Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » Can't get rid of Virtumonde.dll

[Pending] HJT Logs - Can't get rid of Virtumonde.dll posted in the Security & Safety forums; I've run many spyware and adware programs. Spybot S&D found about 8 and I could get rid of all of them except the Virtumonde.dll ones. And if i scan again ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 05-18-2008
New Poster
  
Join Date: May 2008
Posts: 1
PC Experience: Experienced
writteninstoneb - See this Members User comments on their Profile page
Exclamation Can't get rid of Virtumonde.dll
I've run many spyware and adware programs. Spybot S&D found about 8 and I could get rid of all of them except the Virtumonde.dll ones. And if i scan again the next time I start my computer, all of those other deleted problems are back. I can't search in google and can't go some other places...it just doesn't load. Here is my HijackThis! log and my ComboFix log. Thanks for any help you can provide.

HijackThis! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:45 PM, on 5/18/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: {dbd381d7-9d52-a719-6014-9ca3d1566722} - {2276651d-3ac9-4106-917a-25d97d183dbd} - C:\Windows\system32\vhpatyhk.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fccdBSjH.dll,#1
O4 - HKLM\..\Run: [BM160ae0ec] Rundll32.exe "C:\Windows\system32\blashrqa.dll",s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/22.12/uploader2.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

--
End of file - 15274 bytes





ComboFix log:

ComboFix 08-05-15.3 - Try 2008-05-18 14:31:33.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.188 [GMT -4:00]
Running from: C:\Users\Try\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\dalsirvp.exe
C:\Windows\system32\dphgydxf.dll
C:\Windows\system32\iifcYOEx.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\mlSAdJjl.ini
C:\Windows\System32\mlSAdJjl.ini2
C:\Windows\system32\rqRHxwVO.dll
C:\Windows\system32\veejnyhc.ini
C:\Windows\system32\vifyopta.ini
C:\Windows\system32\x64
C:\Windows\System32\xEOYcfii.ini
C:\Windows\System32\xEOYcfii.ini2
C:\Windows\System32\yFNUwyxx.ini
C:\Windows\System32\yFNUwyxx.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-16 19:29 . 2008-05-16 19:29 <DIR> d-------- C:\Users\Try\AppData\Roaming\Propellerhead Software
2008-05-16 19:29 . 2008-05-16 19:29 233,472 --a------ C:\Users\Try\AppData\Roaming\REX Shared Library.dll
2008-05-16 19:29 . 2008-05-16 19:29 225,280 --a------ C:\Users\Try\AppData\Roaming\Rewire.dll
2008-05-16 19:20 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Searches
2008-05-16 19:19 . 2008-05-16 19:19 <DIR> dr------- C:\Users\Try\Contacts
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Videos
2008-05-16 19:14 . 2007-11-26 22:25 <DIR> d-------- C:\Users\Try\video
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Saved Games
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Pictures
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Music
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Links
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Downloads
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> dr------- C:\Users\Try\Documents
2008-05-16 19:14 . 2006-11-02 08:37 <DIR> d-------- C:\Users\Try\AppData\Roaming\Media Center Programs
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> d--h----- C:\Users\Try\AppData
2008-05-16 19:14 . 2008-05-16 19:20 <DIR> d-------- C:\Users\Try
2008-05-16 19:14 . 2008-05-16 19:14 524,288 --ahs---- C:\Users\Try\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms
2008-05-16 19:14 . 2008-05-16 19:14 524,288 --ahs---- C:\Users\Try\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms
2008-05-16 19:14 . 2008-05-18 14:54 262,144 --ah----- C:\Users\Try\ntuser.dat.LOG1
2008-05-16 19:14 . 2008-05-16 19:14 65,536 --ahs---- C:\Users\Try\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
2008-05-16 19:14 . 2008-05-16 19:14 0 --ah----- C:\Users\Try\ntuser.dat.LOG2
2008-05-16 18:09 . 2008-05-16 18:09 <DIR> d-------- C:\Users\DVD\AppData\Roaming\Propellerhead Software
2008-05-16 18:09 . 2008-05-16 18:09 233,472 --a------ C:\Windows\System32\REX Shared Library.dll
2008-05-13 01:42 . 2008-05-13 01:42 <DIR> d-------- C:\Users\DVD\AppData\Roaming\Download Manager
2008-05-13 00:41 . 2008-05-13 00:41 <DIR> d-------- C:\Program Files\CleanUp!
2008-05-13 00:40 . 2008-05-16 18:08 431 --a------ C:\Windows\wininit.ini
2008-05-13 00:03 . 2008-05-13 00:03 <DIR> d-------- C:\Users\All Users\Windows Genuine Advantage
2008-05-12 23:48 . 2008-05-13 01:26 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-12 23:48 . 2008-05-13 01:26 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-12 23:48 . 2008-05-12 23:48 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-12 23:47 . 2008-05-12 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 23:33 . 2008-05-12 23:31 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-05-12 23:31 . 2008-05-12 23:33 <DIR> d-------- C:\Users\DVD\.housecall6.6
2008-05-12 23:29 . 2008-05-12 23:29 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-12 23:29 . 2008-05-12 23:29 <DIR> d-------- C:\Users\All Users\Kaspersky Lab
2008-05-12 23:29 . 2008-05-12 23:29 <DIR> d-------- C:\ProgramData\Kaspersky Lab
2008-05-12 23:21 . 2008-05-12 23:21 <DIR> d-------- C:\Users\DVD\AppData\Roaming\SmartFTP
2008-05-12 11:39 . 2008-05-12 11:39 <DIR> d-------- C:\Users\Zune\AppData\Roaming\FileZilla
2008-05-12 01:05 . 1990-05-17 19:29 41 --a------ C:\Windows\Filzip.ini
2008-05-12 01:00 . 2008-05-12 01:03 <DIR> d-------- C:\Program Files\Filzip
2008-05-08 16:18 . 2008-05-08 16:29 <DIR> d-------- C:\wamp
2008-05-02 16:59 . 2008-05-02 16:59 <DIR> d-------- C:\Users\DVD\workspace
2008-05-02 14:40 . 2008-05-02 14:40 267 --------- C:\interfaces
2008-05-01 23:40 . 2008-05-01 23:40 <DIR> d-------- C:\Users\DVD\AppData\Roaming\CDBurnerXP_Soft
2008-05-01 23:39 . 2008-05-16 18:14 <DIR> d-------- C:\Program Files\CDBurnerXP
2008-05-01 22:51 . 2008-05-01 22:51 <DIR> d-------- C:\Program Files\DAP
2008-05-01 22:51 . 2008-05-01 22:51 479,298 --a------ C:\Windows\System32\wbocx.ocx
2008-05-01 22:51 . 2008-05-01 22:51 172,032 --a------ C:\Windows\System32\AniGIF.ocx
2008-05-01 22:51 . 2008-05-01 22:51 50,688 --a------ C:\Windows\System32\wbhelp2.dll
2008-05-01 21:09 . 2008-05-02 15:28 <DIR> d-------- C:\WPA CONNECT
2008-04-27 17:38 . 2008-04-27 17:38 <DIR> d-------- C:\Users\Zune\AppData\Roaming\RCP 5
2008-04-22 02:24 . 2008-04-22 02:24 <DIR> d-------- C:\Program Files\InfraRecorder
2008-04-22 02:11 . 2008-04-22 02:23 <DIR> d-------- C:\Users\DVD\AppData\Roaming\InfraRecorder

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-16 23:12 --------- d-----w C:\Users\DVD\AppData\Roaming\uTorrent
2008-05-16 22:40 --------- d-----w C:\Program Files\MagicISO
2008-05-16 18:24 --------- d-----w C:\Users\DVD\AppData\Roaming\FileZilla
2008-05-16 02:07 --------- d-----w C:\Users\DVD\AppData\Roaming\OpenOffice.org2
2008-05-11 19:25 --------- d-----w C:\ProgramData\FLEXnet
2008-05-08 17:42 --------- d-----w C:\Users\DVD\AppData\Roaming\Winamp
2008-05-06 02:00 --------- d-----w C:\Program Files\Cinema 4D
2008-05-02 19:24 --------- d-----w C:\Users\Admin\AppData\Roaming\OpenOffice.org2
2008-04-15 01:59 --------- d-----w C:\Program Files\SWiSH Max2
2008-04-06 22:12 --------- d-----w C:\Program Files\EPSON
2008-04-06 18:11 --------- d-----w C:\Program Files\Apache Software Foundation
2008-04-06 17:54 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-02 13:08 --------- d-----w C:\Program Files\e-on software
2008-04-02 00:31 --------- d-----w C:\Users\DVD\AppData\Roaming\acccore
2008-03-31 01:29 --------- d-----w C:\Program Files\Steam
2008-03-26 13:25 --------- d-----w C:\Users\DVD\AppData\Roaming\RCP 5
2008-03-26 13:23 --------- d-----w C:\Program Files\gs
2008-03-26 13:19 --------- d-----w C:\Program Files\ReaConverter 5.0 Pro
2008-03-25 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-03-25 06:08 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-25 05:56 --------- d-----w C:\Program Files\Windows Live
2008-03-23 23:46 --------- d-----w C:\Users\DVD\AppData\Roaming\Atari
2008-03-23 22:45 --------- d-----w C:\Users\DVD\AppData\Roaming\Leadertech
2008-03-23 22:45 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-03-23 22:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 22:33 --------- d-----w C:\Program Files\Atari
2008-03-23 22:28 --------- d-----w C:\Program Files\MagicDisc
2007-12-03 12:58 174 --sha-w C:\Program Files\desktop.ini
2007-07-22 02:37 233,472 ----a-w C:\Users\Admin\AppData\Roaming\REX Shared Library.dll
2007-07-22 02:37 225,280 ----a-w C:\Users\Admin\AppData\Roaming\Rewire.dll
2007-07-19 06:30 233,472 ----a-w C:\Users\Joe\AppData\Roaming\REX Shared Library.dll
2007-07-19 06:30 225,280 ----a-w C:\Users\Joe\AppData\Roaming\Rewire.dll
2008-01-16 01:38 32,768 --sha-w C:\Windows\System32\FaxMessage.dll
2008-01-16 01:38 99,840 --sha-w C:\Windows\System32\Msip32.dll
.
Code:
<pre>
----a-w           325,204 2006-12-22 00:56:28  C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
----a-w         6,743,552 2008-05-02 04:23:06  C:\Users\DVD\Documents\Downloads\Download Accelerator Plus Premium v8.6.1.4 Final Cracked\DAP Premium v8.6.1.4 .exe
</pre>

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2276651d-3ac9-4106-917a-25d97d183dbd}]
1990-05-17 20:44 100928 --a------ C:\Windows\system32\vhpatyhk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 16:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-03 04:33 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 23:36 827392]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 16:43 729088]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 15:39 46704]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18 472776]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 19:15 81920]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 09:18 22696]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 19:15 366400]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 08:23 200704]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 14:38 159744]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-02-16 05:08 172032]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2007-04-13 04:19 77824]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 18:12 317128]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-28 06:34 134808]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 22:51 166304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.ex e" [2008-01-02 17:07 133656]
"MSServer"="C:\Windows\system32\fccdBSjH.dll" [ ]
"BM160ae0ec"="C:\Windows\system32\blashrqa.dll " [1990-05-17 20:41 100928]

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-27 18:48:04 546816]
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-08-03 14:11:49 947544]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Users\DVD\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2007-09-27 18:48:04 546816]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 04:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 03:01:50 734872]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-11-23 14:33:04 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{B5809267-7F93-4F2D-B043-C9D78F0E09E3}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{8CCAE9D2-5861-4D35-A8ED-1DBD42ED6122}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{D1A2DA83-BE30-4F95-A63D-743405B22D0B}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{593298C3-A756-4DFF-BD34-60D8C385CE86}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{9CD19365-8AD3-4362-8B7B-4643E7821DC9}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{D220B1F2-4244-4798-B7BF-A02CBEF96E51}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{0F72FFBE-7C79-4D5C-B69A-70A5E7E3D450}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{244EA84B-3B6F-48F9-9A1F-0B134D0D8571}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{25EB190A-33E0-40C6-8CB9-7ED2668B34BE}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{42117B21-5965-443D-A594-F6BF44C75193}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{7CDFB858-CBB5-4F1C-8D4E-24481503A639}"= TCP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{BD93B060-3B53-4C08-ABE5-8010AF9063B6}"= UDP:C:\Program Files\Symantec AntiVirus\Rtvscan.exe:Symantec Antivirus
"{63CFB3DC-F0B7-4C82-9455-8D53E7530AE1}"= TCP:C:\Program Files\Ruckus Player\Ruckus.exe:Ruckus
"{5BB3BE92-300D-48C0-830A-3B0D2022FD56}"= UDP:C:\Program Files\Ruckus Player\Ruckus.exe:Ruckus
"UDP Query User{7D22AC0E-A270-45DC-BBC9-4E3EF185DEFF}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{414F8E06-A644-4527-A963-32C7E4389B99}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"{B99F483A-D9F2-4CBA-A900-2D7BACEB83AB}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{2EAF9FE0-8936-408B-B5CF-041361CECE16}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"UDP Query User{C48FE0CC-D6F3-4C1C-AAFD-46AB8A81C571}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"TCP Query User{AA38564D-434D-4A95-94B6-8C179DC37CBB}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"{33181758-09F3-4603-83DA-0177928F24A1}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{23AFFD80-BF9F-4EB1-8414-CB0A202DFC23}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8726C11F-6F7C-4255-B53C-39F06065644B}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{9D212586-1E19-4EB1-A237-CB17C6D5AC36}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"UDP Query User{2FB53353-D74E-4C7B-B2E9-4B7272703855}C:\\users\\admin\\downloads\\utorrent .exe"= TCP:C:\users\admin\downloads\utorrent.exe:utorrent .exe
"TCP Query User{93ABEB62-CDFF-461F-9EA9-8777E1347EEE}C:\\users\\admin\\downloads\\utorrent .exe"= UDP:C:\users\admin\downloads\utorrent.exe:utorrent .exe
"UDP Query User{A6CD08A8-FC09-4BD7-818D-680668CF5F89}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"TCP Query User{F6D8DF2A-FCF1-46D3-BBD6-8D1EB63E501D}C:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:C:\program files\ea games\battlefield 2\bf2_w32ded.exe:Bf2_w32ded
"{F72260A9-2C34-4826-90E6-CD1AE23AD87D}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7A56F345-5D9C-44F4-9550-352B94019786}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5CA0C64D-C169-4D32-9829-F45A8B8E3E47}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F3D796CD-A028-4E95-A1DF-04EF494CAB4A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3B47A896-6936-4E9A-8509-4D9F0FF1004F}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3CF0AD49-2C86-437F-BAF5-52FD53E53EDC}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7C08624A-D85C-4CFE-A794-3DE77BA26BE0}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{24FB559B-37D4-4C71-B5B5-EA1678427036}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{1E027CF3-AB61-4B57-A5D5-7E180D0C3583}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5F8EFABE-2124-47E1-B9C1-15445C945286}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1401D397-B505-4D95-A7BC-FA7EE4656AA4}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{585B4581-FA76-47BD-A276-5891E483904C}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{BE227E41-D980-4B90-A0AE-E844D5E410AA}"= UDP:C:\Program Files\LimePuppy\LimeWire.exe:LimeWire
"{D9424869-7A21-4BA0-931A-DD6A89E1BECB}"= TCP:C:\Program Files\LimePuppy\LimeWire.exe:LimeWire
"{75E04B3D-FD99-410B-ADA9-88745FDBF119}"= UDP:C:\Program Files\LimePuppy\LimeWire.exe:LimeWire
"{DB12C35C-C607-477E-8CF2-A951C25C0AB0}"= TCP:C:\Program Files\LimePuppy\LimeWire.exe:LimeWire
"{94810095-F2FE-4A19-BBE7-59F92DC63BFD}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{3F88DA67-0D09-4027-A838-9CD641B1EFC3}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29FCE5FF-5803-472D-9C50-324E378BF295}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D9FE6AC8-05CF-45B8-9502-26D93DD90EB5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\ProgramData\Symantec\Definitions\SymcDat a\idsdefs\20070906.002\IDSvix86.sys [2007-09-06 11:51]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2006-10-24 22:40]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe [2007-11-30 11:27]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2007-12-08 16:12]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;C:\Windows\system32\Drivers\tascusb2.sys [2007-10-31 20:53]
S3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;C:\Windows\system32\drivers\tscusb2m.sys [2007-10-31 20:53]
S3 TASCAM_US122L_WDM;TASCAM US-122L WDM;C:\Windows\system32\drivers\tscusb2a.sys [2007-10-31 20:53]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2. 2.8\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.5 1b\bin\mysqld-nt.exe wampmysqld []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-10 00:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Admin.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 14:53:40
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


folder error: C:\Windows\system32\config\systemprofile\AppData\L ocal\Temp\

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\blashrqa.dll
-> ?:\Windows\System32\npmproxy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Windows\System32\dllhost.exe
.
************************************************** ************************
.
Completion time: 2008-05-18 16:43:39 - machine was rebooted [SYSTEM]
ComboFix-quarantined-files.txt 2008-05-18 20:43:14

Pre-Run: 12,219,994,112 bytes free
Post-Run: 10,459,172,864 bytes free

309 --- E O F --- 2008-05-12 05:56:32
  #2  
Old 05-18-2008
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,594
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default Re: Can't get rid of Virtumonde.dll
Hello, and welcome to PCHF.


Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please attach C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

« please help me | [In Progress] Please Help »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 08:16 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Debt Help
Debt help information and advice from Moneyexpert.

Online Advertising
Join the free co-op advertising network and increase your traffic.

Advertising
Join the free co-op advertising network and increase your traffic.