Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups And Evil Url Shortcuts


  • This topic is locked This topic is locked
4 replies to this topic

#1 magicalmonkeyguy

magicalmonkeyguy

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 29 February 2008 - 11:20 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:06 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\dldocoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
E:\Program Files\Winamp\winampa.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071122
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O21 - SSODL: bxlrvps - {AC9E2185-6FB9-4C9C-A531-01F303C11BD0} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {ECE27AAE-50D0-4747-9310-181FF8D65CBE} - C:\WINDOWS\alofkmn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11402 bytes

curently infected with virus that causes popups telling me i have a virus, telling me to click OK to remove, blah blah blah

it is also puting URL shortcuts on my desktop to face anti virus software.

after running combofix it treats the problem but when i restart my computer everything is back, untill i run combo fix again

COMBOFIX LOG

ComboFix 08-02-25.2 - Steven 2008-02-27 20:57:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1455 [GMT -8:00]
Running from: C:\Documents and Settings\Steven\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Steven\Desktop\Error Cleaner.url
C:\Documents and Settings\Steven\Desktop\Privacy Protector.url
C:\Documents and Settings\Steven\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Steven\Favorites\Error Cleaner.url
C:\Documents and Settings\Steven\Favorites\Privacy Protector.url
C:\Documents and Settings\Steven\Favorites\Spyware&Malware Protection.url

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-27 19:55 . 2008-02-27 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 17:42 . 2008-02-27 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 22:34 . 2007-11-21 21:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-02-26 22:34 . 2007-11-21 20:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-26 22:34 . 2007-11-21 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GTek
2008-02-24 20:40 . 2008-02-24 20:40 34 --a------ C:\WINDOWS\AW_HIKA.INI
2008-02-24 20:40 . 2008-02-24 20:40 34 --a------ C:\WINDOWS\AW_GEND.INI
2008-02-24 16:11 . 2008-02-24 03:07 335,872 --a------ C:\WINDOWS\bxlrvps.dll
2008-02-24 16:11 . 2008-02-24 03:07 294,912 --a------ C:\WINDOWS\alofkmn.dll
2008-02-24 16:11 . 2008-02-24 03:07 90,112 --a------ C:\WINDOWS\fkxvkns.exe
2008-02-24 15:55 . 2008-02-24 15:56 40 --a------ C:\WINDOWS\AW_REI.INI
2008-02-24 15:52 . 2008-02-24 15:52 32 --a------ C:\WINDOWS\AW_SHIN.INI
2008-02-24 15:51 . 2008-02-24 20:40 48 --a------ C:\WINDOWS\AW_ASKA.INI
2008-02-22 21:20 . 2008-02-22 23:00 171 --a------ C:\WINDOWS\icecast2.ini
2008-02-22 21:08 . 2008-02-22 22:28 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Winamp
2008-02-20 21:21 . 2008-02-26 20:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 21:21 . 2008-02-20 21:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-13 21:43 . 2008-02-13 21:43 4 --a------ C:\WINDOWS\system32\ulfconfig0103.ulf
2008-02-13 17:36 . 2008-02-13 17:36 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-10 16:46 . 2008-02-10 16:46 113,116 --a------ C:\WINDOWS\xobglu32.dll
2008-02-10 16:46 . 2008-02-10 16:46 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-02-09 18:37 . 2008-02-09 18:37 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-09 13:23 . 2008-02-09 13:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
2008-02-09 12:56 . 2008-02-09 12:57 <DIR> d-------- C:\Program Files\ShoopedLife
2008-02-09 07:56 . 2008-02-09 07:56 <DIR> d-------- C:\Program Files\Disney
2008-02-06 22:33 . 2008-02-12 20:51 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Corel
2008-02-06 20:12 . 2008-02-06 20:12 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\968 Series
2008-02-06 06:33 . 2008-02-26 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dl_cats
2008-02-06 06:32 . 2008-02-06 06:33 <DIR> d-------- C:\logs
2008-02-06 06:32 . 2007-08-03 09:08 348,160 --a------ C:\WINDOWS\system32\dldocoin.dll
2008-02-06 06:32 . 2006-07-31 21:53 40,960 --a------ C:\WINDOWS\system32\dldovs.dll
2008-02-06 06:31 . 2007-09-06 12:40 692,224 --a------ C:\WINDOWS\system32\dldodrs.dll
2008-02-06 06:31 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-02-06 06:31 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-02-06 06:31 . 2007-06-14 12:45 69,632 --a------ C:\WINDOWS\system32\dldocnv4.dll
2008-02-06 06:31 . 2007-08-31 10:51 65,536 --a------ C:\WINDOWS\system32\dldocaps.dll
2008-02-06 06:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-06 06:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-06 06:30 . 2008-02-06 06:30 <DIR> d-------- C:\My Music
2008-02-06 06:29 . 2008-02-06 06:29 <DIR> d-------- C:\Program Files\Corel
2008-02-06 06:29 . 2008-02-06 06:30 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-06 06:28 . 2008-02-06 06:29 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-06 05:58 . 2008-02-06 05:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\968 Series
2008-02-06 05:58 . 2007-07-19 07:21 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-02-06 05:58 . 2007-07-19 07:21 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-02-06 05:58 . 2007-07-19 07:21 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-02-06 05:58 . 2007-07-19 07:21 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-02-06 05:58 . 2007-07-19 07:21 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-02-06 05:58 . 2007-06-11 05:01 49,152 --a------ C:\WINDOWS\system32\dldooem.dll
2008-02-06 05:58 . 2007-09-17 06:24 45,056 --a------ C:\WINDOWS\system32\DLDOPMON.DLL
2008-02-06 05:58 . 2007-09-17 06:24 32,768 --a------ C:\WINDOWS\system32\DLDOFXPU.DLL
2008-02-06 05:58 . 2007-09-17 06:26 12,288 --a------ C:\WINDOWS\system32\DLDOPMRC.DLL
2008-02-05 22:20 . 2008-02-06 06:31 <DIR> d-------- C:\Program Files\Dell 968 AIO Printer
2008-02-05 22:18 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-28 09:20 . 2008-01-30 19:58 <DIR> d-------- C:\Program Files\WebcamMax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 04:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-28 04:01 --------- d-----w C:\Program Files\Steam
2008-02-28 03:57 --------- d-----w C:\Documents and Settings\Steven\Application Data\WTablet
2008-02-24 19:52 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 01:15 --------- d-----w C:\Documents and Settings\Steven\Application Data\LimeWire
2008-02-21 15:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-02-18 20:07 --------- d-----w C:\Program Files\Project64 1.6
2008-02-09 21:07 --------- d-----w C:\Documents and Settings\Steven\Application Data\SecondLife
2008-02-09 01:32 --------- d-----w C:\Program Files\Google
2008-01-28 17:48 --------- d-----w C:\Program Files\Macromedia
2008-01-28 17:48 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-26 03:26 --------- d-----w C:\Program Files\Springboard
2008-01-26 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Six Mile Creek Systems
2008-01-25 07:13 --------- d-----w C:\Program Files\Sony
2008-01-24 06:55 --------- d-----w C:\Program Files\NIGHTSTUD V1.0d
2008-01-24 06:07 --------- d-----w C:\Program Files\Java
2008-01-24 02:23 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 02:23 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-24 02:23 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-24 02:23 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 02:23 --------- d-----w C:\Program Files\Symantec
2008-01-24 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-24 02:14 --------- d-----w C:\Documents and Settings\Steven\Application Data\Yahoo!
2008-01-24 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-24 02:02 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 20:30 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-01-19 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Magix Shared
2008-01-19 23:16 --------- d-----w C:\Program Files\MAGIX
2008-01-19 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-01-19 04:47 --------- d-----w C:\Program Files\Audacity
2008-01-14 05:35 --------- d-----w C:\Program Files\Common Files\DirectX
2008-01-12 07:32 --------- d-----w C:\Program Files\Swypeout Battle Racing
2008-01-12 01:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 05:14 --------- d-----w C:\Program Files\Microsoft Games
2008-01-11 05:00 --------- d-----w C:\Program Files\Logitech
2008-01-11 05:00 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-09 04:07 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-07 03:06 --------- d-----w C:\Program Files\Blender Foundation
2008-01-05 15:28 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-01-05 12:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-05 07:18 --------- d-----w C:\Program Files\Matroska Pack
2008-01-05 04:31 --------- d-----w C:\Documents and Settings\Steven\Application Data\Media Player Classic
2008-01-03 21:18 --------- d-----w C:\Documents and Settings\Steven\Application Data\Atari
2008-01-03 20:49 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-01-03 20:49 --------- d-----w C:\Documents and Settings\Steven\Application Data\Leadertech
2008-01-03 20:43 --------- d-----w C:\Program Files\Atari
2008-01-03 08:56 --------- d-----w C:\Program Files\Game Cam
2008-01-01 08:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-31 02:11 --------- d-----w C:\Documents and Settings\Steven\Application Data\Xfire
2007-12-31 02:07 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-30 22:30 --------- d-----w C:\Program Files\LucasFan Games
2007-12-30 09:42 --------- d-----w C:\Documents and Settings\Steven\Application Data\Apple Computer
2007-12-30 09:26 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-30 01:58 --------- d-----w C:\Program Files\QuickTime
2007-12-30 01:47 --------- d-----w C:\Documents and Settings\Steven\Application Data\ArcSoft
2007-12-30 01:46 --------- d-----w C:\Program Files\Common Files\ArcSoft
2007-12-30 01:46 --------- d-----w C:\Program Files\ArcSoft
2007-12-30 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-30 01:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-29 10:08 --------- d-----w C:\Program Files\Sonic Foundry
2007-12-29 10:08 --------- d-----w C:\Program Files\Pure Motion
2007-12-29 10:08 --------- d-----w C:\Program Files\DebugMode
2007-12-29 08:37 --------- d-----w C:\Program Files\Sony Setup
2007-12-29 08:34 --------- d-----w C:\Documents and Settings\Steven\Application Data\Sony
2007-12-29 08:34 --------- d-----w C:\Documents and Settings\Steven\Application Data\Publish Providers
2007-12-29 08:01 --------- d-----w C:\Program Files\MSBuild
2007-12-29 07:58 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-29 07:47 --------- d-----w C:\Documents and Settings\Steven\Application Data\Sony Setup
2007-12-29 07:39 --------- d-----w C:\Program Files\MagicISO
2007-12-29 06:11 --------- d-----w C:\Program Files\LimeWire
2007-12-29 04:06 --------- d--h--r C:\Documents and Settings\Steven\Application Data\SecuROM
2007-12-29 03:37 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-28 10:05 --------- d-----w C:\Program Files\Xvid
2007-12-28 09:01 --------- d-----w C:\Program Files\Common Files\AIPTEK HD-DV
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-22 04:48 76 -csh--r C:\WINDOWS\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Steam"="c:\program files\steam\steam.exe" [2007-12-25 19:54 1266936]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 06:15 198704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 20:21 851968]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 13:39 8429568]
"nwiz"="nwiz.exe" [2007-06-06 13:40 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-06-06 13:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 13:39 81920]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 12:54 36864]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-03 11:57 1228800]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 01:10 1392640]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 14:43 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 20:03 405504 C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 12:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 09:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 09:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 09:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 07:00 1116920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 14:10 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 02:40 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 05:03 17920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-08 10:03 31232]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-13 23:11 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-23 22:07 77824]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [2007-01-16 02:57 81920]
"dldomon.exe"="C:\Program Files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 05:30 455920]
"MemoryCardManager"="C:\Program Files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 05:30 410864]
"Dell 968 AIO Printer Fax Server"="C:\Program Files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 05:31 312560]
"WinampAgent"="E:\Program Files\Winamp\winampa.exe" [2008-01-15 14:54 37376]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 01:33 478800]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-01 00:31:25 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-21 20:46:42 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxlrvps"= {AC9E2185-6FB9-4C9C-A531-01F303C11BD0} - C:\WINDOWS\bxlrvps.dll [2008-02-24 03:07 335872]
"alofkmn"= {ECE27AAE-50D0-4747-9310-181FF8D65CBE} - C:\WINDOWS\alofkmn.dll [2008-02-24 03:07 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dldocoms.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 08:35]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-08 10:03]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-10 21:39]
R2 dldo_device;dldo_device;C:\WINDOWS\system32\dldocoms.exe [2007-10-05 05:30]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 10:31]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 12:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 12:55]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 05:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 03:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 04:01:04 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Steven.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 21:02:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 21:03:08
ComboFix-quarantined-files.txt 2008-02-28 05:03:06
ComboFix2.txt 2008-02-27 07:02:10
.
2008-02-27 00:28:49 --- E O F ---

how do i rid of this problem permenently

BC AdBot (Login to Remove)

 


#2 magicalmonkeyguy

magicalmonkeyguy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 01 March 2008 - 02:30 AM

combofix found and got rid of new stuff, so heres updated log

ComboFix 08-02-25.2 - Steven 2008-02-29 23:20:25.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1282 [GMT -8:00]
Running from: C:\Documents and Settings\Steven\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm

.
((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-27 19:55 . 2008-02-27 19:55 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 17:42 . 2008-02-27 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-26 22:34 . 2007-11-21 21:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-02-26 22:34 . 2007-11-21 20:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-02-26 22:34 . 2007-11-21 20:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GTek
2008-02-24 20:40 . 2008-02-24 20:40 34 --a------ C:\WINDOWS\AW_HIKA.INI
2008-02-24 20:40 . 2008-02-24 20:40 34 --a------ C:\WINDOWS\AW_GEND.INI
2008-02-24 16:11 . 2008-02-24 03:07 335,872 --a------ C:\WINDOWS\bxlrvps.dll
2008-02-24 16:11 . 2008-02-24 03:07 294,912 --a------ C:\WINDOWS\alofkmn.dll
2008-02-24 16:11 . 2008-02-24 03:07 90,112 --a------ C:\WINDOWS\fkxvkns.exe
2008-02-24 15:55 . 2008-02-24 15:56 40 --a------ C:\WINDOWS\AW_REI.INI
2008-02-24 15:52 . 2008-02-24 15:52 32 --a------ C:\WINDOWS\AW_SHIN.INI
2008-02-24 15:51 . 2008-02-24 20:40 48 --a------ C:\WINDOWS\AW_ASKA.INI
2008-02-22 21:20 . 2008-02-22 23:00 171 --a------ C:\WINDOWS\icecast2.ini
2008-02-22 21:08 . 2008-02-22 22:28 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Winamp
2008-02-20 21:21 . 2008-02-29 19:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 21:21 . 2008-02-20 21:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-13 21:43 . 2008-02-13 21:43 4 --a------ C:\WINDOWS\system32\ulfconfig0103.ulf
2008-02-13 17:36 . 2008-02-13 17:36 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-10 16:46 . 2008-02-10 16:46 113,116 --a------ C:\WINDOWS\xobglu32.dll
2008-02-10 16:46 . 2008-02-10 16:46 63,488 --a------ C:\WINDOWS\xobglu16.dll
2008-02-09 18:37 . 2008-02-09 18:37 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-09 13:23 . 2008-02-09 13:31 528 -r-hs---- C:\WINDOWS\PCGWIN32.LI4
2008-02-09 12:56 . 2008-02-09 12:57 <DIR> d-------- C:\Program Files\ShoopedLife
2008-02-09 07:56 . 2008-02-09 07:56 <DIR> d-------- C:\Program Files\Disney
2008-02-06 22:33 . 2008-02-12 20:51 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\Corel
2008-02-06 20:12 . 2008-02-06 20:12 <DIR> d-------- C:\Documents and Settings\Steven\Application Data\968 Series
2008-02-06 06:33 . 2008-02-26 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Dl_cats
2008-02-06 06:32 . 2008-02-06 06:33 <DIR> d-------- C:\logs
2008-02-06 06:32 . 2007-08-03 09:08 348,160 --a------ C:\WINDOWS\system32\dldocoin.dll
2008-02-06 06:32 . 2006-07-31 21:53 40,960 --a------ C:\WINDOWS\system32\dldovs.dll
2008-02-06 06:31 . 2007-09-06 12:40 692,224 --a------ C:\WINDOWS\system32\dldodrs.dll
2008-02-06 06:31 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-02-06 06:31 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-02-06 06:31 . 2007-06-14 12:45 69,632 --a------ C:\WINDOWS\system32\dldocnv4.dll
2008-02-06 06:31 . 2007-08-31 10:51 65,536 --a------ C:\WINDOWS\system32\dldocaps.dll
2008-02-06 06:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-06 06:31 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-06 06:30 . 2008-02-06 06:30 <DIR> d-------- C:\My Music
2008-02-06 06:29 . 2008-02-06 06:29 <DIR> d-------- C:\Program Files\Corel
2008-02-06 06:29 . 2008-02-06 06:30 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-02-06 06:28 . 2008-02-06 06:29 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-02-06 05:58 . 2008-02-06 05:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\968 Series
2008-02-06 05:58 . 2007-07-19 07:21 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-02-06 05:58 . 2007-07-19 07:21 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-02-06 05:58 . 2007-07-19 07:21 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-02-06 05:58 . 2007-07-19 07:21 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-02-06 05:58 . 2007-07-19 07:21 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-02-06 05:58 . 2007-06-11 05:01 49,152 --a------ C:\WINDOWS\system32\dldooem.dll
2008-02-06 05:58 . 2007-09-17 06:24 45,056 --a------ C:\WINDOWS\system32\DLDOPMON.DLL
2008-02-06 05:58 . 2007-09-17 06:24 32,768 --a------ C:\WINDOWS\system32\DLDOFXPU.DLL
2008-02-06 05:58 . 2007-09-17 06:26 12,288 --a------ C:\WINDOWS\system32\DLDOPMRC.DLL
2008-02-05 22:20 . 2008-02-06 06:31 <DIR> d-------- C:\Program Files\Dell 968 AIO Printer
2008-02-05 22:18 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 03:48 --------- d-----w C:\Documents and Settings\Steven\Application Data\LimeWire
2008-03-01 01:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 01:33 --------- d-----w C:\Program Files\Steam
2008-03-01 01:31 --------- d-----w C:\Documents and Settings\Steven\Application Data\WTablet
2008-02-24 19:52 --------- d-----w C:\Program Files\World of Warcraft
2008-02-21 15:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-02-18 20:07 --------- d-----w C:\Program Files\Project64 1.6
2008-02-09 21:07 --------- d-----w C:\Documents and Settings\Steven\Application Data\SecondLife
2008-02-09 01:32 --------- d-----w C:\Program Files\Google
2008-01-31 03:58 --------- d-----w C:\Program Files\WebcamMax
2008-01-28 17:48 --------- d-----w C:\Program Files\Macromedia
2008-01-28 17:48 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-26 03:26 --------- d-----w C:\Program Files\Springboard
2008-01-26 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Six Mile Creek Systems
2008-01-25 07:13 --------- d-----w C:\Program Files\Sony
2008-01-24 06:55 --------- d-----w C:\Program Files\NIGHTSTUD V1.0d
2008-01-24 06:07 --------- d-----w C:\Program Files\Java
2008-01-24 02:23 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-24 02:23 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-24 02:23 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-24 02:23 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-24 02:23 --------- d-----w C:\Program Files\Symantec
2008-01-24 02:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-24 02:14 --------- d-----w C:\Documents and Settings\Steven\Application Data\Yahoo!
2008-01-24 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-24 02:02 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 20:30 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-01-19 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Magix Shared
2008-01-19 23:16 --------- d-----w C:\Program Files\MAGIX
2008-01-19 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2008-01-19 04:47 --------- d-----w C:\Program Files\Audacity
2008-01-14 05:35 --------- d-----w C:\Program Files\Common Files\DirectX
2008-01-12 07:32 --------- d-----w C:\Program Files\Swypeout Battle Racing
2008-01-12 01:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 05:14 --------- d-----w C:\Program Files\Microsoft Games
2008-01-11 05:00 --------- d-----w C:\Program Files\Logitech
2008-01-11 05:00 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-09 04:07 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-01-07 03:06 --------- d-----w C:\Program Files\Blender Foundation
2008-01-05 15:28 --------- d-----w C:\Program Files\Common Files\Thraex Software
2008-01-05 12:07 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-05 07:18 --------- d-----w C:\Program Files\Matroska Pack
2008-01-05 04:31 --------- d-----w C:\Documents and Settings\Steven\Application Data\Media Player Classic
2008-01-03 21:18 --------- d-----w C:\Documents and Settings\Steven\Application Data\Atari
2008-01-03 20:49 --------- d-----w C:\Program Files\Common Files\PocketSoft
2008-01-03 20:49 --------- d-----w C:\Documents and Settings\Steven\Application Data\Leadertech
2008-01-03 20:43 --------- d-----w C:\Program Files\Atari
2008-01-03 08:56 --------- d-----w C:\Program Files\Game Cam
2008-01-01 08:31 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-29 03:37 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 19:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-22 04:48 76 -csh--r C:\WINDOWS\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"Steam"="c:\program files\steam\steam.exe" [2007-12-25 19:54 1266936]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 15:35 67112]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-07-11 06:15 198704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 20:21 851968]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-06 13:39 8429568]
"nwiz"="nwiz.exe" [2007-06-06 13:40 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-06-06 13:39 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-06 13:39 81920]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 12:54 36864]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-03 11:57 1228800]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 01:10 1392640]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 14:43 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 20:03 405504 C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 12:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 09:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 09:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 09:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 07:00 1116920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 14:10 184320]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 02:40 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 05:03 17920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-10-08 10:03 31232]
"Start WingMan Profiler"="C:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2007-09-25 15:03 93208]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 15:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-13 23:11 771704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-01-23 22:07 77824]
"WebcamMaxMoniter"="C:\Program Files\WebcamMax\CAMTHINS.exe" [2007-01-16 02:57 81920]
"dldomon.exe"="C:\Program Files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 05:30 455920]
"MemoryCardManager"="C:\Program Files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 05:30 410864]
"Dell 968 AIO Printer Fax Server"="C:\Program Files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 05:31 312560]
"WinampAgent"="E:\Program Files\Winamp\winampa.exe" [ ]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 01:33 478800]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-01 00:31:25 113664]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-21 20:46:42 50688]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bxlrvps"= {AC9E2185-6FB9-4C9C-A531-01F303C11BD0} - C:\WINDOWS\bxlrvps.dll [2008-02-24 03:07 335872]
"alofkmn"= {ECE27AAE-50D0-4747-9310-181FF8D65CBE} - C:\WINDOWS\alofkmn.dll [2008-02-24 03:07 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\dldocoms.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldopswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldotime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldojswx.exe"=
"C:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 08:35]
R2 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2007-10-08 10:03]
R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-10 21:39]
R2 dldo_device;dldo_device;C:\WINDOWS\system32\dldocoms.exe [2007-10-05 05:30]
R2 TabletServiceWacom;TabletServiceWacom;C:\WINDOWS\system32\Wacom_Tablet.exe [2007-09-07 11:40]
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 10:31]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 12:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 12:55]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 05:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 03:45:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 04:01:04 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Steven.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 23:25:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-29 23:25:49
ComboFix-quarantined-files.txt 2008-03-01 07:25:47
ComboFix2.txt 2008-03-01 01:43:40
ComboFix3.txt 2008-02-28 05:03:09
ComboFix4.txt 2008-02-27 07:02:10
.
2008-02-27 00:28:49 --- E O F ---

#3 magicalmonkeyguy

magicalmonkeyguy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 05 March 2008 - 07:57 PM

it has been a while so i thought i would put up an update

same problems but now not as often

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:00 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\WebcamMax\CAMTHINS.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
E:\Program Files\Winamp\winampa.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\program files\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0\bin\jucheck.exe
C:\PROGRA~1\Symantec\Norton AntiVirus\NAVW32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071122
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\CAMTHINS.exe" /m
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bxlrvps - {AC9E2185-6FB9-4C9C-A531-01F303C11BD0} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {ECE27AAE-50D0-4747-9310-181FF8D65CBE} - C:\WINDOWS\alofkmn.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device - - C:\WINDOWS\system32\dldocoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12141 bytes


also attatched is a picture of one of the popups i am geting, maybe it looks like something you have seen before.

Attached Files



#4 magicalmonkeyguy

magicalmonkeyguy
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 07 March 2008 - 07:42 PM

problem fixed, new combofix update found infected DLL's and got rid of them.

#5 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:52 PM

Posted 08 March 2008 - 11:29 AM

Thanks for informing us. Should you find other problems, please begin a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users