsoft\rdfa

    Virtumonde: [SBI $47E741CD] Settings (Registry key, nothing done)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws

    Virtumonde: [SBI $7342F9D9] Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-73586283-1123561945-839522115-1004\Software\Microsoft\aldd

    WebTrends live: Tracking cookie (Internet Explorer: JOhn) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Internet Explorer: JOhn) (Cookie, nothing done)


    Cassava: Tracking cookie (Internet Explorer: JOhn) (Cookie, nothing done)


    Right Media: Tracking cookie (Internet Explorer: JOhn) (Cookie, nothing done)


    Cassava: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Cassava: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Adviva: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


    CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)


    DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Tradedoubler: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done)


    WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done)


    BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

    2008-01-28 blindman.exe (1.0.0.7)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2008-01-28 SDMain.exe (1.0.0.5)
    2008-01-28 SDUpdate.exe (1.0.8.8)
    2008-01-28 SDWinSec.exe (1.0.0.11)
    2008-01-28 SpybotSD.exe (1.5.2.20)
    2008-01-28 TeaTimer.exe (1.5.2.16)
    2008-03-30 unins000.exe (51.49.0.0)
    2008-01-28 Update.exe (1.4.0.6)
    2008-01-28 advcheck.dll (1.5.4.5)
    2007-04-02 aports.dll (2.1.0.0)
    2007-11-17 DelZip179.dll (1.79.7.4)
    2008-01-28 SDFiles.dll (1.5.1.19)
    2008-01-28 SDHelper.dll (1.5.0.11)
    2008-01-28 Tools.dll (2.1.3.3)
    2008-03-26 Includes\Cookies.sbi (*)
    2007-12-26 Includes\Dialer.sbi (*)
    2008-03-26 Includes\DialerC.sbi (*)
    2008-03-26 Includes\HeavyDuty.sbi (*)
    2008-03-19 Includes\Hijackers.sbi (*)
    2008-03-26 Includes\HijackersC.sbi (*)
    2008-02-27 Includes\Keyloggers.sbi (*)
    2008-03-26 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2008-03-26 Includes\Malware.sbi (*)
    2008-03-26 Includes\MalwareC.sbi (*)
    2008-03-26 Includes\PUPS.sbi (*)
    2008-03-26 Includes\PUPSC.sbi (*)
    2008-03-26 Includes\Revision.sbi (*)
    2008-01-09 Includes\Security.sbi (*)
    2008-03-26 Includes\SecurityC.sbi (*)
    2008-03-19 Includes\Spybots.sbi (*)
    2008-03-26 Includes\SpybotsC.sbi (*)
    2007-11-06 Includes\Tracks.uti
    2008-03-19 Includes\Trojans.sbi (*)
    2008-03-26 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    most of it i see are cookies but what i dont like is the
    Virtumonde.dll

    i am not going to try and do anything else. (i might make it worse)


  • Closed Accounts Posts: 342 ✭✭masterwriter




  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I wouldn't waste your time with the below link. The scanner in that link is considered a rogue application, that will definitely not fix your problem

    Do this

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    ComboFix 08-03-30.2 - JOhn 2008-03-30 18:07:41.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1164 [GMT 1:00]
    Running from: C:\Documents and Settings\JOhn\Desktop\removal of virus\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BMd7c0377b.xml
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\aqrqrpog.ini
    C:\WINDOWS\system32\eapsslcd.dll
    C:\WINDOWS\system32\fccyXOef.dll
    C:\WINDOWS\system32\fyqigvbs.dll
    C:\WINDOWS\system32\goprqrqa.dll
    C:\WINDOWS\system32\kmhrfmwh.dll
    C:\WINDOWS\system32\nnnOIxVm.dll
    C:\WINDOWS\system32\opnnkkHy.dll
    C:\WINDOWS\system32\plwgwtih.dll
    C:\WINDOWS\system32\pmnkJdbb.dll
    C:\WINDOWS\system32\sbvgiqyf.ini
    C:\WINDOWS\system32\uceuxmqw.dll
    C:\WINDOWS\system32\veldoidb.dll
    C:\WINDOWS\system32\vqyunlrd.dll
    C:\WINDOWS\system32\yHkknnpo.ini
    C:\WINDOWS\system32\yHkknnpo.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
    .

    2008-03-30 00:29 . 2008-03-30 18:00 <DIR> d
    C:\Program Files\Spybot - Search & Destroy
    2008-03-30 00:29 . 2008-03-30 18:00 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-29 19:02 . 2008-03-29 19:02 <DIR> d
    C:\Deckard
    2008-03-29 18:32 . 2008-03-29 18:32 <DIR> d
    C:\WINDOWS\ERUNT
    2008-03-29 18:24 . 2008-03-29 18:44 <DIR> d
    C:\SDFix
    2008-03-28 10:03 . 2008-03-29 09:53 1,583,228 ---hs---- C:\WINDOWS\system32\aluqxkvu.ini
    2008-03-27 21:47 . 2008-03-27 21:48 <DIR> d
    C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-20 21:46 . 2008-03-29 10:04 <DIR> d
    C:\Program Files\PopCap Games
    2008-03-20 21:46 . 2008-03-21 17:19 20 --a
    C:\WINDOWS\popcinfot.dat
    2008-03-20 21:46 . 2008-03-20 21:46 0 --a
    C:\WINDOWS\popcreg.dat
    2008-03-14 22:59 . 2008-03-14 22:59 <DIR> d
    C:\Jmw1DA.tmp
    2008-03-05 12:23 . 2008-03-05 12:23 <DIR> d
    C:\Program Files\Common Files\Adobe
    2008-02-29 15:03 . 2008-02-29 15:03 <DIR> d
    C:\Program Files\iPod
    2008-02-29 15:03 . 2008-03-30 18:12 54,156 --ah
    C:\WINDOWS\QTFont.qfn
    2008-02-29 15:03 . 2008-02-29 15:03 1,409 --a
    C:\WINDOWS\QTFont.for
    2008-02-29 15:01 . 2008-02-29 15:02 <DIR> d
    C:\Program Files\QuickTime
    2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a
    C:\WINDOWS\system32\libdivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a
    C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a
    C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a
    C:\WINDOWS\system32\divxsm.tlb
    2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a
    C:\WINDOWS\system32\divxdec.ax
    2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a
    C:\WINDOWS\system32\DivXMedia.ax
    2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a
    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-18 18:13 . 2008-02-18 18:19 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\Uniblue
    2008-02-13 18:50 . 2008-02-13 18:50 <DIR> d
    C:\Program Files\uTorrent
    2008-02-13 18:50 . 2008-03-01 00:34 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\uTorrent
    2008-02-11 00:25 . 2008-02-11 00:25 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-02-10 18:29 . 2008-02-10 18:30 <DIR> d
    C:\Program Files\Last.fm
    2008-02-01 00:13 . 2008-02-01 00:13 90,112 --a
    C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-02-01 00:13 . 2008-02-01 00:13 57,344 --a
    C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-29 10:01
    d
    w C:\Program Files\DivX
    2008-03-29 09:20
    d
    w C:\Documents and Settings\All Users\Application Data\Kontiki
    2008-03-29 08:59
    d
    w C:\Program Files\McAfee
    2008-03-13 12:03
    d
    w C:\Program Files\Java
    2008-02-29 14:03
    d
    w C:\Program Files\iTunes
    2008-02-05 08:31
    d
    w C:\Documents and Settings\JOhn\Application Data\Nokia Multimedia Player
    2007-12-09 14:12 20,928 ---ha-w C:\Program Files\fury3.GID
    1995-08-23 00:00 645,120 ----a-w C:\Program Files\FURY3.EXE
    1995-08-23 00:00 328,810 ----a-w C:\Program Files\FURY3.HLP
    1995-08-23 00:00 31,891 ----a-w C:\Program Files\README.TXT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
    "ABIT uGuruIII"="C:\Program Files\ABIT\uGuru\uGuru.exe" [2006-07-24 14:21 417792]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 08:17 1836544]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [ ]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-16 17:35 147456]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

    C:\Documents and Settings\JOhn\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-10 18:30:00 106496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnOIxVm]
    nnnOIxVm.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14:46]
    S2 0296571206871741mcinstcleanup;McAfee Application Installer Cleanup (0296571206871741);C:\WINDOWS\TEMP\029657~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
    S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 20:49]
    S3 TCCrystalCpuInfo;TCCrystalCpuInfo;C:\DOCUME~1\JOhn\LOCALS~1\Temp\TCCpuInfo.sys []

    *Newly Created Service* - 0296571206871741MCINSTCLEANUP
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-25 19:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-02-21 16:28:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-02-21 16:28:45 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-03-29 17:13:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2008-02-18 17:13:18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-30 18:13:38
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Other Running Processes
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-30 18:15:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-30 17:15:36
    Pre-Run: 14,028,701,696 bytes free
    Post-Run: 14,108,041,216 bytes free
    .
    2008-03-12 23:41:48 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:18:27, on 30/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ABIT\uGuru\uGuru.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: TV Schedule Tray.lnk = C:\Program Files\Club 3D\ZAP-TV1101\yTvTray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172059411531
    O16 - DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} (DigiMeldOcx Control) - http://www.digimeld.com/download/digimeldOcx.CAB
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: nnnOIxVm - nnnOIxVm.dll (file missing)
    O23 - Service: McAfee Application Installer Cleanup (0296571206871741) (0296571206871741mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\029657~1.EXE (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9908 bytes




    There you go.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O20 - Winlogon Notify: nnnOIxVm - nnnOIxVm.dll (file missing)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    1. Close any open browsers.

    2. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\aluqxkvu.ini

    Folder::
    C:\Jmw1DA.tmp

    Driver::
    0296571206871741mcinstcleanup
    TCCrystalCpuInfo

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Combo-Do.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at "C:\ComboFix.txt"

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall




    Reboot and post a new HijackThis log


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    If i had a job to give i would offer you one! :)






    ComboFix 08-03-30.2 - JOhn 2008-03-30 18:44:33.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1420 [GMT 1:00]
    Running from: C:\Documents and Settings\JOhn\Desktop\removal of virus\ComboFix.exe
    Command switches used :: C:\Documents and Settings\JOhn\Desktop\removal of virus\CFScript.txt
    * Created a new restore point
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\aluqxkvu.ini
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Jmw1DA.tmp
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_01_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_02_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_02_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_02_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_03_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_03_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_03_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_04_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_04_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_04_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_05_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_05_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_05_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_06_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_06_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_06_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_07_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_07_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_07_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_08_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_08_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_08_1.VOB
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_09_0.BUP
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_09_0.IFO
    C:\Jmw1DA.tmp\VIDEO_TS\VTS_09_1.VOB
    C:\WINDOWS\system32\aluqxkvu.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    \Legacy_0296571206871741MCINSTCLEANUP
    \Legacy_TCCRYSTALCPUINFO
    \Service_0296571206871741mcinstcleanup
    \Service_TCCrystalCpuInfo


    ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
    .

    2008-03-30 00:29 . 2008-03-30 18:00 <DIR> d
    C:\Program Files\Spybot - Search & Destroy
    2008-03-30 00:29 . 2008-03-30 18:00 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-29 19:02 . 2008-03-29 19:02 <DIR> d
    C:\Deckard
    2008-03-29 18:32 . 2008-03-29 18:32 <DIR> d
    C:\WINDOWS\ERUNT
    2008-03-29 18:24 . 2008-03-29 18:44 <DIR> d
    C:\SDFix
    2008-03-27 21:47 . 2008-03-27 21:48 <DIR> d
    C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-20 21:46 . 2008-03-29 10:04 <DIR> d
    C:\Program Files\PopCap Games
    2008-03-20 21:46 . 2008-03-21 17:19 20 --a
    C:\WINDOWS\popcinfot.dat
    2008-03-20 21:46 . 2008-03-20 21:46 0 --a
    C:\WINDOWS\popcreg.dat
    2008-03-05 12:23 . 2008-03-05 12:23 <DIR> d
    C:\Program Files\Common Files\Adobe
    2008-02-29 15:03 . 2008-02-29 15:03 <DIR> d
    C:\Program Files\iPod
    2008-02-29 15:03 . 2008-03-30 18:47 54,156 --ah
    C:\WINDOWS\QTFont.qfn
    2008-02-29 15:03 . 2008-02-29 15:03 1,409 --a
    C:\WINDOWS\QTFont.for
    2008-02-29 15:01 . 2008-02-29 15:02 <DIR> d
    C:\Program Files\QuickTime
    2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a
    C:\WINDOWS\system32\libdivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a
    C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a
    C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a
    C:\WINDOWS\system32\divxsm.tlb
    2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a
    C:\WINDOWS\system32\divxdec.ax
    2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a
    C:\WINDOWS\system32\DivXMedia.ax
    2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a
    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-18 18:13 . 2008-02-18 18:19 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\Uniblue
    2008-02-13 18:50 . 2008-02-13 18:50 <DIR> d
    C:\Program Files\uTorrent
    2008-02-13 18:50 . 2008-03-01 00:34 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\uTorrent
    2008-02-11 00:25 . 2008-02-11 00:25 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-02-10 18:29 . 2008-02-10 18:30 <DIR> d
    C:\Program Files\Last.fm
    2008-02-01 00:13 . 2008-02-01 00:13 90,112 --a
    C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-02-01 00:13 . 2008-02-01 00:13 57,344 --a
    C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-29 10:01
    d
    w C:\Program Files\DivX
    2008-03-29 09:20
    d
    w C:\Documents and Settings\All Users\Application Data\Kontiki
    2008-03-29 08:59
    d
    w C:\Program Files\McAfee
    2008-03-13 12:03
    d
    w C:\Program Files\Java
    2008-02-29 14:03
    d
    w C:\Program Files\iTunes
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-05 08:31
    d
    w C:\Documents and Settings\JOhn\Application Data\Nokia Multimedia Player
    2008-01-04 15:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-01-04 15:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2007-12-09 14:12 20,928 ---ha-w C:\Program Files\fury3.GID
    2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:38 129,784
    w C:\WINDOWS\system32\pxafs.dll
    2007-12-04 18:38 120,056
    w C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-04 18:38 118,520
    w C:\WINDOWS\system32\pxinsi64.exe
    1995-08-23 00:00 645,120 ----a-w C:\Program Files\FURY3.EXE
    1995-08-23 00:00 328,810 ----a-w C:\Program Files\FURY3.HLP
    1995-08-23 00:00 31,891 ----a-w C:\Program Files\README.TXT
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-30_18.15.26.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-30 10:07:28 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-30 17:17:02 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 10:07:28 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-30 17:17:02 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
    "ABIT uGuruIII"="C:\Program Files\ABIT\uGuru\uGuru.exe" [2006-07-24 14:21 417792]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 08:17 1836544]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [ ]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-16 17:35 147456]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

    C:\Documents and Settings\JOhn\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-10 18:30:00 106496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14:46]
    S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 20:49]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-25 19:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-02-21 16:28:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-02-21 16:28:45 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-03-29 17:13:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2008-02-18 17:13:18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-30 18:48:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Other Running Processes
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    .
    **************************************************************************
    .
    Completion time: 2008-03-30 18:50:00 - machine was rebooted [JOhn]
    ComboFix-quarantined-files.txt 2008-03-30 17:49:57
    ComboFix2.txt 2008-03-30 17:15:40
    Pre-Run: 14,092,513,280 bytes free
    Post-Run: 14,077,403,136 bytes free
    .
    2008-03-12 23:41:48 --- E O F ---





    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:51:34, on 30/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\ABIT\uGuru\uGuru.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    C:\Program Files\Last.fm\LastFMHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\ALCFDRTM.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\McAfee\MSC\mcuimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: TV Schedule Tray.lnk = C:\Program Files\Club 3D\ZAP-TV1101\yTvTray.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172059411531
    O16 - DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} (DigiMeldOcx Control) - http://www.digimeld.com/download/digimeldOcx.CAB
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared Files\RichVideo.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 9597 bytes


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Looking good

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan. Check all the boxes and click Start Scan
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    Also tell me how your PC is running


  • Closed Accounts Posts: 342 ✭✭masterwriter




    Sorry, I did not realise the above link was to Spyhunter.Avoid. See

    http://www.spywarewarrior.com/rogue_anti-spyware.htm#sh_note


  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    here you go
    pc seems to be running better (bbc pages load a lot quicker)
    only 2nd virus ever. not bad for 13 years on the net!
    wont try looking for stuff for free any more. all my own fault....
    thanks for the help :D



    Malwarebytes' Anti-Malware 1.09
    Database version: 569

    Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|)
    Objects scanned: 214231
    Time elapsed: 1 hour(s), 30 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your logs are clean ! We need to do a few things

    Now lets uninstall Combofix:
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK
    The above procedure will do the following:
    1. Delete ComboFix and its associated files and folders.
    2. Delete VundoFix backups, if present
    3. Delete the C:\Deckard folder, if present
    4. Delete the C:_OtMoveIt folder, if present
    5. Reset the clock settings.
    6. Hide file extensions, if required.
    7. Hide System/Hidden files, if required.
    8. Reset System Restore.



    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    it ran combofix again here is the result.

    (i did notice that the volume control that i have in the task bar was missing)

    its back now though.

    ps i rebooted prior to the last instruction (is me bad?)


    I know how i got infected.... trying to get something for free.......


    ComboFix 08-03-30.2 - JOhn 2008-03-30 22:58:44.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1391 [GMT 1:00]
    Running from: C:\Documents and Settings\JOhn\Desktop\removal of virus\ComboFix.exe
    Command switches used :: / u
    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
    .

    2008-03-30 20:26 . 2008-03-30 20:26 <DIR> d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-30 20:26 . 2008-03-30 20:26 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\Malwarebytes
    2008-03-30 20:26 . 2008-03-30 20:26 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-30 00:29 . 2008-03-30 18:00 <DIR> d
    C:\Program Files\Spybot - Search & Destroy
    2008-03-30 00:29 . 2008-03-30 18:00 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-29 19:02 . 2008-03-29 19:02 <DIR> d
    C:\Deckard
    2008-03-29 18:32 . 2008-03-29 18:32 <DIR> d
    C:\WINDOWS\ERUNT
    2008-03-29 18:24 . 2008-03-29 18:44 <DIR> d
    C:\SDFix
    2008-03-27 21:47 . 2008-03-27 21:48 <DIR> d
    C:\Documents and Settings\All Users\Application Data\WinZip
    2008-03-20 21:46 . 2008-03-29 10:04 <DIR> d
    C:\Program Files\PopCap Games
    2008-03-20 21:46 . 2008-03-21 17:19 20 --a
    C:\WINDOWS\popcinfot.dat
    2008-03-20 21:46 . 2008-03-20 21:46 0 --a
    C:\WINDOWS\popcreg.dat
    2008-03-05 12:23 . 2008-03-05 12:23 <DIR> d
    C:\Program Files\Common Files\Adobe
    2008-02-29 15:03 . 2008-02-29 15:03 <DIR> d
    C:\Program Files\iPod
    2008-02-29 15:03 . 2008-03-30 22:19 54,156 --ah
    C:\WINDOWS\QTFont.qfn
    2008-02-29 15:03 . 2008-02-29 15:03 1,409 --a
    C:\WINDOWS\QTFont.for
    2008-02-29 15:01 . 2008-02-29 15:02 <DIR> d
    C:\Program Files\QuickTime
    2008-02-21 03:05 . 2008-02-21 03:05 3,596,288 --a
    C:\WINDOWS\system32\qt-dx331.dll
    2008-02-21 03:05 . 2008-02-21 03:05 1,044,480 --a
    C:\WINDOWS\system32\libdivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 524,288 --a
    C:\WINDOWS\system32\DivXsm.exe
    2008-02-21 03:05 . 2008-02-21 03:05 200,704 --a
    C:\WINDOWS\system32\ssldivx.dll
    2008-02-21 03:05 . 2008-02-21 03:05 4,816 --a
    C:\WINDOWS\system32\divxsm.tlb
    2008-02-21 03:03 . 2008-02-21 03:03 630,784 --a
    C:\WINDOWS\system32\divxdec.ax
    2008-02-21 03:03 . 2008-02-21 03:03 352,401 --a
    C:\WINDOWS\system32\DivXMedia.ax
    2008-02-21 03:03 . 2008-02-21 03:03 156,992 --a
    C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-02-21 03:03 . 2008-02-21 03:03 12,288 --a
    C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-02-18 18:13 . 2008-02-18 18:19 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\Uniblue
    2008-02-13 18:50 . 2008-02-13 18:50 <DIR> d
    C:\Program Files\uTorrent
    2008-02-13 18:50 . 2008-03-01 00:34 <DIR> d
    C:\Documents and Settings\JOhn\Application Data\uTorrent
    2008-02-11 00:25 . 2008-02-11 00:25 <DIR> d
    C:\Documents and Settings\All Users\Application Data\Last.fm
    2008-02-10 18:29 . 2008-02-10 18:30 <DIR> d
    C:\Program Files\Last.fm
    2008-02-01 00:13 . 2008-02-01 00:13 90,112 --a
    C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-02-01 00:13 . 2008-02-01 00:13 57,344 --a
    C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-29 10:01
    d
    w C:\Program Files\DivX
    2008-03-29 09:20
    d
    w C:\Documents and Settings\All Users\Application Data\Kontiki
    2008-03-29 08:59
    d
    w C:\Program Files\McAfee
    2008-03-13 12:03
    d
    w C:\Program Files\Java
    2008-02-29 14:03
    d
    w C:\Program Files\iTunes
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-02-21 02:04 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-02-21 02:04 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-02-21 02:04 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-02-21 02:04 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-02-21 02:04 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-02-21 02:04 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-02-21 02:04 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-02-21 02:04 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-02-21 02:04 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-02-21 02:04 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-02-05 08:31
    d
    w C:\Documents and Settings\JOhn\Application Data\Nokia Multimedia Player
    2008-01-04 15:18 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
    2008-01-04 15:18 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2007-12-09 14:12 20,928 ---ha-w C:\Program Files\fury3.GID
    2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 18:38 129,784
    w C:\WINDOWS\system32\pxafs.dll
    2007-12-04 18:38 120,056
    w C:\WINDOWS\system32\pxcpyi64.exe
    2007-12-04 18:38 118,520
    w C:\WINDOWS\system32\pxinsi64.exe
    1995-08-23 00:00 645,120 ----a-w C:\Program Files\FURY3.EXE
    1995-08-23 00:00 328,810 ----a-w C:\Program Files\FURY3.HLP
    1995-08-23 00:00 31,891 ----a-w C:\Program Files\README.TXT
    .

    ((((((((((((((((((((((((((((( snapshot@2008-03-30_18.15.26.75 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-30 14:52:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    + 2008-03-30 19:13:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
    - 2008-03-30 14:52:10 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-03-30 19:13:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2008-03-30 19:13:57 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2008-03-30 10:07:28 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-03-30 21:23:48 58,800 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-30 10:07:28 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-03-30 21:23:48 392,626 ----a-w C:\WINDOWS\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
    "ABIT uGuruIII"="C:\Program Files\ABIT\uGuru\uGuru.exe" [2006-07-24 14:21 417792]
    "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 08:17 1836544]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 15:21 16384000 C:\WINDOWS\RTHDCPL.exe]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [ ]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 08:56 110592 C:\WINDOWS\system32\bthprops.cpl]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2006-05-16 17:35 147456]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

    C:\Documents and Settings\JOhn\Start Menu\Programs\Startup\
    Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-02-10 18:30:00 106496]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PowerCinema.exe"=
    "C:\\Program Files\\Cyberlink\\PowerCinema\\PCMService.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

    R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 14:46]
    S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 20:49]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-03-25 19:55:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-02-21 16:28:46 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2007-02-21 16:28:45 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    "2008-03-29 17:13:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    "2008-02-18 17:13:18 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
    - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-30 23:01:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-03-30 23:01:43
    ComboFix-quarantined-files.txt 2008-03-30 22:01:35
    ComboFix2.txt 2008-03-30 17:50:01
    ComboFix3.txt 2008-03-30 17:15:40
    Pre-Run: 14,081,454,080 bytes free
    Post-Run: 14,066,540,544 bytes free
    .
    2008-03-12 23:41:48 --- E O F ---


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Strange, that shouldn't have happened

    Follow the rest of the steps in my previous post and tell me how they go

    Also do this

    Delete ComboFix.exe and the folders C:\qoobox and C:\ComboFix



    Now we need to create a new System Restore point.

    Click Start Menu > Run > type (or copy and paste)

    %SystemRoot%\System32\restore\rstrui.exe

    Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

    Next goto Start Menu > Run > type

    cleanmgr

    Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

    To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    k thats done (missis on to me to go to bed!)
    any more ?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Nope that is it

    Your PC is clean, all remains of the trojan gone

    Enjoy your sleep, am off as well ;)


  • Registered Users, Registered Users 2 Posts: 5,140 ✭✭✭John mac


    thats great thanks a million..
    hope i wont need your help anymore:)
    j


Advertisement