To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

 
Reply to Discussion Options
sap1622
NEED HELP ASAP
sap1622
23 Posts
4 Jul 2009, 5:34am

Can't get rid of Nexplore and other popups?!

Hi I've seen other threads about this issue and just wanted to make sure I did this right so created my own question. A few days ago i might have installed a corrupt torrent file for a game and may have had a vrius or malware on my comp. and lately i've been getting these popups when i use interent exploerer. also whenever i use google it get a message that says "QFxZ-CAA" in th euppe rleft hand of a blank page. so I have my hijack this log right here. Plz i need help asap because i use this computer for bussiness. thnak you so much!!


Logfile of HijackThis v1.99.1
Scan saved at 12:31:22 AM, on 7/4/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [pisulitala] Rundll32.exe "C:\ProgramData\tugufapi\tugufapi.dll",s
O4 - HKCU\..\Run: [183758e8] rundll32.exe "C:\ProgramData\dogatidi\dogatidi.dll",b
O4 - HKCU\..\Run: [CPM1b046b74] Rundll32.exe "c:\programdata\zapohugu\zapohugu.dll",a
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - c:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
chiaz
Spyware Mod
chiaz
1,218 Posts
4 Jul 2009, 6:58am
Hey there, welcome.


Please download Malwarebytes' Anti-Malware by clicking the link below:
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

=====================================================================

Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you. It is also available at C:\ComboFix.txt. Please post this later.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

=====================================================================

You are using an outdated version of HijackThis. Please delete your current version (1.99.1) first.

Next download HijackThis version 2.0.2 from here:
http://www.trendsecure.com/portal/en...HiJackThis.zip
and make sure to unzip it to a permanent folder (such as C:\HJT).
Then please run HijackThis, click Scan and Save log, and post the new log here.


What you have to post: Please include the MBAM log, C:\ComboFix.txt as well as a new HijackThis log for further review, so that we may continue cleansing the system. You may have to split them up into 2 posts if it gets too long.
sap1622
NEED HELP ASAP
sap1622
23 Posts
4 Jul 2009, 6:53pm
hi thank you so much for the help. here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:29 PM, on 7/4/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Shivam\AppData\Local\Temp\Rar$EX00.197\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\STacSV.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
--
End of file - 10751 bytes



ComboFix 09-07-04.01 - Shivam 07/04/2009 13:41.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2507 [GMT -4:00]
Running from: c:\users\Shivam\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Shivam\AppData\Roaming\twain_32
c:\users\Shivam\AppData\Roaming\twain_32\local.ds
c:\users\Shivam\AppData\Roaming\twain_32\user.ds
.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.
2009-07-04 17:45 . 2009-07-04 17:45 -------- d-----w- c:\users\Shivam\AppData\Local\temp
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\users\Shivam\AppData\Roaming\Malwarebytes
2009-07-04 17:24 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 17:24 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-04 17:18 . 2009-07-04 17:32 -------- d-----w- c:\programdata\fulemege
2009-07-04 17:18 . 2009-07-04 17:18 -------- d-----w- c:\programdata\livukafa
2009-07-03 20:15 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-03 20:15 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-03 20:15 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-03 20:15 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-03 20:15 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-03 20:15 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-03 20:15 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-03 18:24 . 2009-07-03 18:24 -------- d-----w- c:\program files\AVG
2009-07-03 18:06 . 2009-07-04 17:32 -------- d-----w- c:\programdata\dogatidi
2009-07-03 18:06 . 2009-07-03 18:06 -------- d-----w- c:\programdata\rakowiti
2009-07-03 05:17 . 2009-07-03 06:10 -------- d-----w- c:\programdata\vonomona
2009-07-03 05:17 . 2009-07-03 05:17 -------- d-----w- c:\programdata\zapohugu
2009-07-02 21:34 . 2009-07-02 21:35 558 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 21:34 . 2009-07-02 21:34 -------- d-----w- c:\users\Shivam\AppData\Local\Downloaded Installations
2009-07-02 20:55 . 2009-07-02 20:55 -------- d-----w- c:\users\Shivam\AppData\Roaming\Leadertech
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\program files\Alwil Software
2009-07-02 17:17 . 2009-07-03 18:42 -------- d-----w- c:\programdata\gosijado
2009-07-02 17:17 . 2009-07-02 17:17 -------- d-----w- c:\programdata\mivadulu
2009-07-02 00:54 . 2009-07-02 00:54 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-07-01 17:41 . 2009-07-03 18:42 -------- d-----w- c:\programdata\feyumaze
2009-07-01 17:41 . 2009-07-03 18:42 -------- d-----w- c:\programdata\buzalevu
2009-07-01 01:08 . 2008-03-11 06:44 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-07-01 01:08 . 2008-06-26 11:10 380928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-07-01 01:08 . 2008-06-26 11:10 678912 ----a-w- c:\windows\system32\stapo.dll
2009-07-01 01:08 . 2008-06-26 11:10 344576 ----a-w- c:\windows\system32\stcplx.dll
2009-07-01 01:08 . 2008-06-26 11:10 405504 ----a-w- c:\windows\system32\stapi32.dll
2009-07-01 01:08 . 2008-06-26 11:09 173568 ----a-w- c:\windows\system32\st326017.dll
2009-07-01 01:08 . 2008-03-13 11:45 548352 ----a-w- c:\windows\system32\drivers\ATSwpWDF.sys
2009-07-01 01:06 . 2009-07-01 01:06 -------- d-----w- c:\windows\system32\OEM
2009-07-01 00:38 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-01 00:27 . 2009-07-01 00:27 -------- d-----w- c:\windows\PCHEALTH
2009-07-01 00:17 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-01 00:17 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-01 00:17 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-01 00:17 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-01 00:17 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-01 00:16 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-01 00:16 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-01 00:10 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-01 00:10 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-01 00:10 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-01 00:10 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-01 00:10 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-01 00:08 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-01 00:08 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 23:50 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-30 23:49 . 2009-06-30 23:49 -------- d-----w- c:\users\Shivam\AppData\Local\Deployment
2009-06-30 23:49 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-06-30 23:49 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2009-06-30 23:49 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2009-06-30 23:49 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2009-06-30 23:49 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2009-06-30 23:49 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-06-30 23:49 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2009-06-30 23:49 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-30 23:49 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-06-30 23:49 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-06-30 23:48 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-30 23:48 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-30 23:48 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-30 23:48 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-30 23:48 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-06-30 23:48 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-06-30 23:48 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-06-30 23:48 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-06-30 23:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-06-30 23:44 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-30 23:44 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-06-30 23:44 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-06-30 23:44 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-06-30 23:43 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-30 23:42 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-30 23:42 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-06-30 23:42 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-30 23:42 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-06-30 23:42 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-30 23:42 . 2008-04-10 05:12 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-06-30 23:39 . 2008-04-26 08:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-06-30 23:35 . 2009-07-04 17:32 -------- d-----w- c:\programdata\tugufapi
2009-06-30 23:35 . 2009-06-30 23:35 -------- d-----w- c:\programdata\lotoyeyo
2009-06-30 23:35 . 2009-06-30 23:35 -------- d-----w- c:\programdata\kuweyohi
2009-06-30 23:34 . 2009-06-30 23:34 -------- d-----w- c:\programdata\gugojamu
2009-06-30 23:34 . 2009-07-03 18:42 -------- d-----w- c:\programdata\gowajiwe
2009-06-30 23:34 . 2009-06-30 23:34 -------- d-----w- c:\programdata\relereni
2009-06-30 23:23 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-06-30 23:20 . 2009-07-01 00:58 70176 ----a-w- c:\users\Shivam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-30 23:15 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-30 23:15 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-30 23:15 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-30 23:15 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-30 23:14 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-30 23:14 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-30 23:14 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-30 23:13 . 2008-10-16 18:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-30 23:13 . 2008-10-16 17:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-30 23:11 . 2009-06-30 23:33 -------- d-----w- c:\windows\Debug
2009-06-30 21:42 . 2009-06-30 21:42 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 21:18 . 2009-06-30 21:18 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\IDT
2009-06-30 21:18 . 2008-06-26 11:09 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-06-30 21:18 . 2008-06-26 11:09 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-06-30 21:18 . 2008-06-26 11:09 372736 ----a-w- c:\windows\system32\aestecap.dll
2009-06-30 21:18 . 2008-06-26 11:09 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-06-30 21:18 . 2008-06-26 11:09 133632 ----a-w- c:\windows\system32\aestacap.dll
2009-06-30 21:18 . 2008-06-26 11:10 2473984 ----a-w- c:\windows\system32\stlang.dll
2009-06-30 21:18 . 2008-06-26 11:09 516096 ----a-w- c:\windows\system32\idtmini1.exe
2009-06-30 21:18 . 2008-06-26 11:09 73728 ----a-w- c:\windows\system32\AESTCom.dll
2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\DellTPad
2009-06-30 17:54 . 2009-07-03 22:12 -------- d-----w- c:\users\Public\SHIVAM-LAPTOP
2009-06-30 17:48 . 2009-06-30 17:48 528 ----a-r- c:\users\Public\MediaID.bin
2009-06-30 17:05 . 2009-07-03 18:42 -------- d-----w- c:\programdata\bazoveza
2009-06-30 17:05 . 2009-06-30 21:25 -------- d-----w- c:\programdata\tayanage
2009-06-30 17:05 . 2009-06-30 21:25 -------- d-----w- c:\programdata\kivumolo
2009-06-30 02:34 . 2009-07-03 18:42 -------- d-----w- c:\programdata\mujuyizi
2009-06-30 02:34 . 2009-07-03 18:42 -------- d-----w- c:\programdata\juguteto
2009-06-30 02:29 . 2009-07-03 18:42 -------- d-----w- c:\programdata\yiyigini
2009-06-30 02:29 . 2009-07-03 18:42 -------- d-----w- c:\programdata\venaroyu
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 17:18 . 2009-04-04 17:18 79360 --sha-w- c:\programdata\livukafa\livukafa.dll
2009-07-03 18:06 . 2009-04-03 18:06 84480 --sha-w- c:\programdata\rakowiti\rakowiti.dll
2009-07-03 05:18 . 2009-04-03 05:17 83456 --sha-w- c:\programdata\zapohugu\zapohugu.dll
2009-07-03 05:18 . 2009-04-03 05:17 79360 --sha-w- c:\programdata\vonomona\vonomona.dll
2009-07-02 17:17 . 2009-04-02 17:17 83456 --sha-w- c:\programdata\mivadulu\mivadulu.dll
2009-07-02 00:55 . 2008-07-28 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 00:35 . 2008-08-06 22:12 -------- d-----w- c:\program files\PowerISO
2009-07-01 00:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-01 00:29 . 2008-09-22 22:19 -------- d-----w- c:\programdata\Microsoft Help
2009-06-30 23:35 . 2009-03-30 23:34 48640 --sha-w- c:\programdata\gugojamu\gugojamu.dll
2009-06-30 23:34 . 2009-03-30 23:34 82944 --sha-w- c:\programdata\relereni\relereni.dll
2009-06-30 21:25 . 2009-05-21 17:49 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-30 21:24 . 2008-07-28 16:00 -------- d-----w- c:\program files\McAfee.com
2009-06-30 21:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-30 21:24 . 2008-07-28 16:00 -------- d-----w- c:\program files\McAfee
2009-06-30 21:24 . 2009-05-20 23:40 -------- d-----w- c:\program files\Leaf Networks
2009-06-30 21:24 . 2008-07-28 15:44 -------- d-----w- c:\program files\Java
2009-06-30 21:22 . 2008-07-28 15:48 -------- d-----w- c:\program files\Creative
2009-06-30 21:19 . 2009-06-30 21:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01005.Wdf
2009-06-30 21:18 . 2009-06-30 21:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-06-30 17:27 . 2008-07-28 15:58 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-30 17:05 . 2009-03-30 17:05 83968 --sha-w- c:\programdata\tayanage\tayanage.dll
2009-06-17 21:17 . 2008-08-06 22:22 -------- d-----w- c:\programdata\Roxio
2009-06-13 19:05 . 2008-08-03 18:06 -------- d-----w- c:\programdata\Viewpoint
2009-06-01 05:03 . 2008-10-05 01:46 -------- d-----w- c:\program files\EA GAMES
2009-05-19 05:36 . 2009-06-13 19:04 97072 ----a-w- c:\programdata\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-13 19:04 2884832 ----a-w- c:\programdata\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-13 19:04 28 ----a-w- c:\programdata\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-13 19:04 25 ----a-w- c:\programdata\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-13 19:04 1484856 ----a-w- c:\programdata\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-13 19:04 142040 ----a-w- c:\programdata\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-13 19:04 30512 ----a-w- c:\programdata\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-13 19:04 111920 ----a-w- c:\programdata\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-16 17:56 . 2009-05-16 17:56 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2008-07-28 16:05 . 2008-07-28 16:05 74 --sha-r- c:\windows\CT4CET.bin
2008-07-28 18:26 . 2008-07-28 18:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-26 699456]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
c:\users\Shivam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2CF4301-545E-4E68-97C3-451C07585F8E}"= TCP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{A101863B-C409-4BCE-95A9-1642C21ED13C}"= UDP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{B0E6C0BF-561C-4725-82B5-10324C83A37C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0AF08C2E-1363-4A3B-B91B-B8C2E939355B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AD199216-3337-48BA-8066-8E9AF6ADE256}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7733CE41-4391-4102-9AF8-1A04765DB008}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B50F9EC9-E962-4212-9C88-94E95F3426A9}"= TCP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{F5DD85B9-FF8F-4EC7-87D8-7D75C60EE31B}"= UDP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{9A271FE6-DEC2-404D-81FA-3529CBC74C83}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0F1E4289-3C71-4723-893F-36AE33D11174}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{64A0CA4A-FD0D-474D-8276-069EB8946020}"= TCP:c:\windows\System32\dlcccoms.exeell 924 Server
"{F5F7056E-0CFE-4C06-8501-7159464B0510}"= UDP:c:\windows\System32\dlcccoms.exeell 924 Server
"{74013302-1DD7-43E2-B341-42D1B6D7DA0E}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{201767FF-17B4-4219-A8CC-0089A57DF642}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{5FC61111-5B42-4A8D-A54D-9D7F5F5F1913}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77B51D44-E4CB-42E6-8EDD-A15179BDCDD5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2C98F2A-3BDF-4AD0-AD37-9B8E85866BAE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{33C1ABEA-E129-46B6-9510-202EC800FF4F}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{569C3927-709F-425D-BC56-6BB97B5D6D8D}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{ED60CA2B-4CB4-4955-9CF1-3A0318099988}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BAAB1350-A9CE-44C2-BA5D-11A27A6A5FB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{163BA861-094B-4C23-BC66-5BB0284A1CB1}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{D2E49453-0A7B-47D2-8652-D50BB4A4E6F4}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{DDE4F5EC-9622-4525-AF62-821E103ECCF6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{2D6E79BD-E547-4D20-87D4-60BFD6BC9AB0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{DDE2C75C-BFAE-42DA-A0E7-D6DAEC5B4376}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{32A979D2-1ECE-4154-807C-256C39C5ADCF}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{4BB5A887-52E6-4826-80D4-5587125AD77B}"= c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{A897B2F9-2892-445A-8910-9D062723DE92}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{A0DC2E4C-A878-4240-B5C6-F3817D47C3D5}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [6/30/2009 9:08 PM 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 5:37 AM 1053944]
R2 DockLoginServiceock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 5:56 PM 161048]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2008 2:06 PM 24652]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [6/30/2009 9:08 PM 548352]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [6/30/2009 9:09 PM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [6/30/2009 9:09 PM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [6/30/2009 9:09 PM 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [6/30/2009 9:09 PM 277624]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-28 18:32]
2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-28 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 13:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-07-04 13:47
ComboFix-quarantined-files.txt 2009-07-04 17:46
Pre-Run: 208,550,281,216 bytes free
Post-Run: 208,705,069,056 bytes free
301 --- E O F --- 2009-07-01 04:40


Malwarebytes' Anti-Malware 1.38
Database version: 2373
Windows 6.0.6001 Service Pack 1
7/4/2009 1:30:52 PM
mbam-log-2009-07-04 (13-30-52).txt
Scan type: Quick Scan
Objects scanned: 86567
Time elapsed: 4 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1b046b74 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pisulitala (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\183758e8 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\ProgramData\fulemege\fulemege.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\tugufapi\tugufapi.dll (Trojan.Agent) -> Delete on reboot.
C:\ProgramData\dogatidi\dogatidi.dll (Trojan.Agent) -> Delete on reboot.
chiaz
Spyware Mod
chiaz
1,218 Posts
5 Jul 2009, 1:26am
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\programdata\fulemege
c:\programdata\livukafa
c:\programdata\dogatidi
c:\programdata\rakowiti
c:\programdata\vonomona
c:\programdata\zapohugu
c:\programdata\gosijado
c:\programdata\mivadulu
c:\programdata\feyumaze
c:\programdata\buzalevu
c:\programdata\tugufapi
c:\programdata\lotoyeyo
c:\programdata\kuweyohi
c:\programdata\gugojamu
c:\programdata\gowajiwe
c:\programdata\relereni
c:\programdata\bazoveza
c:\programdata\tayanage
c:\programdata\kivumolo
c:\programdata\mujuyizi
c:\programdata\juguteto
c:\programdata\yiyigini
c:\programdata\venaroyu
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*
sap1622
NEED HELP ASAP
sap1622
23 Posts
5 Jul 2009, 1:45am
ComboFix 09-07-04.04 - Shivam 07/04/2009 20:39.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2387 [GMT -4:00]
Running from: c:\users\Shivam\Desktop\ComboFix.exe
Command switches used :: c:\users\Shivam\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.
2009-07-05 00:41 . 2009-07-05 00:41 -------- d-----w- c:\users\Shivam\AppData\Local\temp
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\users\Shivam\AppData\Roaming\Malwarebytes
2009-07-04 17:24 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 17:24 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 20:15 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-03 20:15 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-03 20:15 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-03 20:15 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-03 20:15 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-03 20:15 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-03 20:15 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-03 18:24 . 2009-07-03 18:24 -------- d-----w- c:\program files\AVG
2009-07-02 21:34 . 2009-07-02 21:35 558 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 21:34 . 2009-07-02 21:34 -------- d-----w- c:\users\Shivam\AppData\Local\Downloaded Installations
2009-07-02 20:55 . 2009-07-02 20:55 -------- d-----w- c:\users\Shivam\AppData\Roaming\Leadertech
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\program files\Alwil Software
2009-07-02 00:54 . 2009-07-02 00:54 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-07-01 01:09 . 2009-06-30 21:50 -------- d-----w- c:\windows\Panther
2009-07-01 01:08 . 2008-03-11 06:44 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-07-01 01:08 . 2008-06-26 11:10 380928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-07-01 01:08 . 2008-06-26 11:10 678912 ----a-w- c:\windows\system32\stapo.dll
2009-07-01 01:08 . 2008-06-26 11:10 344576 ----a-w- c:\windows\system32\stcplx.dll
2009-07-01 01:08 . 2008-06-26 11:10 405504 ----a-w- c:\windows\system32\stapi32.dll
2009-07-01 01:08 . 2008-06-26 11:09 173568 ----a-w- c:\windows\system32\st326017.dll
2009-07-01 01:08 . 2008-03-13 11:45 548352 ----a-w- c:\windows\system32\drivers\ATSwpWDF.sys
2009-07-01 01:06 . 2009-07-01 01:06 -------- d-----w- c:\windows\system32\OEM
2009-07-01 00:38 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-01 00:27 . 2009-07-01 00:27 -------- d-----w- c:\windows\PCHEALTH
2009-07-01 00:17 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-01 00:17 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-01 00:17 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-01 00:17 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-01 00:17 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-01 00:16 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-01 00:16 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-01 00:10 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-01 00:10 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-01 00:10 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-01 00:10 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-01 00:10 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-01 00:08 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-01 00:08 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 23:50 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-30 23:49 . 2009-06-30 23:49 -------- d-----w- c:\users\Shivam\AppData\Local\Deployment
2009-06-30 23:49 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-06-30 23:49 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2009-06-30 23:49 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2009-06-30 23:49 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2009-06-30 23:49 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2009-06-30 23:49 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-06-30 23:49 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2009-06-30 23:49 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-30 23:49 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-06-30 23:49 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-06-30 23:48 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-30 23:48 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-30 23:48 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-30 23:48 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-30 23:48 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-06-30 23:48 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-06-30 23:48 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-06-30 23:48 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-06-30 23:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-06-30 23:44 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-30 23:44 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-06-30 23:44 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-06-30 23:44 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-06-30 23:43 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-30 23:42 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-30 23:42 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-06-30 23:42 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-30 23:42 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-06-30 23:42 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-30 23:42 . 2008-04-10 05:12 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-06-30 23:39 . 2008-04-26 08:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-06-30 23:23 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-06-30 23:20 . 2009-07-01 00:58 70176 ----a-w- c:\users\Shivam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-30 23:15 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-30 23:15 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-30 23:15 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-30 23:15 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-30 23:14 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-30 23:14 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-30 23:14 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-30 23:13 . 2008-10-16 18:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-30 23:13 . 2008-10-16 17:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-30 23:11 . 2009-06-30 23:33 -------- d-----w- c:\windows\Debug
2009-06-30 21:42 . 2009-06-30 21:42 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 21:18 . 2009-06-30 21:18 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\IDT
2009-06-30 21:18 . 2008-06-26 11:09 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-06-30 21:18 . 2008-06-26 11:09 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-06-30 21:18 . 2008-06-26 11:09 372736 ----a-w- c:\windows\system32\aestecap.dll
2009-06-30 21:18 . 2008-06-26 11:09 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-06-30 21:18 . 2008-06-26 11:09 133632 ----a-w- c:\windows\system32\aestacap.dll
2009-06-30 21:18 . 2008-06-26 11:10 2473984 ----a-w- c:\windows\system32\stlang.dll
2009-06-30 21:18 . 2008-06-26 11:09 516096 ----a-w- c:\windows\system32\idtmini1.exe
2009-06-30 21:18 . 2008-06-26 11:09 73728 ----a-w- c:\windows\system32\AESTCom.dll
2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\DellTPad
2009-06-30 17:54 . 2009-07-03 22:12 -------- d-----w- c:\users\Public\SHIVAM-LAPTOP
2009-06-30 17:48 . 2009-06-30 17:48 528 ----a-r- c:\users\Public\MediaID.bin
2009-06-30 02:29 . 2009-06-30 23:35 -------- d-----w- c:\programdata\fidamufa
2009-06-30 00:56 . 2009-07-02 19:02 -------- d-sh--w- c:\users\Shivam\AppData\Roaming\lowsec
2009-06-29 23:41 . 2009-06-30 21:25 -------- d-----w- c:\programdata\Azureus
2009-06-29 23:41 . 2009-06-30 21:34 -------- d-----w- c:\users\Shivam\AppData\Roaming\Azureus
2009-06-28 00:12 . 2009-06-28 00:12 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-17 21:17 . 2009-06-30 21:33 -------- d-----w- c:\users\Shivam\AppData\Local\MicroVision Applications
2009-06-13 16:59 . 2009-06-13 16:59 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA0B3.tmp.exe
2009-06-11 16:58 . 2009-06-30 21:23 -------- d-----w- c:\program files\iPod
2009-06-11 16:58 . 2009-06-30 21:24 -------- d-----w- c:\program files\iTunes
2009-06-11 16:56 . 2009-06-30 21:25 -------- d-----w- c:\program files\QuickTime
2009-06-11 16:51 . 2009-06-11 16:51 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-11 16:34 . 2009-06-11 16:34 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB4B0.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 00:55 . 2008-07-28 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 00:35 . 2008-08-06 22:12 -------- d-----w- c:\program files\PowerISO
2009-07-01 00:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-01 00:29 . 2008-09-22 22:19 -------- d-----w- c:\programdata\Microsoft Help
2009-06-30 21:25 . 2009-05-21 17:49 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-30 21:24 . 2008-07-28 16:00 -------- d-----w- c:\program files\McAfee.com
2009-06-30 21:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-30 21:24 . 2008-07-28 16:00 -------- d-----w- c:\program files\McAfee
2009-06-30 21:24 . 2009-05-20 23:40 -------- d-----w- c:\program files\Leaf Networks
2009-06-30 21:24 . 2008-07-28 15:44 -------- d-----w- c:\program files\Java
2009-06-30 21:22 . 2008-07-28 15:48 -------- d-----w- c:\program files\Creative
2009-06-30 21:19 . 2009-06-30 21:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01005.Wdf
2009-06-30 21:18 . 2009-06-30 21:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-06-30 17:27 . 2008-07-28 15:58 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-17 21:17 . 2008-08-06 22:22 -------- d-----w- c:\programdata\Roxio
2009-06-13 19:05 . 2008-08-03 18:06 -------- d-----w- c:\programdata\Viewpoint
2009-06-01 05:03 . 2008-10-05 01:46 -------- d-----w- c:\program files\EA GAMES
2009-05-19 05:36 . 2009-06-13 19:04 97072 ----a-w- c:\programdata\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-13 19:04 2884832 ----a-w- c:\programdata\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-13 19:04 28 ----a-w- c:\programdata\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-13 19:04 25 ----a-w- c:\programdata\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-13 19:04 1484856 ----a-w- c:\programdata\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-13 19:04 142040 ----a-w- c:\programdata\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-13 19:04 30512 ----a-w- c:\programdata\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-13 19:04 111920 ----a-w- c:\programdata\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-16 17:56 . 2009-05-16 17:56 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2008-07-28 16:05 . 2008-07-28 16:05 74 --sha-r- c:\windows\CT4CET.bin
2008-07-28 18:26 . 2008-07-28 18:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-04_17.45.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-30 21:20 . 2009-07-04 17:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-30 21:20 . 2009-07-04 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-30 21:20 . 2009-07-04 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-30 21:20 . 2009-07-04 17:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-30 21:20 . 2009-07-04 23:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-30 21:20 . 2009-07-04 17:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-01 18:27 . 2009-07-04 22:59 191988 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-26 699456]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
c:\users\Shivam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2CF4301-545E-4E68-97C3-451C07585F8E}"= TCP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{A101863B-C409-4BCE-95A9-1642C21ED13C}"= UDP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{B0E6C0BF-561C-4725-82B5-10324C83A37C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0AF08C2E-1363-4A3B-B91B-B8C2E939355B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AD199216-3337-48BA-8066-8E9AF6ADE256}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7733CE41-4391-4102-9AF8-1A04765DB008}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B50F9EC9-E962-4212-9C88-94E95F3426A9}"= TCP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{F5DD85B9-FF8F-4EC7-87D8-7D75C60EE31B}"= UDP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{9A271FE6-DEC2-404D-81FA-3529CBC74C83}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0F1E4289-3C71-4723-893F-36AE33D11174}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{64A0CA4A-FD0D-474D-8276-069EB8946020}"= TCP:c:\windows\System32\dlcccoms.exeell 924 Server
"{F5F7056E-0CFE-4C06-8501-7159464B0510}"= UDP:c:\windows\System32\dlcccoms.exeell 924 Server
"{74013302-1DD7-43E2-B341-42D1B6D7DA0E}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{201767FF-17B4-4219-A8CC-0089A57DF642}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{5FC61111-5B42-4A8D-A54D-9D7F5F5F1913}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77B51D44-E4CB-42E6-8EDD-A15179BDCDD5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2C98F2A-3BDF-4AD0-AD37-9B8E85866BAE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{33C1ABEA-E129-46B6-9510-202EC800FF4F}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{569C3927-709F-425D-BC56-6BB97B5D6D8D}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{ED60CA2B-4CB4-4955-9CF1-3A0318099988}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BAAB1350-A9CE-44C2-BA5D-11A27A6A5FB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{163BA861-094B-4C23-BC66-5BB0284A1CB1}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{D2E49453-0A7B-47D2-8652-D50BB4A4E6F4}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{DDE4F5EC-9622-4525-AF62-821E103ECCF6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{2D6E79BD-E547-4D20-87D4-60BFD6BC9AB0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{DDE2C75C-BFAE-42DA-A0E7-D6DAEC5B4376}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{32A979D2-1ECE-4154-807C-256C39C5ADCF}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{4BB5A887-52E6-4826-80D4-5587125AD77B}"= c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{A897B2F9-2892-445A-8910-9D062723DE92}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{A0DC2E4C-A878-4240-B5C6-F3817D47C3D5}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [6/30/2009 9:08 PM 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 5:37 AM 1053944]
R2 DockLoginServiceock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 5:56 PM 161048]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2008 2:06 PM 24652]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [6/30/2009 9:08 PM 548352]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [6/30/2009 9:09 PM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [6/30/2009 9:09 PM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [6/30/2009 9:09 PM 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [6/30/2009 9:09 PM 277624]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-28 18:32]
2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-28 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 20:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
- - - - - - - > 'Explorer.exe'(4256)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-07-05 20:42
ComboFix-quarantined-files.txt 2009-07-05 00:42
ComboFix2.txt 2009-07-05 00:35
ComboFix3.txt 2009-07-04 17:47
Pre-Run: 208,830,181,376 bytes free
Post-Run: 208,072,429,568 bytes free
292 --- E O F --- 2009-07-01 04:40
chiaz
Spyware Mod
chiaz
1,218 Posts
5 Jul 2009, 1:52am
You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
  • Viewpoint Experience Technology

If you are having trouble removing Viewpoint, I suggest that you use ViewpointKiller. You may download it from this link.

Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and select File > Do All Killings. Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. A logfile will be created in the folder you unzipped ViewpointKiller to, please paste the contents here.

=================================================================

Next please delete CFScript.txt from your desktop, as well as C:\ComboFix.txt first.

Then open *notepad* again, and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\programdata\fidamufa
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please, as well as the ViewPoint log if you ran the tool.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*
sap1622
NEED HELP ASAP
sap1622
23 Posts
5 Jul 2009, 3:37am
ComboFix 09-07-04.04 - Shivam 07/04/2009 22:31.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2363 [GMT -4:00]
Running from: c:\users\Shivam\Desktop\ComboFix.exe
Command switches used :: c:\users\Shivam\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\fidamufa
c:\programdata\fidamufa\fidamufa.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.
2009-07-05 02:33 . 2009-07-05 02:33 -------- d-----w- c:\users\Shivam\AppData\Local\temp
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\users\Shivam\AppData\Roaming\Malwarebytes
2009-07-04 17:24 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 17:24 . 2009-07-04 17:24 -------- d-----w- c:\programdata\Malwarebytes
2009-07-04 17:24 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 20:15 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-07-03 20:15 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-07-03 20:15 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-07-03 20:15 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-07-03 20:15 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-07-03 20:15 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-07-03 20:15 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-07-03 18:24 . 2009-07-03 18:24 -------- d-----w- c:\program files\AVG
2009-07-02 21:34 . 2009-07-02 21:35 558 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-02 21:34 . 2009-07-02 21:34 -------- d-----w- c:\users\Shivam\AppData\Local\Downloaded Installations
2009-07-02 20:55 . 2009-07-02 20:55 -------- d-----w- c:\users\Shivam\AppData\Roaming\Leadertech
2009-07-02 17:51 . 2009-07-02 17:51 -------- d-----w- c:\program files\Alwil Software
2009-07-02 00:54 . 2009-07-02 00:54 -------- d-----w- c:\program files\Common Files\Microsoft Games
2009-07-01 01:09 . 2009-06-30 21:50 -------- d-----w- c:\windows\Panther
2009-07-01 01:08 . 2008-03-11 06:44 305176 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-07-01 01:08 . 2008-06-26 11:10 380928 ----a-w- c:\windows\system32\drivers\stwrt.sys
2009-07-01 01:08 . 2008-06-26 11:10 678912 ----a-w- c:\windows\system32\stapo.dll
2009-07-01 01:08 . 2008-06-26 11:10 344576 ----a-w- c:\windows\system32\stcplx.dll
2009-07-01 01:08 . 2008-06-26 11:10 405504 ----a-w- c:\windows\system32\stapi32.dll
2009-07-01 01:08 . 2008-06-26 11:09 173568 ----a-w- c:\windows\system32\st326017.dll
2009-07-01 01:08 . 2008-03-13 11:45 548352 ----a-w- c:\windows\system32\drivers\ATSwpWDF.sys
2009-07-01 01:06 . 2009-07-01 01:06 -------- d-----w- c:\windows\system32\OEM
2009-07-01 00:38 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-01 00:27 . 2009-07-01 00:27 -------- d-----w- c:\windows\PCHEALTH
2009-07-01 00:17 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-01 00:17 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-01 00:17 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-01 00:17 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-01 00:17 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-01 00:16 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-01 00:16 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-01 00:10 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-01 00:10 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-01 00:10 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-01 00:10 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-01 00:10 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-01 00:08 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-01 00:08 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 23:50 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-06-30 23:49 . 2009-06-30 23:49 -------- d-----w- c:\users\Shivam\AppData\Local\Deployment
2009-06-30 23:49 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-06-30 23:49 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2009-06-30 23:49 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2009-06-30 23:49 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2009-06-30 23:49 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2009-06-30 23:49 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-06-30 23:49 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2009-06-30 23:49 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-06-30 23:49 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-06-30 23:49 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-06-30 23:48 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-30 23:48 . 2008-08-27 01:05 212480 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-30 23:48 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-06-30 23:48 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-06-30 23:48 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-06-30 23:48 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-06-30 23:48 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-06-30 23:48 . 2008-09-05 05:14 1191936 ----a-w- c:\windows\system32\msxml3.dll
2009-06-30 23:46 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-06-30 23:44 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-30 23:44 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-06-30 23:44 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-06-30 23:44 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-06-30 23:43 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-06-30 23:42 . 2009-02-13 08:49 1255936 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-30 23:42 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-06-30 23:42 . 2009-02-13 08:49 72704 ----a-w- c:\windows\system32\secur32.dll
2009-06-30 23:42 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2009-06-30 23:42 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-30 23:42 . 2008-04-10 05:12 738304 ----a-w- c:\windows\system32\inetcomm.dll
2009-06-30 23:39 . 2008-04-26 08:08 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-06-30 23:23 . 2008-09-10 03:40 1334272 ----a-w- c:\windows\system32\msxml6.dll
2009-06-30 23:20 . 2009-07-01 00:58 70176 ----a-w- c:\users\Shivam\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-30 23:15 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-06-30 23:15 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-06-30 23:15 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-06-30 23:15 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-06-30 23:14 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-06-30 23:14 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-06-30 23:14 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-06-30 23:13 . 2008-10-16 18:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-06-30 23:13 . 2008-10-16 17:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-06-30 23:11 . 2009-06-30 23:33 -------- d-----w- c:\windows\Debug
2009-06-30 21:42 . 2009-06-30 21:42 21316 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-30 21:18 . 2009-06-30 21:18 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\IDT
2009-06-30 21:18 . 2008-06-26 11:09 45568 ----a-w- c:\windows\system32\ctppld.dll
2009-06-30 21:18 . 2008-06-26 11:09 492544 ----a-w- c:\windows\system32\ctapo32.dll
2009-06-30 21:18 . 2008-06-26 11:09 372736 ----a-w- c:\windows\system32\aestecap.dll
2009-06-30 21:18 . 2008-06-26 11:09 53248 ----a-w- c:\windows\system32\aestaren.dll
2009-06-30 21:18 . 2008-06-26 11:09 133632 ----a-w- c:\windows\system32\aestacap.dll
2009-06-30 21:18 . 2008-06-26 11:10 2473984 ----a-w- c:\windows\system32\stlang.dll
2009-06-30 21:18 . 2008-06-26 11:09 516096 ----a-w- c:\windows\system32\idtmini1.exe
2009-06-30 21:18 . 2008-06-26 11:09 73728 ----a-w- c:\windows\system32\AESTCom.dll
2009-06-30 21:18 . 2009-06-30 21:18 -------- d-----w- c:\program files\DellTPad
2009-06-30 17:54 . 2009-07-03 22:12 -------- d-----w- c:\users\Public\SHIVAM-LAPTOP
2009-06-30 17:48 . 2009-06-30 17:48 528 ----a-r- c:\users\Public\MediaID.bin
2009-06-30 00:56 . 2009-07-02 19:02 -------- d-sh--w- c:\users\Shivam\AppData\Roaming\lowsec
2009-06-29 23:41 . 2009-06-30 21:25 -------- d-----w- c:\programdata\Azureus
2009-06-29 23:41 . 2009-06-30 21:34 -------- d-----w- c:\users\Shivam\AppData\Roaming\Azureus
2009-06-28 00:12 . 2009-06-28 00:12 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-17 21:17 . 2009-06-30 21:33 -------- d-----w- c:\users\Shivam\AppData\Local\MicroVision Applications
2009-06-13 16:59 . 2009-06-13 16:59 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA0B3.tmp.exe
2009-06-11 16:58 . 2009-06-30 21:23 -------- d-----w- c:\program files\iPod
2009-06-11 16:58 . 2009-06-30 21:24 -------- d-----w- c:\program files\iTunes
2009-06-11 16:56 . 2009-06-30 21:25 -------- d-----w- c:\program files\QuickTime
2009-06-11 16:51 . 2009-06-11 16:51 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-11 16:34 . 2009-06-11 16:34 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB4B0.tmp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 02:28 . 2008-08-03 18:06 -------- d-----w- c:\programdata\Viewpoint
2009-07-02 00:55 . 2008-07-28 15:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 00:35 . 2008-08-06 22:12 -------- d-----w- c:\program files\PowerISO
2009-07-01 00:49 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-01 00:29 . 2008-09-22 22:19 -------- d-----w- c:\programdata\Microsoft Help
2009-06-30 21:25 . 2009-05-21 17:49 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-30 21:24 . 2008-07-28 16:00 -------- d-----w- c:\program files\McAfee.com
2009-06-30 21:24 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-06-30 21:24 . 2008-07-28 16:00 -------- d-----w- c:\program files\McAfee
2009-06-30 21:24 . 2009-05-20 23:40 -------- d-----w- c:\program files\Leaf Networks
2009-06-30 21:24 . 2008-07-28 15:44 -------- d-----w- c:\program files\Java
2009-06-30 21:22 . 2008-07-28 15:48 -------- d-----w- c:\program files\Creative
2009-06-30 21:19 . 2009-06-30 21:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ATSwpWDF_01005.Wdf
2009-06-30 21:18 . 2009-06-30 21:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2009-06-30 17:27 . 2008-07-28 15:58 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-17 21:17 . 2008-08-06 22:22 -------- d-----w- c:\programdata\Roxio
2009-06-01 05:03 . 2008-10-05 01:46 -------- d-----w- c:\program files\EA GAMES
2009-05-19 05:36 . 2009-06-13 19:04 97072 ----a-w- c:\programdata\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 05:36 . 2009-06-13 19:04 2884832 ----a-w- c:\programdata\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 05:36 . 2009-06-13 19:04 28 ----a-w- c:\programdata\AOL Downloads\SUD4426\unregister.bat
2009-05-19 05:36 . 2009-06-13 19:04 25 ----a-w- c:\programdata\AOL Downloads\SUD4426\register.bat
2009-05-19 05:36 . 2009-06-13 19:04 1484856 ----a-w- c:\programdata\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 05:36 . 2009-06-13 19:04 142040 ----a-w- c:\programdata\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 05:36 . 2009-06-13 19:04 30512 ----a-w- c:\programdata\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 05:36 . 2009-06-13 19:04 111920 ----a-w- c:\programdata\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-16 17:56 . 2009-05-16 17:56 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2008-07-28 16:05 . 2008-07-28 16:05 74 --sha-r- c:\windows\CT4CET.bin
2008-07-28 18:26 . 2008-07-28 18:26 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-04_17.45.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-30 21:20 . 2009-07-04 17:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-30 21:20 . 2009-07-04 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-30 21:20 . 2009-07-04 23:28 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-30 21:20 . 2009-07-04 17:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-30 21:20 . 2009-07-04 23:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-30 21:20 . 2009-07-04 17:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-01 18:27 . 2009-07-04 22:59 191988 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-26 442467]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-26 699456]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
c:\users\Shivam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A2CF4301-545E-4E68-97C3-451C07585F8E}"= TCP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{A101863B-C409-4BCE-95A9-1642C21ED13C}"= UDP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{B0E6C0BF-561C-4725-82B5-10324C83A37C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0AF08C2E-1363-4A3B-B91B-B8C2E939355B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AD199216-3337-48BA-8066-8E9AF6ADE256}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{7733CE41-4391-4102-9AF8-1A04765DB008}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B50F9EC9-E962-4212-9C88-94E95F3426A9}"= TCP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{F5DD85B9-FF8F-4EC7-87D8-7D75C60EE31B}"= UDP:c:\program files\Leaf Networks\Leaf\bin\Leaf.exe:Leaf
"{9A271FE6-DEC2-404D-81FA-3529CBC74C83}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{0F1E4289-3C71-4723-893F-36AE33D11174}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{64A0CA4A-FD0D-474D-8276-069EB8946020}"= TCP:c:\windows\System32\dlcccoms.exeell 924 Server
"{F5F7056E-0CFE-4C06-8501-7159464B0510}"= UDP:c:\windows\System32\dlcccoms.exeell 924 Server
"{74013302-1DD7-43E2-B341-42D1B6D7DA0E}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{201767FF-17B4-4219-A8CC-0089A57DF642}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires III
"{5FC61111-5B42-4A8D-A54D-9D7F5F5F1913}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{77B51D44-E4CB-42E6-8EDD-A15179BDCDD5}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C2C98F2A-3BDF-4AD0-AD37-9B8E85866BAE}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{33C1ABEA-E129-46B6-9510-202EC800FF4F}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{569C3927-709F-425D-BC56-6BB97B5D6D8D}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{ED60CA2B-4CB4-4955-9CF1-3A0318099988}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BAAB1350-A9CE-44C2-BA5D-11A27A6A5FB1}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{163BA861-094B-4C23-BC66-5BB0284A1CB1}"= TCP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{D2E49453-0A7B-47D2-8652-D50BB4A4E6F4}"= UDP:c:\program files\Dell Video Chat\DellVideoChat.exe:SightSpeed
"{DDE4F5EC-9622-4525-AF62-821E103ECCF6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{2D6E79BD-E547-4D20-87D4-60BFD6BC9AB0}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{DDE2C75C-BFAE-42DA-A0E7-D6DAEC5B4376}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{32A979D2-1ECE-4154-807C-256C39C5ADCF}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{4BB5A887-52E6-4826-80D4-5587125AD77B}"= c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{A897B2F9-2892-445A-8910-9D062723DE92}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{A0DC2E4C-A878-4240-B5C6-F3817D47C3D5}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_238116a1\AEstSrv.exe [6/30/2009 9:08 PM 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2/29/2008 5:37 AM 1053944]
R2 DockLoginServiceock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 5:56 PM 161048]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\System32\drivers\ATSwpWDF.sys [6/30/2009 9:08 PM 548352]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [6/30/2009 9:09 PM 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [6/30/2009 9:09 PM 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\System32\drivers\OA001Ufd.sys [6/30/2009 9:09 PM 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\System32\drivers\OA001Vid.sys [6/30/2009 9:09 PM 277624]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-28 18:32]
2009-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-28 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 22:33
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...

c:\users\Shivam\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-07-05 22:34
ComboFix-quarantined-files.txt 2009-07-05 02:34
ComboFix2.txt 2009-07-05 00:42
ComboFix3.txt 2009-07-05 00:35
ComboFix4.txt 2009-07-04 17:47
Pre-Run: 208,113,115,136 bytes free
Post-Run: 208,086,106,112 bytes free
294 --- E O F --- 2009-07-01 04:40
chiaz
Spyware Mod
chiaz
1,218 Posts
5 Jul 2009, 4:35am
Hi,

Just wondering - did you decide to remove ViewPoint, or leave it as it is?

Meanwhile,
Please go HERE to run Panda ActiveScan 2.0
  • Click the big green Scan now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Once the scan is completed, please hit the notepad icon next to the text Export to:
  • Save it to a convenient location such as your Desktop
  • Post the contents of the ActiveScan.txt in your next reply
sap1622
NEED HELP ASAP
sap1622
23 Posts
5 Jul 2009, 8:30pm
I did remove ViewPoint. Also it seems I have not been getting anymore popups and google is working correctly. You have been such great help. And I want to thank you. Here is the log:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-05 15:26:24
PROTECTIONS: 1
MALWARE: 30
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Windows Defender 1.1.1505.0 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00099951 Joke/Crazymouse Jokes No 0 Yes No C:\Users\Shivam\Downloads\mouse_enhance\Mouse Driver.exe
00099951 Joke/Crazymouse Jokes No 0 Yes No C:\Users\Shivam\Downloads\mouse_enhance.zip[Mouse Driver.exe]
00136790 Joke/BeepDemon Jokes No 0 Yes No C:\Users\Shivam\Downloads\beepdemon.zip[beepdemon.exe]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@atdmt[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@247realmedia[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@mediaplex[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@statcounter[1].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@counter.hitslink[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@bs.serving-sys[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@www.burstbeacon[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@server.iad.liveperson[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@adrevolver[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\shivam@atwola[2].txt
00950035 Cookie/RegistryDefender TrackingCookie No 0 Yes No C:\Users\Shivam\AppData\Roaming\Microsoft\Windows\Cookies\Low\shivam@registrydefender[2].txt
01908054 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\ProgramData\mivadulu\mivadulu.dll.vir
;===================================================================================================================================================================================
SUSPECTS
Sent Location A�H�*�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description A�H�*�9
;===================================================================================================================================================================================
;===================================================================================================================================================================================
chiaz
Spyware Mod
chiaz
1,218 Posts
6 Jul 2009, 2:59am
The ViewPoint removal is not complete, there are still remnants.

I suggest that you use ViewpointKiller. You may download it from this link.

Once you have downloaded ViewpointKiller, unzip it to a convenient location such as your desktop. Run ViewpointKiller, and select File > Do All Killings. Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with. A logfile will be created in the folder you unzipped ViewpointKiller to, no need to post this.

===================================================================

Java is outdated on your PC.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===============================================================

It's time to remove ComboFix.

Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u

Press Enter.

This command will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.



Let me know how your PC is running now.
sap1622
NEED HELP ASAP
sap1622
23 Posts
6 Jul 2009, 4:07am
My computer is running fine. I am so thankful for your services. Is it okay to delete the Malwarebytes program? Again thank so much!
chiaz
Spyware Mod
chiaz
1,218 Posts
6 Jul 2009, 4:09am
Yes it's fine to delete MBAM now if you wish.

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead
_______________________________

Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.
Similar Threads
Thread Thread Starter Forum Replies Last Post
Nexplore, Stopzilla, Registry Defender popups, Google search results redirected mdraughn Resolved / Inactive 4 20 May 2009 7:07pm
Popups from Nexplore/Stopzilla/etc. are killing me ryangong Resolved / Inactive 7 8 May 2009 6:38pm
Nexplore, Registry Defender popups redgeisha Resolved / Inactive 1 8 May 2009 6:32pm
Help with nexplore popups Vita Resolved / Inactive 1 6 Mar 2009 11:19pm
Nexplore and Smacchat popups have taken over my computer Christy_71283 Resolved / Inactive 16 25 Dec 2008 8:36am

Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page Can't get rid of Nexplore and other popups?!
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 7:34am (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.