Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Virus that is slowing my computr and poppingup websites
   
BullGuard Antivirus Forum > Bullguard zone > BullGuard Trial users > Virus that is slowing my computr and poppingup websites  
Forum Quick Jump
 
New Topic Post reply to : Virus that is slowing my computr and poppingup websites Printable version of : Virus that is slowing my computr and poppingup websites
[ << Previous Thread | Next Thread >> ]

AlliMc33
New Member


Date Joined May 2008
Total Posts : 2
  		   Posted 5-12-2008 5:30 (GMT +2)    Quote: Virus that is slowing my computr and poppingup websitesAlert an admin about: Virus that is slowing my computr and poppingup websites
Hi, My Vistas OS computer just recently started popping up all theserandom websites and acting really slow. I know i have a virus of some sort and i used a virus scanner and it said i had the virtumonde virus, along with spy cookies..
 
I saw a thread that was on here earlir that said to download HijackThis and run a scan with the log. I'm not very computer literate and have been trying to fix this for several days now.
 
This my hijackthis log, if anyone could help me, and tell me if it is virtumonde or something different? I would be extremely grateful
 
Alli
 
 
Logfile of HijackThis v1.99.1
Scan saved at 11:10:29 AM, on 5/12/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [InetChk] "C:\Users\Alli\AppData\Local\Temp\ms1210484485.exe" work
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\Alli\AppData\Local\Temp\iifdcCSj.dll,#1
O4 - HKCU\..\Run: [34cfad6c] rundll32.exe "C:\Users\Alli\AppData\Local\Temp\uclwicfl.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Alli\AppData\Local\Temp\mlJAtrrO.dll,c
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SpyHunter3 Service - Unknown owner - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13069
  		   Posted 5-12-2008 5:41 (GMT +2)    Quote: Virus that is slowing my computr and poppingup websitesAlert an admin about: Virus that is slowing my computr and poppingup websites
Hello cool


It looks like you have some other infections as well -


Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
Please connect all your external hard drive/flash drive before running Combofix
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results". 
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. 

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply with a new hijackthis log.


NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.

Do NOT post your problem in someone elses thread.

Back to Top
 

AlliMc33
New Member


Date Joined May 2008
Total Posts : 2
  		   Posted 5-12-2008 7:44 (GMT +2)    Quote: Virus that is slowing my computr and poppingup websitesAlert an admin about: Virus that is slowing my computr and poppingup websites
alright i did that, here are my logs:

ComboFix 08-05-11.1 - Alli 2008-05-12 12:56:29.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.378 [GMT -4:00]
Running from: C:\Users\Alli\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 10:13 . 2008-05-12 11:05 <DIR> d-------- C:\HijackThis
2008-05-12 02:30 . 2008-05-12 02:30 <DIR> d-------- C:\Users\Alli\AppData\Roaming\Cyrusoft
2008-05-11 23:54 . 2008-05-11 23:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-11 23:36 . 2008-05-11 23:36 <DIR> d-------- C:\Program Files\PCPitstop
2008-05-11 23:36 . 2008-05-11 23:36 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-05-11 22:50 . 2008-05-11 22:56 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-05-11 20:38 . 2008-01-04 20:34 163,696 --a------ C:\Windows\System32\drivers\ssidrv.sys
2008-05-11 20:38 . 2008-01-04 20:34 23,920 --a------ C:\Windows\System32\drivers\sskbfd.sys
2008-05-11 20:38 . 2008-01-04 20:34 21,872 --a------ C:\Windows\System32\drivers\sshrmd.sys
2008-05-11 20:38 . 2008-01-04 20:34 20,336 --a------ C:\Windows\System32\drivers\SSFS0BB9.sys
2008-05-11 20:36 . 2008-05-11 20:36 <DIR> d-------- C:\Users\Alli\AppData\Roaming\Webroot
2008-05-11 20:36 . 2008-05-11 20:36 <DIR> d-------- C:\Users\All Users\Webroot
2008-05-11 20:36 . 2008-05-11 20:36 <DIR> d-------- C:\ProgramData\Webroot
2008-05-11 20:36 . 2008-05-11 20:36 <DIR> d-------- C:\Program Files\Webroot
2008-05-11 20:36 . 2008-01-04 20:56 1,526,640 --a------ C:\Windows\WRSetup.dll
2008-05-11 20:23 . 2008-05-11 20:23 164 --a------ C:\install.dat
2008-04-20 17:02 . 2008-04-20 17:02 <DIR> d-------- C:\Program Files\Emergent Music LLC
2008-04-17 23:24 . 2008-05-09 20:31 304,160 --a------ C:\PA207.DAT
2008-04-17 20:05 . 2008-05-12 10:49 <DIR> d-------- C:\Users\Alli\AppData\Roaming\skypePM
2008-04-17 20:05 . 2008-04-17 20:05 32 --a------ C:\Users\All Users\ezsid.dat
2008-04-17 20:05 . 2008-04-17 20:05 32 --a------ C:\ProgramData\ezsid.dat
2008-04-17 20:02 . 2008-05-12 12:53 <DIR> d-------- C:\Users\Alli\AppData\Roaming\Skype
2008-04-17 19:59 . 2008-04-17 19:59 <DIR> d-------- C:\Users\All Users\Skype
2008-04-17 19:59 . 2008-04-17 19:59 <DIR> d-------- C:\ProgramData\Skype
2008-04-17 19:59 . 2008-04-17 19:59 <DIR> d-------- C:\Program Files\Skype
2008-04-17 19:59 . 2008-04-17 19:59 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-04-17 19:52 . 2008-04-17 19:52 <DIR> d-------- C:\Windows\PixArt
2008-04-17 19:52 . 2006-11-03 10:59 48,128 --a------ C:\Windows\System32\Remove.exe
2008-04-17 19:52 . 2007-02-12 01:06 408 --a------ C:\Windows\System32\Remover.ini
2008-04-17 19:51 . 2008-04-17 19:51 <DIR> d-------- C:\Program Files\PC Camera
2008-04-17 19:51 . 2008-04-17 19:52 <DIR> d-------- C:\Program Files\Common Files\PAC207

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 18:38 --------- d-----w C:\Users\Alli\AppData\Roaming\Ruckus Network
2008-04-20 21:03 --------- d-----w C:\Program Files\Ruckus Player
2008-04-17 23:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-09 07:25 --------- d-----w C:\Program Files\Windows Mail
2008-03-28 19:53 --------- d-----w C:\Program Files\vso
2008-03-28 19:51 1,738,982 ----a-w C:\Users\Alli\dvdtoolbox_full_setup.exe
2008-03-28 19:36 642,796 ----a-w C:\Users\Alli\XviD-1.1.3-28062007.exe
2008-03-26 16:57 --------- d-----w C:\Program Files\Zune
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 08:07 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 08:07 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 08:07 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 08:07 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 08:07 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2007-08-30 07:12 174 --sha-w C:\Program Files\desktop.ini
2007-06-22 00:47 1,577 ----a-w C:\Program Files\Yahoo! Mail.lnk
2007-06-22 00:46 978 ----a-w C:\Program Files\Yahoo! Messenger.lnk
2007-12-06 21:38 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-06 21:38 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-06 21:38 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2006-11-12 03:19 446976]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 11:20 50528]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-11 18:16 4670968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-06 18:37 21898024]
"InetChk"="C:\Users\Alli\AppData\Local\Temp\ms1210484485.exe" [ ]
"34cfad6c"="C:\Users\Alli\AppData\Local\Temp\yaugevmj.dll" [2008-05-12 12:43 91264]
"cmds"="C:\Users\Alli\AppData\Local\Temp\mlJAtrrO.dll" [2008-05-11 01:46 320640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-21 09:00 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 19:52 815104]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2006-11-27 18:56 1540096]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 01:11 303104 C:\Windows\sttray.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 18:12 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"@"="" []
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 06:20 17920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-24 13:39 1840128]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-05-02 19:16 184320]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"PCPitstop Registration Reminder"="C:\Program Files\PCPitstop\Exterminate\Reminder.exe" [2007-05-24 12:21 991232]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe" [2008-01-23 15:48 344064]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 21:34 5419008]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-06-14 09:14:52 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=C:\Windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=C:\Users\Alli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=C:\Windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1182632235\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 21:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{41D94F52-B59C-455D-9B15-D4F13C833E06}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{9D83BBFE-D4B3-40C4-B42B-9ABD848EBE25}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{2AA75611-A6DF-4379-9EB8-B645BC84A757}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BBC40F1A-9084-4B65-B462-5201ACAA7838}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{476C3343-4E95-42DB-954A-2D99178D7CC1}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{4101A06E-7691-463F-9308-D79D6B79C827}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{40084548-6CD2-4524-9199-4362E7E2C6A8}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C8589EF8-F123-446F-A761-D9BC6FAC00F8}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9D7A136E-3C78-4093-87F4-EA57D9847A34}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C73FAD95-4DF7-435E-895D-478AB8312BA0}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1F8F0768-24A8-4865-A92B-73644CC8242F}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{9B00BBE8-B9FB-49C3-AFF2-B445626722FA}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL Connectivity Service Dialer
"{F275825F-B755-4CD5-98CF-284ACCB6D598}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{E9DAD8E4-FCC9-4936-B5A7-9076A9DB386B}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL Connectivity Service
"{7E4A583F-A36C-40D0-B518-612CCCCE6A2D}"= UDP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{4A181E0B-114C-4E31-8679-9214749516FF}"= TCP:C:\Program Files\AOL 9.0\waol.exe:AOL
"{2933E9E2-BC3A-42AA-B2CF-75129280FB49}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{41771BC0-DF47-4883-97B6-BB7D5EA11BF6}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{3E6B888E-F45D-4D7E-A70F-C25135781D7D}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{5E4B28EA-9686-4596-9C6B-D95AD4940542}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{DFFC73AF-75C5-4BD8-9714-DBDDBA664E36}"= UDP:C:\Program Files\Ruckus Player\Ruckus.exe:Ruckus
"{E5B88B23-D2CC-4CBB-B1B4-CCB5EAB21689}"= TCP:C:\Program Files\Ruckus Player\Ruckus.exe:Ruckus
"{CA4FB5BE-97C1-4766-B573-E3565399B772}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{3CBE355C-45E4-479E-AF87-22E6CCDCB5C8}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{822002BA-3E07-41E8-A523-13FB1E94ECA8}C:\\program files\\ruckus player\\ruckus.exe"= UDP:C:\program files\ruckus player\ruckus.exe:Ruckus
"UDP Query User{A42C67B7-2FED-4534-8CB3-AF83B9C50B97}C:\\program files\\ruckus player\\ruckus.exe"= TCP:C:\program files\ruckus player\ruckus.exe:Ruckus
"TCP Query User{B144B704-AE6F-4083-8917-54D3E8979899}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{E20A9F16-B61F-4E3D-9E4B-364A41A63313}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"TCP Query User{4C32483F-05E2-43E6-866A-BBC589CD33D1}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{F4C909CE-C205-4B1A-BFD1-1D45451106BE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{B2D90BA8-3F4D-4608-B7B4-E71B1D67C6E7}"= UDP:C:\Program Files\Common Files\AOL\1182632235\ee\aolsoftware.exe:AOL Services
"{97F6C46E-F078-40D3-8794-6FA860C545A7}"= TCP:C:\Program Files\Common Files\AOL\1182632235\ee\aolsoftware.exe:AOL Services
"{1879F49B-7899-4D00-B10A-9BD093D9669A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{379FB87A-0641-420B-8D05-EF243F118C47}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{C7D67333-B67C-4D1E-A89E-16E2D3415B26}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{581BC23E-7F75-4E07-9D38-F344E07A2589}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{C3A12A9C-42DA-44C7-A7C5-AD34FE0513FF}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{999E83E3-C96A-4F25-BABE-5E68F753C1AC}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{0E0922EF-8F2A-4BED-8BCA-27E02D190344}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{E1A0C667-FCC9-42D2-82A2-79E8B14EA82C}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 15:48]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 19:10]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-10-25 00:53]
S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-24 13:39]
S3 PAC207;PC Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-29 13:30]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dcdb8b0-1a76-11dc-87b9-806e6f6e6963}]
\shell\AutoRun\command - E:\install.EXE id= ver=1.0.0.0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead46559-a2ee-11dc-94ff-00038a000015}]
\shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ead46563-a2ee-11dc-94ff-00038a000015}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 06:00:00 C:\Windows\Tasks\wrSpySweeperTrialSweep.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe&/ScheduleSweep=wrSpySweeperTrialSweep
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 13:06:05
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\explorer.exe
-> C:\Users\Alli\AppData\Local\Temp\yaugevmj.dll
-> C:\Users\Alli\AppData\Local\Temp\mlJAtrrO.dll
.
Completion time: 2008-05-12 13:15:50
ComboFix-quarantined-files.txt 2008-05-12 17:15:28

Pre-Run: 25,892,118,528 bytes free
Post-Run: 26,717,360,128 bytes free

227 --- E O F --- 2008-05-06 23:12:53






and Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:29 AM, on 5/12/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\sttray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] "C:\Program Files\PCPitstop\Exterminate\Reminder.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [InetChk] "C:\Users\Alli\AppData\Local\Temp\ms1210484485.exe" work
O4 - HKCU\..\Run: [MSServer] "rundll32.exe" C:\Users\Alli\AppData\Local\Temp\iifdcCSj.dll,#1
O4 - HKCU\..\Run: [34cfad6c] rundll32.exe "C:\Users\Alli\AppData\Local\Temp\uclwicfl.dll",b
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Alli\AppData\Local\Temp\mlJAtrrO.dll,c
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SpyHunter3 Service - Unknown owner - C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" (file missing)
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe



thanks again for your help!
Back to Top
 

AlliMc33
New Member


Date Joined May 2008
Total Posts : 2
  		   Posted 5-15-2008 7:01 (GMT +2)    Quote: Virus that is slowing my computr and poppingup websitesAlert an admin about: Virus that is slowing my computr and poppingup websites
nevermind i used avg free and it got rid of all of them
Back to Top
 
New Topic Post reply to : Virus that is slowing my computr and poppingup websites Printable version of : Virus that is slowing my computr and poppingup websites
 
Forum Information
Currently it is Monday, October 06, 2008 4:59 PM (GMT +2)
There are a total of 62.544 posts in 15.603 threads.
In the last 3 days there were 20 new threads and 43 reply posts. View Active Threads
Who's Online
This forum has 26660 registered members. Please welcome our newest member, bloat.
50 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
CiD spyware!!cant get rid of it! (2)06-10-2008 14:18:15 (fake7)
2008 Newest Chanel Shoes in www.shoes198.com (0)06-10-2008 13:45:10 (xjh)
2008 Newest Nike Sports Shoes in www.shoes198.com (0)06-10-2008 13:29:50 (xjh)
Qhonsvc error probably caused by quick heal (1)06-10-2008 10:00:25 (Touch)
Pop Up when the System Starts - Suspecting Win32: Trojan-gen{Other} (3)06-10-2008 05:40:55 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard