Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/malware greatly affecting performance - Vundo.gen(?)


  • Please log in to reply
5 replies to this topic

#1 sspain

sspain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 10 January 2009 - 08:45 PM

Please help!
My performance has been greatly affected somehow, working far, far slower than it should, and whenever I open an internet explorer, advertisement keep opening up in other windows, no matter what website I'm on. Also, Automatic Updates in Windows security keeps getting turned off. I believe it is malware or a virus of some sort, because for a while, McAfee has been going nuts finding files, most of which were deleted, but still there were some it couldn't delete or move. Every time I turn on the computer now, I get notified that a trojan has been detected under the file name urqQGwTj.dll and is detected as Vundo.gen.i, and cannot be moved or deleted. If someone could tell me what to do, I would gratefully appreciate the help!


DDS (Ver_09-01-07.01) - NTFSx86
Run by Sean at 19:49:57.68 on Sat 01/10/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01

============== Pseudo HJT Report ===============

uSearch Bar =
uDefault_Page_URL = hxxp://www.dellnet.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mDefault_Page_URL = hxxp://www.dellnet.com
mSearch Bar =
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
uWindows: load=pythizer.exe
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\urqQGwTj.dll
BHO: {efd94b27-def6-a30a-7b24-eae0f9c4e409}: {904e4c9f-0eae-42b7-a03a-6fed72b49dfe} - c:\windows\system32\yikfsb.dll
BHO: {9802822b-3144-4da0-bc78-db171db586dd} - c:\windows\system32\vtUonnnO.dll
BHO: c:\windows\system32\rakmdlkd83indfgnbu.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\rakmdlkd83indfgnbu.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROProj.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Steam]
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [AWMON] "c:\program files\lavasoft\ad-aware se plus\Ad-Watch.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
mRun: [WinMX Music App] WINMX.EXE
mRun: [igywelqanoq] c:\windows\system32\wcubsj.exe
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [Enh Win Updt] c:\windows\enhupdt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [<NO NAME>]
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROProj.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\msero.dll
Notify: urqQGwTj - urqQGwTj.dll
AppInit_DLLs: bzlnjb.dll yikfsb.dll
STS: c:\windows\system32\rakmdlkd83indfgnbu.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\rakmdlkd83indfgnbu.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\urqQGwTj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUonnnO

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\o6pd0if9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - HiddenExtension: XUL Cache: {DE7DBFD2-44C6-4353-8FB8-78AB4B21F582} - c:\windows\system32\config\systemprofile\local settings\application data\{de7dbfd2-44c6-4353-8fb8-78ab4b21f582}\

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-10 13:32 1,256,329 a--sh--- c:\windows\system32\hnowxpsm.ini
2009-01-10 13:31 78,336 a------- c:\windows\system32\mspxwonh.dll
2009-01-10 13:31 124,928 a------- c:\windows\system32\yikfsb.dll
2009-01-10 13:30 124,928 a------- c:\windows\system32\hhoytxdy.dll
2009-01-09 10:01 670,376 a--sh--- c:\windows\system32\OnnnoUtv.ini2
2009-01-09 10:01 670,376 a--sh--- c:\windows\system32\OnnnoUtv.ini
2009-01-09 10:01 289,280 a------- c:\windows\system32\vtUonnnO.dll
2009-01-09 03:35 59,904 a------- c:\windows\system32\drivers\TDSSmxst.sys
2009-01-09 03:35 <DIR> --d----- c:\docume~1\sean\applic~1\cogad
2009-01-09 03:33 133,120 a------- c:\windows\system32\bzlnjb.dll
2009-01-09 03:33 133,120 a------- c:\windows\system32\uyvlrmmj.dll
2009-01-09 03:28 1,250,178 a--sh--- c:\windows\system32\rkwsetsd.ini
2009-01-09 03:28 90,624 a------- c:\windows\system32\dsteswkr.dll
2009-01-09 03:27 1,250,178 a--sh--- c:\windows\system32\alerdqck.ini
2009-01-09 03:26 90,624 a------- c:\windows\system32\kcqdrela.dll
2009-01-09 03:25 14,336 a------- c:\windows\system32\senekagkcbaksy.dll
2009-01-09 03:25 59 a------- c:\windows\system32\seneka.dat
2009-01-09 03:25 3 a------- c:\windows\system32\senekadf.dat
2009-01-09 03:25 688,591 a--sh--- c:\windows\system32\YHNVxyxx.ini2
2009-01-09 03:25 688,591 a--sh--- c:\windows\system32\YHNVxyxx.ini
2009-01-09 03:25 289,280 a------- c:\windows\system32\xxyxVNHY.dll
2009-01-09 03:20 2,100 a------- c:\windows\system32\senekalog.dat
2009-01-09 03:20 29,324 a------- c:\windows\system32\senekaimpulrml.dll
2009-01-09 03:20 47,746 a------- c:\windows\system32\drivers\senekaslnfifgs.sys
2009-01-09 03:20 46,080 a------- c:\windows\system32\wvUkIATN.dll
2009-01-09 03:19 57,856 a------- c:\windows\system32\urqQGwTj.dll
2008-12-31 20:35 256 a------- c:\windows\system32\pool.bin
2008-12-31 20:34 <DIR> --d----- c:\docume~1\sean\applic~1\Research In Motion
2008-12-31 19:47 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-12-31 19:39 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2008-12-31 19:37 <DIR> --d----- c:\program files\common files\Research In Motion
2008-12-31 19:37 <DIR> --d----- c:\program files\BlackBerry
2008-12-25 15:08 23 a------- c:\windows\popcinfot.dat
2008-12-25 09:32 26,482 a------- C:\Porcupine_Tree_-_Lightbulb_Sun.jpg
2008-12-22 17:42 1,429,964 a------- C:\ELECTRIC ARCING.wav
2008-12-22 17:19 737,150 a------- C:\Electric Arc 1.wav
2008-12-20 18:48 556 a------- c:\windows\eReg.dat
2008-12-20 17:42 156,800 a------- c:\windows\system32\drivers\d346bus.sys
2008-12-20 17:42 5,248 a------- c:\windows\system32\drivers\d346prt.sys
2008-12-20 17:42 <DIR> --d----- c:\program files\D-Tools
2008-12-20 17:25 643,072 a------- c:\windows\system32\drivers\sptd.sys
2008-12-20 17:25 96,384 a------- c:\windows\system32\drivers\sptd4125.sys
2008-12-20 10:07 <DIR> --d----- c:\program files\Uru - Ages Beyond Myst Demo
2008-12-20 10:07 <DIR> --d----- c:\program files\MTV Networks
2008-12-20 10:07 <DIR> --d----- c:\documents and settings\sean\.limewire
2008-12-20 10:07 <DIR> --d----- c:\program files\DNA
2008-12-20 10:07 <DIR> --d----- c:\program files\Call of Duty
2008-12-20 10:07 <DIR> --d----- c:\program files\AVG
2008-12-20 10:07 <DIR> --d----- c:\program files\Virtools Web Player 3.0
2008-12-20 10:07 <DIR> --d----- c:\program files\Viewpoint
2008-12-20 10:06 <DIR> --d----- c:\program files\IrfanView
2008-12-20 10:06 <DIR> --d----- c:\program files\ewido
2008-12-20 10:06 <DIR> --d----- c:\program files\ConsoleClassix.com
2008-12-20 10:06 <DIR> --d----- c:\program files\Click'N Design 3D (V5)
2008-12-20 10:06 <DIR> --d----- c:\program files\Call of Duty Single Player Demo
2008-12-20 10:06 <DIR> --d----- c:\program files\BitComet
2008-12-20 10:06 <DIR> --d----- C:\Sean
2008-12-20 10:06 <DIR> --d----- C:\Deckard
2008-12-20 03:40 <DIR> --d----- c:\program files\Viewpoint(2)
2008-12-20 03:38 <DIR> --d----- C:\Deckard(2)
2008-12-20 03:37 <DIR> --d----- c:\program files\Deckard
2008-12-20 03:22 <DIR> --d----- c:\program files\CyberLink(2)
2008-12-20 03:19 <DIR> --d----- c:\program files\Paint Shop Pro 7

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-10 17:25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-10 17:25 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 ac------ c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 ac------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 ac------ c:\windows\system32\DivXWMPExtType.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-04 19:27 153,152 ac------ c:\docume~1\sean\applic~1\GDIPFONTCACHEV1.DAT
2006-06-18 18:42 734,270 ac-sh--- c:\windows\system32\dgjlm.ini2

============= FINISH: 20:22:28.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:03 PM

Posted 11 January 2009 - 07:04 AM

Hello SSpain and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 sspain

sspain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 12 January 2009 - 03:25 AM

GooredFix v1.8 by jpshortstuff
Log created at 19:06 on 11/01/2009 running Option #2 (Sean)
Firefox version 2.0.0.14 (en-US)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.14\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 2.0.0.14\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"



ComboFix 09-01-10.03 - Sean 2009-01-11 19:41:05.1 - NTFSx86
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Sean\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Sean\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\Common Files\download
c:\windows\pack.epk
c:\windows\system32\alerdqck.ini
c:\windows\system32\cimscm.dll
c:\windows\system32\dgjlm.ini
c:\windows\system32\dgjlm.ini2
c:\windows\system32\drivers\senekaslnfifgs.sys
c:\windows\system32\Drivers\TDSSmxst.sys
c:\windows\system32\dsgtjnly.dll
c:\windows\system32\grpiawoj.dll
c:\windows\system32\hhoytxdy.dll
c:\windows\system32\hnowxpsm.ini
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\msexcl35.dll
c:\windows\system32\msltus35.dll
c:\windows\system32\mspdox35.dll
c:\windows\system32\mspxwonh.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\mstext35.dll
c:\windows\system32\msxbse35.dll
c:\windows\system32\nvs2.inf
c:\windows\SYSTEM32\OnnnoUtv.ini
c:\windows\SYSTEM32\OnnnoUtv.ini2
c:\windows\system32\qudpnuof.dll
c:\windows\system32\rdocurs.dll
c:\windows\system32\rhdkqg.dll
c:\windows\system32\rkwsetsd.ini
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekagkcbaksy.dll
c:\windows\system32\senekaimpulrml.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\vtUonnnO.dll
c:\windows\system32\wevsbupmy.dat
c:\windows\system32\wevsbupmy_nav.dat
c:\windows\system32\wevsbupmy_navps.dat
c:\windows\system32\wilsdrue.ini
c:\windows\system32\xxyxVNHY.dll
c:\windows\system32\YHNVxyxx.ini
c:\windows\system32\YHNVxyxx.ini2
c:\windows\system32\yikfsb.dll
c:\windows\system32\ylnjtgsd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISEXENG


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-09 03:35 . 2009-01-10 21:56 <DIR> d-------- c:\documents and settings\Sean\Application Data\cogad
2009-01-09 03:33 . 2009-01-09 03:33 133,120 --a------ c:\windows\SYSTEM32\bzlnjb.dll
2009-01-09 03:20 . 2009-01-09 03:20 46,080 --a------ c:\windows\SYSTEM32\wvUkIATN.dll
2009-01-09 03:19 . 2009-01-09 03:19 57,856 --a------ c:\windows\SYSTEM32\urqQGwTj.dll
2009-01-01 00:53 . 2009-01-01 00:53 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2008-12-31 20:35 . 2009-01-10 18:32 256 --a------ c:\windows\SYSTEM32\pool.bin
2008-12-31 20:34 . 2008-12-31 20:34 <DIR> d-------- c:\documents and settings\Sean\Application Data\Research In Motion
2008-12-31 19:53 . 2008-12-31 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-31 19:53 . 2008-12-31 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-31 19:47 . 2008-12-31 19:52 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-31 19:47 . 2008-12-31 20:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-31 19:39 . 2007-01-18 10:24 26,496 -ra------ c:\windows\SYSTEM32\DRIVERS\RimSerial.sys
2008-12-31 19:37 . 2008-12-31 19:37 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-12-31 19:37 . 2009-01-11 19:04 <DIR> d-------- c:\program files\BlackBerry
2008-12-25 15:08 . 2008-12-25 15:20 23 --a------ c:\windows\popcinfot.dat
2008-12-25 09:32 . 2008-12-25 09:32 26,482 --a------ C:\Porcupine_Tree_-_Lightbulb_Sun.jpg
2008-12-22 17:42 . 2008-12-22 17:42 1,429,964 --a------ C:\ELECTRIC ARCING.wav
2008-12-22 17:19 . 2008-12-22 17:19 737,150 --a------ C:\Electric Arc 1.wav
2008-12-20 18:48 . 2008-12-20 18:48 556 --a------ c:\windows\eReg.dat
2008-12-20 17:42 . 2008-12-20 17:42 <DIR> d-------- c:\program files\D-Tools
2008-12-20 17:42 . 2004-03-12 22:41 156,800 --a------ c:\windows\SYSTEM32\DRIVERS\d346bus.sys
2008-12-20 17:42 . 2004-03-12 22:41 5,248 --a------ c:\windows\SYSTEM32\DRIVERS\d346prt.sys
2008-12-20 17:25 . 2008-12-20 17:25 643,072 --a------ c:\windows\SYSTEM32\DRIVERS\sptd.sys
2008-12-20 17:25 . 2009-01-11 18:54 96,384 --a------ c:\windows\SYSTEM32\DRIVERS\sptd4125.sys
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Virtools Web Player 3.0
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Viewpoint
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Uru - Ages Beyond Myst Demo
2008-12-20 10:07 . 2008-12-20 10:44 <DIR> d-------- c:\program files\Trillian
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\MTV Networks
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\DNA
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Call of Duty
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\AVG
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\documents and settings\Sean\.limewire
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- C:\Sean
2008-12-20 10:06 . 2008-12-20 10:38 <DIR> d-------- c:\program files\IrfanView
2008-12-20 10:06 . 2008-12-20 10:29 <DIR> d-------- c:\program files\Google
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\ewido
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\ConsoleClassix.com
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\Click'N Design 3D (V5)
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\Call of Duty Single Player Demo
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\BitComet
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- C:\Deckard
2008-12-20 03:40 . 2008-12-20 03:40 <DIR> d-------- c:\program files\Viewpoint(2)
2008-12-20 03:38 . 2008-12-20 03:38 <DIR> d-------- C:\Deckard(2)
2008-12-20 03:37 . 2008-12-20 03:37 <DIR> d-------- c:\program files\Deckard
2008-12-20 03:22 . 2008-12-20 03:22 <DIR> d-------- c:\program files\CyberLink(2)
2008-12-20 03:19 . 2008-12-20 10:06 <DIR> d-------- c:\program files\Paint Shop Pro 7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 23:19 --------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2009-01-07 18:31 --------- d-----w c:\documents and settings\Sean\Application Data\U3
2009-01-01 05:53 --------- d-----w c:\documents and settings\Sean\Application Data\Roxio
2009-01-01 00:51 --------- d-----w c:\program files\Roxio
2009-01-01 00:49 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-25 14:46 --------- d-----w c:\program files\Common Files\Adobe
2008-12-20 23:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 15:08 --------- d-----w c:\program files\LucasArts
2008-12-20 15:07 --------- d-----w c:\program files\Jasc Software Inc
2008-12-20 02:55 --------- d-----w c:\program files\Bonjour
2008-12-16 21:41 --------- d-----w c:\program files\DivX
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-10 22:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-10 22:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-10 22:19 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-12-03 04:10 --------- d-----w c:\program files\iTunes
2008-12-03 04:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 04:09 --------- d-----w c:\program files\iPod
2008-12-03 04:09 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 04:03 --------- d-----w c:\program files\QuickTime
2008-11-21 21:47 524,288 ----a-w c:\windows\SYSTEM32\DivXsm.exe
2008-11-21 21:47 3,596,288 -c--a-w c:\windows\SYSTEM32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\SYSTEM32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\SYSTEM32\libdivx.dll
2008-11-21 21:44 161,096 -c--a-w c:\windows\SYSTEM32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 -c--a-w c:\windows\SYSTEM32\DivXWMPExtType.dll
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
2008-10-05 00:27 153,152 -c--a-w c:\documents and settings\Sean\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 04:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-05-04 04:57 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-04 04:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-05-04 04:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-05-04 04:57 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2009-01-09 03:19 57856 --a------ c:\windows\system32\urqQGwTj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 139347]
"AWMON"="c:\program files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2004-10-12 538112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 69632]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-02 151597]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2003-02-24 266313]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]

c:\documents and settings\Sean\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-11-04 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-03 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-23 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Desktop Manager.lnk - c:\program files\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\urqQGwTj.dll" [2009-01-09 57856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQGwTj]
2009-01-09 03:19 57856 c:\windows\SYSTEM32\urqQGwTj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=bzlnjb.dll rhdkqg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\vtUonnnO

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LightWave [8]\\Programs\\hub.exe"=
"c:\\Program Files\\LightWave [8]\\Programs\\modeler.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Valve\\Steam\\hl.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Adobe Premiere Pro.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\daddio007\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"d:\\Program Files\\Call of Duty\\CoDMP.exe"=
"d:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\daddio007\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17919:TCP"= 17919:TCP:BitComet 17919 TCP
"17919:UDP"= 17919:UDP:BitComet 17919 UDP

R0 aiwf;aiwf; [x]
R1 sonypvd2;sonypvd2;c:\windows\system32\DRIVERS\sonypvd2.sys [2003-06-24 64093]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-28 39048]
R3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\DRIVERS\inibtmgr.sys [2003-12-08 9728]
R3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\DRIVERS\OVCA.sys [2001-08-17 25088]
S0 d346bus;d346bus;c:\windows\system32\DRIVERS\d346bus.sys [2004-03-12 156800]
S0 d346prt;d346prt;c:\windows\System32\Drivers\d346prt.sys [2004-03-12 5248]
S0 sonypvl2;sonypvl2; [x]
S1 sonypvf2;sonypvf2; [x]
S1 sonypvt2;sonypvt2; [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - Adobe Version Cue CS2
*Deregistered* - AegisP
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - cdudf_xp
*Deregistered* - Compbatt
*Deregistered* - CryptSvc
*Deregistered* - d346bus
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - dvd_2K
*Deregistered* - DVDVRRdr_xp
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - i2omgmt
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - MASPINT
*Deregistered* - McAfeeFramework
*Deregistered* - McShield
*Deregistered* - McTaskManager
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NaiAvFilter1
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - omci
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RetroLauncher
*Deregistered* - Retrospect Helper
*Deregistered* - RetroWDSvc
*Deregistered* - RimVSerPort
*Deregistered* - ROOTMODEM
*Deregistered* - Roxio Upnp Server 9
*Deregistered* - RoxLiveShare9
*Deregistered* - RoxWatch9
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Sentinel
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sonypvf2
*Deregistered* - sonypvl2
*Deregistered* - sonypvt2
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UdfReadr_xp
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - w32time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wltrysvc
*Deregistered* - WMDM PMSP Service
*Deregistered* - WS2IFSL
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-12 c:\windows\Tasks\dhkdbbup.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{DED4DFA2-9E2B-46CB-ADE5-4B20F4680147} - c:\windows\system32\vtUonnnO.dll
BHO-{e8da13c9-5526-40ae-9a94-026f29f18973} - c:\windows\system32\rhdkqg.dll
HKCU-Run-Steam - (no file)
HKLM-Run-P2P Networking - c:\windows\System32\P2P Networking\P2P Networking.exe
HKLM-Run-igywelqanoq - c:\windows\system32\wcubsj.exe
HKLM-Run-MimBoot - c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
HKLM-Run-Enh Win Updt - c:\windows\enhupdt.exe
HKLM-Run-StorageGuard - c:\program files\VERITAS Software\Update Manager\sgtray.exe
HKLM-Run-WinMX Music App - WINMX.EXE


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.dellnet.com
mDefault_Page_URL = hxxp://www.dellnet.com
mSearch Bar =
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\o6pd0if9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 20:06:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:52,21,b6,4c,aa,d9,08,78,84,ca,9e,82,6e,e1,11,2f,a9,e7,0c,ed,eb,
ce,e4,98,59,28,b7,18,58,a5,f6,bc,5d,aa,f7,b3,62,2d,81,e9,74,c0,40,c6,f2,4f,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:52,21,b6,4c,aa,d9,08,78,84,ca,9e,82,6e,e1,11,2f,a9,e7,0c,ed,eb,
ce,e4,98,59,28,b7,18,58,a5,f6,bc,5d,aa,f7,b3,62,2d,81,e9,74,c0,40,c6,f2,4f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\urqQGwTj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WLTRYSVC.EXE
c:\windows\SYSTEM32\BCMWLTRY.EXE
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\progra~1\Dantz\RETROS~1\wdsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-01-11 20:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 01:32:25

Pre-Run: 467,083,264 bytes free
Post-Run: 605,691,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,2,3,4
474 --- E O F --- 2008-12-19 03:42:25



I hope I did everything right. My computer isn't behaving normally (obviously).

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:03 PM

Posted 12 January 2009 - 05:55 AM

Hello Sspain,

You did fine. :thumbsup:

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/194140/virusmalware-greatly-affecting-performance-vundogen/
Collect::[9]
c:\windows\SYSTEM32\bzlnjb.dll
c:\windows\SYSTEM32\wvUkIATN.dll
c:\windows\SYSTEM32\urqQGwTj.dll
File::
c:\windows\Tasks\dhkdbbup.job
Folder::
c:\documents and settings\Sean\Application Data\cogad
Driver::
aiwf
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqQGwTj]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

ComboFix has generated a zipped file at C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/submit-malware.php?channel=9 :1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic194140
2. In the second window (Browse to the file you want to submit: ) browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button :)
Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 sspain

sspain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 12 January 2009 - 11:42 AM

Alright, I have submitted the file.



ComboFix 09-01-10.03 - Sean 2009-01-12 11:01:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.826 [GMT -5:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
* Resident AV is active


FILE ::
c:\windows\Tasks\dhkdbbup.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Sean\Application Data\cogad
c:\windows\SYSTEM32\bzlnjb.dll
c:\windows\system32\ljJCtssQ.dll
c:\windows\system32\QsstCJjl.ini
c:\windows\system32\QsstCJjl.ini2
c:\windows\SYSTEM32\urqQGwTj.dll
c:\windows\SYSTEM32\wvUkIATN.dll
c:\windows\Tasks\dhkdbbup.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AIWF
-------\Service_aiwf


((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.

2009-01-01 00:53 . 2009-01-01 00:53 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Roxio
2008-12-31 20:35 . 2009-01-12 11:20 256 --a------ c:\windows\SYSTEM32\pool.bin
2008-12-31 20:34 . 2008-12-31 20:34 <DIR> d-------- c:\documents and settings\Sean\Application Data\Research In Motion
2008-12-31 19:53 . 2008-12-31 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sonic
2008-12-31 19:53 . 2008-12-31 19:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-12-31 19:47 . 2008-12-31 19:52 <DIR> d-------- c:\program files\Common Files\Sonic Shared
2008-12-31 19:47 . 2008-12-31 20:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Roxio
2008-12-31 19:39 . 2007-01-18 10:24 26,496 -ra------ c:\windows\SYSTEM32\DRIVERS\RimSerial.sys
2008-12-31 19:37 . 2008-12-31 19:37 <DIR> d-------- c:\program files\Common Files\Research In Motion
2008-12-31 19:37 . 2009-01-11 19:04 <DIR> d-------- c:\program files\BlackBerry
2008-12-25 15:08 . 2008-12-25 15:20 23 --a------ c:\windows\popcinfot.dat
2008-12-25 09:32 . 2008-12-25 09:32 26,482 --a------ C:\Porcupine_Tree_-_Lightbulb_Sun.jpg
2008-12-22 17:42 . 2008-12-22 17:42 1,429,964 --a------ C:\ELECTRIC ARCING.wav
2008-12-22 17:19 . 2008-12-22 17:19 737,150 --a------ C:\Electric Arc 1.wav
2008-12-20 18:48 . 2008-12-20 18:48 556 --a------ c:\windows\eReg.dat
2008-12-20 17:42 . 2008-12-20 17:42 <DIR> d-------- c:\program files\D-Tools
2008-12-20 17:42 . 2004-03-12 22:41 156,800 --a------ c:\windows\SYSTEM32\DRIVERS\d346bus.sys
2008-12-20 17:42 . 2004-03-12 22:41 5,248 --a------ c:\windows\SYSTEM32\DRIVERS\d346prt.sys
2008-12-20 17:25 . 2008-12-20 17:25 643,072 --a------ c:\windows\SYSTEM32\DRIVERS\sptd.sys
2008-12-20 17:25 . 2009-01-12 03:57 96,384 --a------ c:\windows\SYSTEM32\DRIVERS\sptd4125.sys
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Virtools Web Player 3.0
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Viewpoint
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Uru - Ages Beyond Myst Demo
2008-12-20 10:07 . 2008-12-20 10:44 <DIR> d-------- c:\program files\Trillian
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\MTV Networks
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\DNA
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\Call of Duty
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\program files\AVG
2008-12-20 10:07 . 2008-12-20 10:07 <DIR> d-------- c:\documents and settings\Sean\.limewire
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- C:\Sean
2008-12-20 10:06 . 2008-12-20 10:38 <DIR> d-------- c:\program files\IrfanView
2008-12-20 10:06 . 2008-12-20 10:29 <DIR> d-------- c:\program files\Google
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\ewido
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\ConsoleClassix.com
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\Click'N Design 3D (V5)
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\Call of Duty Single Player Demo
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- c:\program files\BitComet
2008-12-20 10:06 . 2008-12-20 10:06 <DIR> d-------- C:\Deckard
2008-12-20 03:40 . 2008-12-20 03:40 <DIR> d-------- c:\program files\Viewpoint(2)
2008-12-20 03:38 . 2008-12-20 03:38 <DIR> d-------- C:\Deckard(2)
2008-12-20 03:37 . 2008-12-20 03:37 <DIR> d-------- c:\program files\Deckard
2008-12-20 03:22 . 2008-12-20 03:22 <DIR> d-------- c:\program files\CyberLink(2)
2008-12-20 03:19 . 2008-12-20 10:06 <DIR> d-------- c:\program files\Paint Shop Pro 7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 23:19 --------- d-----w c:\documents and settings\All Users\Application Data\Retrospect
2009-01-07 18:31 --------- d-----w c:\documents and settings\Sean\Application Data\U3
2009-01-01 05:53 --------- d-----w c:\documents and settings\Sean\Application Data\Roxio
2009-01-01 00:51 --------- d-----w c:\program files\Roxio
2009-01-01 00:49 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-12-25 14:46 --------- d-----w c:\program files\Common Files\Adobe
2008-12-20 23:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-20 15:08 --------- d-----w c:\program files\LucasArts
2008-12-20 15:07 --------- d-----w c:\program files\Jasc Software Inc
2008-12-20 02:55 --------- d-----w c:\program files\Bonjour
2008-12-16 21:41 --------- d-----w c:\program files\DivX
2008-12-10 22:25 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-10 22:25 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-10 22:19 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-12-03 04:10 --------- d-----w c:\program files\iTunes
2008-12-03 04:10 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-03 04:09 --------- d-----w c:\program files\iPod
2008-12-03 04:09 --------- d-----w c:\program files\Common Files\Apple
2008-12-03 04:03 --------- d-----w c:\program files\QuickTime
2008-10-05 00:27 153,152 -c--a-w c:\documents and settings\Sean\Application Data\GDIPFONTCACHEV1.DAT
2008-05-04 04:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-05-04 04:57 54,376 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-05-04 04:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-05-04 04:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-05-04 04:57 172,144 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2003-03-06 90182]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2003-02-25 139347]
"AWMON"="c:\program files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2004-10-12 538112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2005-10-13 69632]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-24 868352]
"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-06-23 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-07-02 151597]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"DeadAIM"="c:\progra~1\AIM\\DeadAIM.ocm" [2003-02-24 266313]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [BU]
"P2P Networking"="c:\windows\System32\P2P Networking\P2P Networking.exe" [BU]
"igywelqanoq"="c:\windows\system32\wcubsj.exe" [BU]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [BU]
"Enh Win Updt"="c:\windows\enhupdt.exe" [BU]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\SYSTEM32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"WinMX Music App"="WINMX.EXE" [BU]

c:\documents and settings\Sean\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2006-11-04 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-05-03 25214]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-23 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Desktop Manager.lnk - c:\program files\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\LightWave [8]\\Programs\\hub.exe"=
"c:\\Program Files\\LightWave [8]\\Programs\\modeler.exe"=
"c:\\Program Files\\Sierra On-Line\\SIGSPat.exe"=
"c:\\Program Files\\Valve\\Steam\\hl.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"c:\\Program Files\\Adobe\\Premiere Pro 1.5\\Adobe Premiere Pro.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\daddio007\\counter-strike source\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"d:\\Program Files\\Call of Duty\\CoDMP.exe"=
"d:\\Program Files\\Call of Duty\\CoDUOMP.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\daddio007\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17919:TCP"= 17919:TCP:BitComet 17919 TCP
"17919:UDP"= 17919:UDP:BitComet 17919 UDP

R0 d346bus;d346bus;c:\windows\SYSTEM32\DRIVERS\d346bus.sys [2008-12-20 156800]
R0 d346prt;d346prt;c:\windows\SYSTEM32\DRIVERS\d346prt.sys [2008-12-20 5248]
R0 sonypvl2;sonypvl2;c:\windows\SYSTEM32\DRIVERS\sonypvl2.sys [2006-05-11 19478]
R1 sonypvf2;sonypvf2;c:\windows\SYSTEM32\DRIVERS\sonypvf2.sys [2006-05-11 634798]
R1 sonypvt2;sonypvt2;c:\windows\SYSTEM32\DRIVERS\sonypvt2.sys [2006-05-11 430670]
S1 sonypvd2;sonypvd2;c:\windows\SYSTEM32\DRIVERS\sonypvd2.sys [2006-05-11 64093]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [2007-01-25 39048]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\SYSTEM32\DRIVERS\inibtmgr.sys [2006-02-11 9728]
S3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\SYSTEM32\DRIVERS\OVCA.sys [2004-01-13 25088]
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E62FEF8C-F1D4-48BA-9706-265B206AA2E1} - c:\windows\system32\ljJCtssQ.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uDefault_Page_URL = hxxp://www.dellnet.com
mDefault_Page_URL = hxxp://www.dellnet.com
mSearch Bar =
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\o6pd0if9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 11:18:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:52,21,b6,4c,aa,d9,08,78,84,ca,9e,82,6e,e1,11,2f,a9,e7,0c,ed,eb,
ce,e4,98,59,28,b7,18,58,a5,f6,bc,5d,aa,f7,b3,62,2d,81,e9,74,c0,40,c6,f2,4f,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\WLTRYSVC.EXE
c:\windows\SYSTEM32\BCMWLTRY.EXE
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\HPZipm12.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\progra~1\Dantz\RETROS~1\wdsvc.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\fxssvc.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
.
**************************************************************************
.
Completion time: 2009-01-12 11:30:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-12 16:30:45
ComboFix2.txt 2009-01-12 01:32:39

Pre-Run: 582,356,992 bytes free
Post-Run: 553,779,200 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=,2,3,4
262 --- E O F --- 2008-12-19 03:42:25




DDS (Ver_09-01-07.01) - NTFSx86
Run by Sean at 11:34:50.54 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.780 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Sean\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
mStart Page = hxxp://www.dellnet.com
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;*.local
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Encarta &Researcher: {9455301c-cf6b-11d3-a266-00c04f689c50} - c:\program files\common files\microsoft shared\encarta researcher\EROProj.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Steam]
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [AWMON] "c:\program files\lavasoft\ad-aware se plus\Ad-Watch.exe"
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DeadAIM] rundll32.exe "c:\progra~1\aim\\DeadAIM.ocm",ExportedCheckODLs
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
mRun: [WinMX Music App] WINMX.EXE
mRun: [igywelqanoq] c:\windows\system32\wcubsj.exe
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~1\mimboot.exe
mRun: [Enh Win Updt] c:\windows\enhupdt.exe
StartupFolder: c:\documents and settings\sean\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~3.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {9455301C-CF6B-11D3-A266-00C04F689C50} - {9455301C-CF6B-11D3-A266-00C04F689C50} - c:\program files\common files\microsoft shared\encarta researcher\EROProj.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: msero - {B0D92A71-886B-453B-A649-1B91F93801E7} - c:\program files\common files\microsoft shared\encarta researcher\msero.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\sean\applic~1\mozilla\firefox\profiles\o6pd0if9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

============= SERVICES / DRIVERS ===============

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [2008-12-20 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [2008-12-20 5248]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2006-5-11 19478]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2006-5-11 634798]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2006-5-11 430670]
R3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2003-3-6 84448]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2003-8-12 106586]
R4 McShield;Network Associates McShield;c:\program files\network associates\virusscan\Mcshield.exe [2003-3-6 233595]
R4 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\VsTskMgr.exe [2003-3-6 127050]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sonypvd2.sys [2006-5-11 64093]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2007-1-25 39048]
S3 inibtmgr;WD Bridge Controller Driver;c:\windows\system32\drivers\inibtmgr.sys [2006-2-11 9728]
S3 QCAbsee;Logitech QuickCam Web (0801);c:\windows\system32\drivers\OVCA.sys [2004-1-13 25088]

=============== Created Last 30 ================

2009-01-11 19:32 <DIR> a-dshr-- C:\cmdcons
2009-01-11 19:23 161,792 a------- c:\windows\SWREG.exe
2009-01-11 19:23 98,816 a------- c:\windows\sed.exe
2008-12-31 20:35 256 a------- c:\windows\system32\pool.bin
2008-12-31 20:34 <DIR> --d----- c:\docume~1\sean\applic~1\Research In Motion
2008-12-31 19:47 <DIR> --d----- c:\program files\common files\Sonic Shared
2008-12-31 19:39 26,496 a----r-- c:\windows\system32\drivers\RimSerial.sys
2008-12-31 19:37 <DIR> --d----- c:\program files\common files\Research In Motion
2008-12-31 19:37 <DIR> --d----- c:\program files\BlackBerry
2008-12-25 15:08 23 a------- c:\windows\popcinfot.dat
2008-12-25 09:32 26,482 a------- C:\Porcupine_Tree_-_Lightbulb_Sun.jpg
2008-12-22 17:42 1,429,964 a------- C:\ELECTRIC ARCING.wav
2008-12-22 17:19 737,150 a------- C:\Electric Arc 1.wav
2008-12-20 18:48 556 a------- c:\windows\eReg.dat
2008-12-20 17:42 156,800 a------- c:\windows\system32\drivers\d346bus.sys
2008-12-20 17:42 5,248 a------- c:\windows\system32\drivers\d346prt.sys
2008-12-20 17:42 <DIR> --d----- c:\program files\D-Tools
2008-12-20 17:25 643,072 a------- c:\windows\system32\drivers\sptd.sys
2008-12-20 17:25 96,384 a------- c:\windows\system32\drivers\sptd4125.sys
2008-12-20 10:07 <DIR> --d----- c:\program files\Uru - Ages Beyond Myst Demo
2008-12-20 10:07 <DIR> --d----- c:\program files\MTV Networks
2008-12-20 10:07 <DIR> --d----- c:\documents and settings\sean\.limewire
2008-12-20 10:07 <DIR> --d----- c:\program files\DNA
2008-12-20 10:07 <DIR> --d----- c:\program files\Call of Duty
2008-12-20 10:07 <DIR> --d----- c:\program files\AVG
2008-12-20 10:07 <DIR> --d----- c:\program files\Virtools Web Player 3.0
2008-12-20 10:07 <DIR> --d----- c:\program files\Viewpoint
2008-12-20 10:06 <DIR> --d----- c:\program files\IrfanView
2008-12-20 10:06 <DIR> --d----- c:\program files\ewido
2008-12-20 10:06 <DIR> --d----- c:\program files\ConsoleClassix.com
2008-12-20 10:06 <DIR> --d----- c:\program files\Click'N Design 3D (V5)
2008-12-20 10:06 <DIR> --d----- c:\program files\Call of Duty Single Player Demo
2008-12-20 10:06 <DIR> --d----- c:\program files\BitComet
2008-12-20 10:06 <DIR> --d----- C:\Sean
2008-12-20 10:06 <DIR> --d----- C:\Deckard
2008-12-20 03:40 <DIR> --d----- c:\program files\Viewpoint(2)
2008-12-20 03:38 <DIR> --d----- C:\Deckard(2)
2008-12-20 03:37 <DIR> --d----- c:\program files\Deckard
2008-12-20 03:22 <DIR> --d----- c:\program files\CyberLink(2)
2008-12-20 03:19 <DIR> --d----- c:\program files\Paint Shop Pro 7

==================== Find3M ====================

2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-10 17:25 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-10 17:25 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 ac------ c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 ac------ c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 ac------ c:\windows\system32\DivXWMPExtType.dll
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-04 19:27 153,152 ac------ c:\docume~1\sean\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 11:35:13.93 ===============



Is there anything else I need to do?

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:03 PM

Posted 13 January 2009 - 03:33 AM

Hello Sspain,

Navigate, using Windows Explorer, to and delete the following folders and files if still present:c:\windows\popcinfot.dat <== file
If you're having problems removing a file/folder, reboot your Computer once again and try to remove it after reboot.

Open Notepad and copy and paste the bold, blue text below in it:
(don't forget to copy and paste REGEDIT4)REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igywelqanoq"=-
"Enh Win Updt"=-

Save this as fix.reg Choose to save as "all files" and place it on your Desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click Yes/OK.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Then, you can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users