Pop Unders & Radio Playing Virus

Dell / Dell dm061...
April 25, 2010 at 15:23:38
Specs: Microsoft Windows Vista Home Premium, 1.862 GHz / 2045 MB
Hi Guys

I will try and be as apecific as I can with this without boaring you all to death.

To start with I have already ran Norton 360, Panda & Ewido but with no luck.

The Problem: Once I have booted my computer in the morning, after a few minutes it will open an IE popup if of about 1 second then close again "you miss it if you blink" after that I will start to get random pop unders from these sites detailed below:

http://cdn.optmd.com/V2/76976/16280...

http://www.webfetti.com/dl/index.jh...

http://redvase.bravenet.com/deliver...

Also I get ramdom Radio play and no other app seems to be running.

Please help, not sure where to go with this now...


See More: Pop Unders & Radio Playing Virus

Report •

#1
April 25, 2010 at 17:26:08
Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#2
April 26, 2010 at 02:17:53
Ok No worries.. although I already had this program on my computer I have done it all as you said, here you go Jabuck....

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4036

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

26/04/2010 10:02:28
mbam-log-2010-04-26 (10-02-28).txt

Scan type: Quick scan
Objects scanned: 131963
Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\TheNostradamus\AppData\Local\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\TheNostradamus\AppData\Local\av.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\TheNostradamus\AppData\Local\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#3
April 26, 2010 at 03:35:11
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.


Report •

Related Solutions

#4
April 26, 2010 at 08:20:24
Ok Guys here we go..

Attach.txt

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 30/03/2007 11:47:51
System Uptime: 26/04/2010 10:05:57 (6 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 123.185 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4.875 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: LogMeIn Mirror Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: LogMeIn, Inc.
Name: LogMeIn Mirror Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: lmimirr

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

"Nero SoundTrax Help
2FlyerPro
32 Bit HP CIO Components Installer
3DVIA player 4.1
ACDSee for PENTAX 3.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe ColdFusion 8
Adobe ColdFusion 8 .NET Integration Services
Adobe ColdFusion 8 with JRun 4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 7.1.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
Advertising Center
AGEIA PhysX v7.05.06
AoA Audio Extractor 1.0
AppCore
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applet Effects Factory
Applet Navigation Factory
AQUAZONE "Arowana Pack"
AQUAZONE "Deep Sea Pack"
AQUAZONE "Goldfish Pack"
AQUAZONE "Jellyfish Pack"
AQUAZONE "Reef Fish Pack"
AQUAZONE "Turtles & More Pack"
AQUAZONE DESKTOP GARDEN
Backup
BatteryStatus (Chi-Tai Dang)
BitTorrent
Bonjour
Bowling Master
Bridge Builder
BT Home Hub
BT Home Hub USB Installer
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Canon ScanGear Starter
ccCommon
CCleaner
CCS64 V3.7
CCScore
Champcar 2007 v1.0
CivCity
CM4
CoffeeCup Flash Form Builder
CoffeeCup Flash Menu Builder
CoffeeCup Photo Gallery - Registered
CoffeeCup StyleSheet Maker
CoffeeCup Visual Site Designer Software
CoffeeCup Web Calendar
Connect
ConvertXtoDVD 4.0.10.324
Cooliris for Internet Explorer
Core Communication Components
Counter-Strike
CTDP's ChampionShipManager NX 2.1
CTDP ChampionshipTrackManager 1.4
CTDP Formula One 2005 v1.2
CuteFTP 8 Professional
Day of Defeat
DeliPlayer
Dell Automated PC TuneUp
Dell System Customization Wizard
Device Data Communication Components
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DNA
DolbyFiles
Dream Aquarium
eMule
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Events Communication Components
ewido anti-malware
fflink
Finding Nemo
Flash Slideshow Maker Pro 4.86
GearDrvs
Google AdWords Editor
Google Chrome
Google Earth
Google Talk (remove only)
Google Update Helper
Google Updater
GPL 2004 DEMO
GPxPatch (remove only)
Grand Prix 1979 for Rfactor v2.0
Grand Prix 4
Grand Theft Auto Vice City
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Half-Life(R) 2
Handmark® Monopoly® for Pocket PC
hillside final
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Easy Printer Care
HP Printer Settings Tools
HP Printer Usage Report
HP Proactive Services
HP Update
ImagXpress
In The Night Garden Screen Saver
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 4.7.5 (Full)
Kai's Power Tools 5
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kidzui
Kodak EasyShare software
kuler
Light! v3 for Adobe Photoshop & Compatible Applications
LiveUpdate (Symantec Corporation)
LogMeIn
Macromedia Extension Manager
Magic ISO Maker v5.3 (build 0216)
Magic ISO Maker v5.5 (build 0276)
Magic Video Converter Trial Version (English) 8.0.2.18
MagicDisc 2.7.106
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office Live Add-in Patches
Microsoft Office Live Small Business Image Uploader
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mojo Master Winamp Visualizer for Winamp (remove only)
Movie Templates - Starter Kit
Mozilla Firefox (3.0.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
netbrdg
Nokia Photos
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Norton PC Checkup
Norton Security Scan
NVIDIA Display Control Panel
NVIDIA Drivers
ObjectDock Plus
OfotoXMI
OGA Notifier 2.0.0048.0
OpenAL
Opera 10.51
Operating System Communication Components
Panda ActiveScan 2.0
PDF Password Remover v3.1
PDF Settings CS4
Peggle Extreme
Photoshop Camera Raw
PicLens for Internet Explorer
Portal: The First Slice
PowerDirector
PowerISO
Public Edition Version 2
QuickTime
RACE 07 Demo Dedicated Server
Reader Rabbit Preschool(R) Sparkle Star Rescue!(TM)
RealPlayer
RealUpgrade 1.0
Red White and Blue Fireworks Full Screen Saver
rFactor (remove only)
rFactor Data Acquisition Plugin
Safari
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
SDFormatter
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SFR
SHASTA
Sid Meier's Civilization 4
Sierra Utilities
SigmaTel Audio
Silent Hunter 4 Wolves of the Pacific
SimCity 4 Deluxe
skin0001
SKINXSDK
Sky Player
SmartSound Quicktracks Plugin
SnagIt 8
Sonic Activation Module
Sony Noise Reduction Plug-In 2.0e
Sony Sound Forge 9.0
SoundTrax
Source Dedicated Server
SPBBC 32bit
staticcr
Steam(TM)
Suite Shared Configuration CS4
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
System Requirements Lab
Tiger Woods PGA TOUR 08
tooltips
Trivial Pursuit® Handheld Edition for Windows Mobile Pocket PC
Tux Paint 0.9.20b
Tux Paint Stamps 2008.06.30
Ulead VideoStudio SE DVD
Uninstall JL2005A Toy Camera
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
USB2.0 Capture Device
User's Guides
VC_MergeModuleToMSI
VideoLAN VLC media player 0.8.6c
VPRINTOL
Website Ripper Copier
Win AVI HelixSDK
Winamp (remove only)
WinAVIVideoConverter
WindowBlinds
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows System Scanner
WinRAR
WinRAR archiver
WinUAE v0.8.8 R7
WIRELESS
WM Recorder 11.0
ZaZ GP4 Tools 1.26

==== Event Viewer Messages From Past Week ========

26/04/2010 16:17:53, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


Report •

#5
April 26, 2010 at 08:21:02

DDS (Ver_10-03-17.01) - NTFSx86
Run by TheNostradamus at 16:16:50.61 on 26/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.864 [GMT 1:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\JL2005A\cam_mon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\tdmic.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Users\TheNostradamus\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Users\TheNostradamus\Program Files\DNA\btdna.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\Opera\opera.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TheNostradamus\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.itv-f1.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PicLens plug-in for Internet Explorer: {eaee5c74-6d0d-4aca-9232-0da4a7b866ba} - c:\program files\piclensie\PicLens.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [googletalk] c:\users\thenostradamus\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\axcmd.exe" /automount
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [BitTorrent DNA] "c:\users\thenostradamus\program files\dna\btdna.exe"
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [CAMMON_JL2005A] c:\program files\jl2005a\cam_mon
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [kdx] "c:\program files\kontiki\KHost.exe" -all
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [tdmic] c:\windows\system32\tdmic.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\users\thenos~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\PicLens.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: hp.com
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} - hxxp://simcity.ea.com/update/EARTPX.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} - hxxp://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\common files\hewlett-packard\hp device communication services\app\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\thenos~1\appdata\roaming\mozilla\firefox\profiles\hpxqd8dw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\thenostradamus\program files\dna\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-4-25 28552]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2006-7-11 42392]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2007-12-30 20392]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20100422.001\IDSvix86.sys [2010-4-24 286768]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-18 151616]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-9-23 21504]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.2.543\SymcPCCULaunchSvc.exe [2010-4-13 103280]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.2.543\ccSvcHst.exe [2010-4-13 126392]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-27 102448]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2009-1-13 1245064]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 DUMeterSvc;DU Meter Service;c:\program files\du meter\dumetersvc.exe /startedbyscm:e1f6d4be-40e33354-dumeterservice --> c:\program files\du meter\DUMeterSvc.exe [?]
S2 gupdate1c98bb3a2193e23;Google Update Service (gupdate1c98bb3a2193e23);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-23 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-3-12 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 JL2005;JL2005A Toy Camera;c:\windows\system32\drivers\toywdm.sys [2009-1-24 86797]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-4-7 79888]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-23 16896]
S4 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8dotnetservice\CF8DotNetsvc.exe [2008-10-30 77824]
S4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-10-30 65536]
S4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe "coldfusion 8 odbc agent" --> c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [?]
S4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe "coldfusion 8 odbc server" --> c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [?]
S4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-10-30 2743056]
S4 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-9-22 47640]
S4 Macromedia JRun Admin Server;Macromedia JRun Admin Server;c:\jrun4\bin\jrunsvc.exe [2008-10-30 65536]
S4 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;c:\jrun4\bin\jrunsvc.exe [2008-10-30 65536]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-04-26 08:49:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 08:49:53 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-26 08:49:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 17:28:09 0 d-----w- c:\program files\ewido anti-malware
2010-04-25 09:33:18 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-04-25 09:30:04 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-25 09:30:00 0 d-----w- c:\program files\Panda Security
2010-04-15 14:34:54 7772 ----a-w- c:\windows\system32\nvinfo.pb
2010-04-15 14:34:54 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-15 14:34:51 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-15 14:34:51 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-15 14:34:51 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-15 14:34:51 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-14 08:46:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 07:20:21 0 d-----w- c:\program files\iPod
2010-04-14 07:20:17 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-14 07:20:17 0 d-----w- c:\program files\iTunes
2010-04-14 07:07:20 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 07:07:20 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 07:07:20 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:07:17 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:07:16 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 07:07:15 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:04:57 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-14 07:04:57 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-04-14 07:04:47 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 07:04:47 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 07:04:47 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:04:01 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:03:45 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 11:56:49 0 d-----w- c:\windows\system32\drivers\NSS
2010-04-13 11:56:49 0 d-----w- c:\program files\Norton Security Scan
2010-04-13 11:52:35 0 d-----w- c:\users\thenos~1\appdata\roaming\Tific
2010-04-13 11:52:23 0 d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-04-13 11:52:22 0 d-----w- c:\programdata\Norton
2010-04-13 11:52:22 0 d-----w- c:\program files\Norton PC Checkup
2010-04-13 11:52:09 0 d-----w- c:\program files\NortonInstaller
2010-04-06 17:53:56 0 d-----w- c:\program files\Applet Navigation Factory 2.0
2010-04-06 17:53:26 48640 ----a-w- c:\windows\system32\INETWH32.dll
2010-04-06 17:53:24 297472 ----a-w- c:\windows\system32\OpenClass.exe
2010-04-06 17:53:24 0 d-----w- c:\program files\Applet Effects Factory
2010-04-05 18:16:59 938272 ----a-w- c:\windows\system32\wodFtpDLX.OCX
2010-04-05 18:16:27 237568 ----a-w- c:\windows\system32\tdmic.exe
2010-04-05 18:16:27 158208 ----a-w- c:\windows\system32\tdmic.dll
2010-04-05 18:16:27 1066176 ----a-w- c:\windows\system32\mscomctl.ctl
2010-04-04 20:26:35 103 ----a-w- c:\users\thenos~1\appdata\roaming\ftpfile.dat
2010-04-03 17:27:00 958464 ----a-w- c:\windows\system32\nvsvcr.dll
2010-04-03 17:27:00 641568 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27:00 207392 ----a-w- c:\windows\system32\nvvsvc.exe
2010-03-29 13:39:21 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-03-29 13:39:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-03-29 13:39:21 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-03-29 13:39:21 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-03-27 17:27:16 0 d-----w- c:\program files\Bridge Builder

==================== Find3M ====================

2010-04-18 11:33:30 86016 ----a-w- c:\windows\inf\infpub.dat
2010-04-18 11:33:30 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-18 06:49:21 54037 ----a-w- c:\programdata\nvModes.dat
2010-04-15 14:36:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-04-06 17:56:08 87608 ----a-w- c:\users\thenos~1\appdata\roaming\inst.exe
2010-04-06 17:56:08 47360 ----a-w- c:\users\thenos~1\appdata\roaming\pcouffin.sys
2010-04-02 15:54:38 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-09 18:32:07 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05:14 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32:56 293376 ----a-w- c:\windows\system32\browserchoice.exe
2009-11-17 19:22:03 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-09-24 14:22:16 174 --sha-w- c:\program files\desktop.ini
2007-08-03 17:03:05 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2002-07-31 18:55:12 106 --sh--w- c:\windows\WSYS049.SYS
2009-06-17 06:35:00 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-03-30 18:43:49 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:17:37.18 ===============


Report •

#6
April 27, 2010 at 04:48:16
Sorry Guys

**Bump**


Report •

#7
April 29, 2010 at 12:04:12
Don't mean to bump this again for no reason but I still got issues with this...

Report •

#8
April 30, 2010 at 19:36:47
Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 20. Then go to add/remove programs and uninstall all of the older versions of Java.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Nortons antivirus, Windows Defender, and Ewido must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#9
May 1, 2010 at 06:00:08
here you go dude....

ComboFix 10-04-30.03 - TheNostradamus 01/05/2010 12:23:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1157 [GMT 1:00]
Running from: c:\users\TheNostradamus\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3951779315-1583897901-968269241-1002
c:\users\TheNostradamus\AppData\Roaming\inst.exe
c:\windows\eSellerateEngine.dll
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
D:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_DUMeterSvc


((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 )))))))))))))))))))))))))))))))
.

2010-04-28 12:03 . 2010-04-28 12:03 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\PC Tools
2010-04-28 12:03 . 2010-04-28 12:03 -------- d-----w- c:\progra~2\PC Tools
2010-04-14 07:20 . 2010-04-14 07:21 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-13 11:52 . 2010-04-13 11:52 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Tific
2010-04-13 11:52 . 2010-04-28 21:18 -------- d-----w- c:\progra~2\Norton

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 12:12 . 2007-10-11 20:44 -------- d-----w- c:\progra~2\Kontiki
2010-05-01 12:08 . 2009-03-16 14:02 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\DNA
2010-05-01 10:59 . 2007-03-30 10:54 -------- d-----w- c:\program files\Java
2010-05-01 10:59 . 2010-04-28 12:03 -------- d-----w- c:\program files\Spyware Doctor
2010-05-01 07:01 . 2008-09-22 10:46 -------- d-----w- c:\program files\LogMeIn
2010-04-28 21:24 . 2009-06-15 10:49 -------- d-----w- c:\program files\Common Files\Stardock
2010-04-28 20:49 . 2010-04-28 20:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-28 20:27 . 2007-04-04 21:01 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\BitTorrent
2010-04-28 19:22 . 2007-03-30 10:54 -------- d-----w- c:\program files\Common Files\Java
2010-04-28 13:08 . 2008-09-18 11:10 -------- d-----w- c:\program files\Opera
2010-04-28 12:09 . 2010-04-28 12:03 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-26 08:49 . 2010-04-26 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-25 17:31 . 2010-04-25 17:28 -------- d-----w- c:\program files\ewido anti-malware
2010-04-25 09:30 . 2010-04-25 09:30 -------- d-----w- c:\program files\Panda Security
2010-04-20 19:53 . 2007-09-15 10:25 -------- d-----w- c:\program files\Common Files\Steam
2010-04-18 11:40 . 2007-04-04 20:47 -------- d-----w- c:\progra~2\NVIDIA
2010-04-18 06:49 . 2009-07-08 19:03 54037 ----a-w- c:\progra~2\nvModes.dat
2010-04-16 19:11 . 2007-03-30 11:03 -------- d-----w- c:\program files\Google
2010-04-15 14:09 . 2008-11-11 13:00 -------- d-----w- c:\program files\CCleaner
2010-04-14 22:35 . 2010-04-04 20:26 103 ----a-w- c:\users\TheNostradamus\AppData\Roaming\ftpfile.dat
2010-04-14 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 08:08 . 2007-04-15 07:28 -------- d-----w- c:\progra~2\Microsoft Help
2010-04-14 07:21 . 2010-04-14 07:20 -------- d-----w- c:\program files\iTunes
2010-04-14 07:20 . 2010-04-14 07:20 -------- d-----w- c:\program files\iPod
2010-04-14 07:20 . 2007-06-30 21:24 -------- d-----w- c:\program files\Common Files\Apple
2010-04-14 07:08 . 2009-02-12 10:21 -------- d-----w- c:\program files\Bonjour
2010-04-13 11:56 . 2010-04-13 11:56 -------- d-----w- c:\program files\Norton Security Scan
2010-04-13 11:56 . 2010-04-13 11:52 -------- d-----w- c:\program files\NortonInstaller
2010-04-13 11:54 . 2008-11-19 09:13 -------- d-----w- c:\progra~2\Symantec
2010-04-13 11:52 . 2010-04-13 11:52 -------- d-----w- c:\program files\Norton PC Checkup
2010-04-13 11:52 . 2008-11-19 11:27 -------- d-----w- c:\progra~2\NortonInstaller
2010-04-12 16:29 . 2010-04-28 19:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 22:13 . 2010-03-20 12:00 -------- d-----w- c:\program files\CoffeeCup Software
2010-04-07 22:13 . 2007-03-30 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 23:59 . 2007-08-03 17:16 -------- d-----w- c:\program files\Replay Converter
2010-04-06 17:56 . 2010-03-13 19:01 -------- d-----w- c:\program files\NCH Software
2010-04-06 17:56 . 2007-04-28 17:41 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Vso
2010-04-06 17:56 . 2007-04-28 17:41 -------- d-----w- c:\program files\VSO
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-06 17:53 . 2010-04-06 17:53 -------- d-----w- c:\program files\Applet Navigation Factory 2.0
2010-04-06 17:53 . 2010-04-06 17:53 -------- d-----w- c:\program files\Applet Effects Factory
2010-04-05 18:16 . 2010-04-05 18:16 237568 ----a-w- c:\windows\system32\tdmic.exe
2010-04-05 18:16 . 2010-04-05 18:16 158208 ----a-w- c:\windows\system32\tdmic.dll
2010-04-04 12:12 . 2010-04-04 12:11 -------- d-----w- c:\program files\QuickTime
2010-04-03 22:55 . 2010-04-15 14:34 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-03 22:55 . 2010-04-15 14:34 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-03 22:55 . 2010-04-15 14:34 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-03 22:55 . 2010-04-15 14:34 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-03 22:55 . 2010-04-15 14:34 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-02 15:54 . 2007-09-17 08:07 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-29 14:24 . 2010-04-26 08:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 14:24 . 2010-04-26 08:49 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 17:27 . 2010-03-27 17:27 -------- d-----w- c:\program files\Bridge Builder
2010-03-18 21:32 . 2007-03-30 11:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-18 21:17 . 2009-12-20 11:31 -------- d-----w- c:\program files\Kalypso
2010-03-18 21:15 . 2007-04-05 17:51 -------- d-----w- c:\program files\Macromedia
2010-03-17 08:05 . 2008-07-19 09:41 -------- d-----w- c:\program files\Safari
2010-03-16 08:43 . 2007-08-04 19:21 -------- d-----w- c:\program files\Common Files\Real
2010-03-16 08:43 . 2008-03-01 14:33 -------- d-----w- c:\program files\Real
2010-03-16 08:43 . 2010-03-16 08:43 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-13 21:23 . 2010-03-13 21:23 -------- d-----w- c:\program files\Common Files\Ulead Systems
2010-03-13 21:23 . 2010-03-13 21:23 -------- d-----w- c:\program files\Ulead Systems
2010-03-13 21:23 . 2010-03-13 11:29 -------- d-----w- c:\progra~2\Ulead Systems
2010-03-13 12:11 . 2007-04-04 19:33 228944 ----a-w- c:\users\TheNostradamus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:53 . 2010-03-13 11:52 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Ulead Systems
2010-03-13 11:30 . 2010-03-13 11:30 -------- d-----w- c:\program files\Windows Media Components
2010-03-12 15:11 . 2009-04-02 09:20 -------- d-----w- c:\program files\Windows Live
2010-03-12 15:09 . 2009-03-21 16:40 -------- d-----w- c:\program files\Microsoft
2010-03-09 18:32 . 2008-11-07 11:01 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-05 14:01 . 2010-04-14 07:07 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 09:16 . 2010-04-14 08:46 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:10 . 2010-04-14 07:07 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 07:07 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 07:07 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-31 09:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 19:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 19:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 19:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-14 07:04 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 07:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-14 07:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-14 07:04 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 07:04 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32 . 2010-03-24 19:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-09 14:37 . 2010-03-29 13:39 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-02-09 14:37 . 2010-03-29 13:39 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-02-09 14:37 . 2010-03-29 13:39 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-02-09 14:37 . 2010-03-29 13:39 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-02-05 08:25 . 2010-04-28 12:03 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 08:18 . 2010-04-28 12:04 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 08:17 . 2010-04-28 12:04 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2007-08-03 17:03 . 2007-08-03 17:03 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-03-31 21:47 . 2009-01-13 10:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2002-07-31 18:55 . 2010-03-20 13:18 106 --sh--w- c:\windows\WSYS049.SYS
2007-03-30 18:43 . 2007-03-30 18:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\TheNostradamus\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\TheNostradamus\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-22 39408]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2010-04-12 1808752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAMMON_JL2005A"="c:\program files\JL2005A\cam_mon" [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-29 1086856]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"tdmic"="c:\windows\system32\tdmic.exe" [2010-04-05 237568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]

c:\users\MissyLooby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\TheNostradamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-4-28 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-10 16:00 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-03-09 08:22 654648 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-20 19:51 1217872 ----a-w- c:\games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,7b,7c,91,7a,44,ca,01

R2 gupdate1c98bb3a2193e23;Google Update Service (gupdate1c98bb3a2193e23);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys [2006-03-22 86797]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-04-07 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8dotnetservice\CF8DotNetsvc.exe [2008-10-30 77824]
R4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-03-18 65536]
R4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [x]
R4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [x]
R4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-03-12 2743056]
R4 Macromedia JRun Admin Server;Macromedia JRun Admin Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-04-14 716272]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100422.001\IDSvix86.sys [2009-11-20 286768]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-21 112592]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe [2010-01-08 103280]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe [2009-08-24 126392]
S3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:19]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-04-30 c:\windows\Tasks\Norton Security Scan for TheNostradamus.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-04-13 12:46]

2010-05-01 c:\windows\Tasks\User_Feed_Synchronization-{41F550E9-2C3D-46F6-920F-BA37B5932926}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.itv-f1.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: hp.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\TheNostradamus\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqd8dw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\users\TheNostradamus\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 13:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys sfsync04.sys hal.dll sfsync03.sys iastor.sys spwc.sys >>UNKNOWN [0x859DC938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x88bc4d24
\Driver\ACPI -> acpi.sys @ 0x805bbd68
\Driver\iaStor -> sfsync04.sys @ 0x82e3ba7c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.543\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3951779315-1583897901-968269241-1000\C* Å*]
@Allowed: (Read) (RestrictedCode)
"WriteErrorLog"="No"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5804)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\System32\SyncCenter.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ewido anti-malware\ewidoctrl.exe
c:\program files\ewido anti-malware\ewidoguard.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Kontiki\KService.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\System32\StkASv2K.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\JL2005A\cam_mon.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\users\THENOS~1\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-05-01 13:29:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-01 12:29
ComboFix2.txt 2008-11-17 14:25
ComboFix3.txt 2008-11-16 10:20

Pre-Run: 127,750,434,816 bytes free
Post-Run: 127,393,464,320 bytes free

- - End Of File - - 55369E2E8A0ED568EFC4A770EBCDBAEB


Report •

#10
May 1, 2010 at 12:59:05
Just to let you know guys, now I have run combo fix I keep getting a program trying to install every time I reboot the computer.

It keeps saying Installing Smart Sound Quick Tracks plug in..

I cant find anything when I do a search though!!!!


Report •

#11
May 1, 2010 at 18:54:28
That is a quicktime addon and was probably attached to the c:\windows\eSellerateEngine.dll which is a way for baddies to attach themselves to normal dll to hide.

It is listed in your add/remove programs.Uninstall Smart Sound Quick Tracks plug-in, then uninstall/reinstall quicktime should resolve the problem.

Delete DDS from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#12
May 2, 2010 at 01:08:54
Ok Im trying to do this but i cant seem to turn on sysyem resstore!!!!!

Report •

#13
May 2, 2010 at 07:32:20
right guys im not sure if I havnt been able to activate system restore but im still getting the popunders..

Any ideas???


Report •

#14
May 2, 2010 at 18:57:12
Run Combofix again but make these are disabled (windows defender was not disabled in your previous run):

Nortons antivirus, Windows Defender, and Ewido

Download Registry Search and doubleclick to start it. Enter av.exe in the top edit box and click "Ok". Notepad will be opened with text in it (the file will be saved in the program's folder as well). Post this text.


Report •

#15
May 3, 2010 at 14:39:27
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 03/05/2010 22:34:14 for strings:
; 'av.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_USERS\S-1-5-21-3951779315-1583897901-968269241-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\5b7ea8a8_0]
@="{0.0.0.00000000}.{e0a0e92a-956e-4b83-958d-352ec0312b16}|\\Device\\HarddiskVolume3\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\playwav.exe%b{00000000-0000-0000-0000-000000000000}"

; End Of The Log...

Here you go....


Report •

#16
May 3, 2010 at 18:25:07
How about the Combofix scan?

Report •

#17
May 4, 2010 at 01:38:34
yep I did that too,

ComboFix 10-05-02.02 - TheNostradamus 03/05/2010 11:08:10.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.777 [GMT 1:00]
Running from: c:\users\TheNostradamus\Desktop\Combo.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-03 to 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-05-03 10:21 . 2010-05-03 10:21 -------- d-----w- c:\users\TheNostradamus\AppData\Local\temp
2010-05-03 10:21 . 2010-05-03 10:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-03 10:21 . 2010-05-03 10:21 -------- d-----w- c:\users\MissyLooby\AppData\Local\temp
2010-05-03 10:21 . 2010-05-03 10:21 -------- d-----w- c:\users\Kayelle\AppData\Local\temp
2010-05-03 10:21 . 2010-05-03 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-03 10:21 . 2010-05-03 10:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-02 19:13 . 2010-05-02 20:39 -------- d-----w- c:\users\TheNostradamus\AppData\Local\Adobe
2010-05-02 14:07 . 2010-05-02 22:09 -------- d-----w- c:\users\TheNostradamus\AppData\Local\Apple Computer
2010-05-01 22:15 . 2010-05-01 22:15 3584 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-01 22:15 . 2010-05-01 22:15 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-01 13:08 . 2010-05-01 13:08 -------- d-----w- C:\found.000
2010-04-28 20:49 . 2010-04-28 20:49 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-04-28 19:19 . 2010-05-02 14:15 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-28 12:03 . 2010-05-03 07:59 -------- d-----w- c:\program files\Spyware Doctor
2010-04-26 08:49 . 2010-03-29 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-26 08:49 . 2010-04-26 08:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-26 08:49 . 2010-03-29 14:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 17:28 . 2010-05-03 06:42 -------- d-----w- c:\program files\ewido anti-malware
2010-04-25 09:33 . 2009-10-07 14:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-04-25 09:30 . 2009-06-30 08:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-25 09:30 . 2010-04-25 09:30 -------- d-----w- c:\program files\Panda Security
2010-04-15 14:34 . 2010-04-03 22:55 56424 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-15 14:34 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-15 14:34 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod1914.dll
2010-04-15 14:34 . 2010-04-03 22:55 2009704 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-15 14:34 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-14 08:46 . 2010-02-24 09:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-14 07:20 . 2010-04-14 07:20 -------- d-----w- c:\program files\iPod
2010-04-14 07:20 . 2010-04-14 07:21 -------- d-----w- c:\program files\iTunes
2010-04-14 07:20 . 2010-04-14 07:21 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-14 07:07 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 07:07 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 07:07 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 07:07 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 07:07 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 07:07 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 07:04 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 07:04 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 07:04 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 07:04 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 07:03 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-13 11:56 . 2010-04-13 11:56 -------- d-----w- c:\windows\system32\drivers\NSS
2010-04-13 11:56 . 2010-04-13 11:56 -------- d-----w- c:\program files\Norton Security Scan
2010-04-13 11:52 . 2010-04-13 16:29 -------- d-----w- c:\users\TheNostradamus\AppData\Local\Tific
2010-04-13 11:52 . 2010-04-13 11:52 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Tific
2010-04-13 11:52 . 2010-04-13 11:52 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckup
2010-04-13 11:52 . 2010-04-28 21:18 -------- d-----w- c:\progra~2\Norton
2010-04-13 11:52 . 2010-04-13 11:52 -------- d-----w- c:\program files\Norton PC Checkup
2010-04-13 11:52 . 2010-04-13 11:56 -------- d-----w- c:\program files\NortonInstaller
2010-04-12 11:58 . 2010-04-12 12:00 26694 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_FCF4B120D6A8BD6C385184.exe
2010-04-12 11:58 . 2010-04-12 12:00 26694 ----a-r- c:\users\TheNostradamus\AppData\Roaming\Microsoft\Installer\{F6249ABF-F16D-4AF3-8755-4D62F799C238}\_6FEFF9B68218417F98F549.exe
2010-04-06 17:53 . 1996-09-11 13:33 48640 ----a-w- c:\windows\system32\INETWH32.dll
2010-04-06 17:53 . 1999-11-11 14:42 297472 ----a-w- c:\windows\system32\OpenClass.exe
2010-04-05 18:16 . 2010-04-05 18:16 237568 ----a-w- c:\windows\system32\tdmic.exe
2010-04-05 18:16 . 2010-04-05 18:16 158208 ----a-w- c:\windows\system32\tdmic.dll
2010-04-04 12:11 . 2010-04-04 12:12 -------- d-----w- c:\program files\QuickTime
2010-04-03 17:27 . 2009-04-14 02:33 958464 ----a-w- c:\windows\system32\nvsvcr.dll
2010-04-03 17:27 . 2009-04-14 02:33 641568 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27 . 2009-04-14 02:33 207392 ----a-w- c:\windows\system32\nvvsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 10:22 . 2007-10-11 20:44 -------- d-----w- c:\progra~2\Kontiki
2010-05-03 10:22 . 2009-03-16 14:02 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\DNA
2010-05-02 23:51 . 2008-09-22 10:46 -------- d-----w- c:\program files\LogMeIn
2010-05-02 23:49 . 2008-10-31 20:03 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2010-05-02 23:45 . 2007-04-04 21:01 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\BitTorrent
2010-05-02 14:21 . 2007-03-30 10:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 13:54 . 2007-03-30 10:54 -------- d-----w- c:\program files\Java
2010-05-02 13:54 . 2007-03-30 10:54 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:42 . 2009-03-16 14:02 -------- d-----w- c:\program files\DNA
2010-05-02 13:23 . 2009-01-18 14:14 -------- d-----w- c:\users\Kayelle\AppData\Roaming\Apple Computer
2010-05-02 13:17 . 2007-10-26 18:06 1356 ----a-w- c:\users\TheNostradamus\AppData\Local\d3d9caps.dat
2010-05-01 22:13 . 2009-12-03 15:46 -------- d-----w- c:\program files\MSECache
2010-05-01 22:00 . 2010-03-13 11:29 -------- d-----w- c:\progra~2\Ulead Systems
2010-05-01 13:25 . 2008-09-18 11:10 -------- d-----w- c:\program files\Opera
2010-04-28 21:24 . 2009-06-15 10:49 -------- d-----w- c:\program files\Common Files\Stardock
2010-04-28 08:39 . 2010-03-27 08:47 439816 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\setup.exe
2010-04-20 19:53 . 2007-09-15 10:25 -------- d-----w- c:\program files\Common Files\Steam
2010-04-18 11:40 . 2007-04-04 20:47 -------- d-----w- c:\progra~2\NVIDIA
2010-04-18 06:49 . 2009-07-08 19:03 54037 ----a-w- c:\progra~2\nvModes.dat
2010-04-16 19:11 . 2007-03-30 11:03 -------- d-----w- c:\program files\Google
2010-04-15 14:09 . 2008-11-11 13:00 -------- d-----w- c:\program files\CCleaner
2010-04-14 22:35 . 2010-04-04 20:26 103 ----a-w- c:\users\TheNostradamus\AppData\Roaming\ftpfile.dat
2010-04-14 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-14 08:08 . 2007-04-15 07:28 -------- d-----w- c:\progra~2\Microsoft Help
2010-04-14 07:20 . 2007-06-30 21:24 -------- d-----w- c:\program files\Common Files\Apple
2010-04-14 07:08 . 2009-02-12 10:21 -------- d-----w- c:\program files\Bonjour
2010-04-13 11:54 . 2008-11-19 09:13 -------- d-----w- c:\progra~2\Symantec
2010-04-13 11:52 . 2008-11-19 11:27 -------- d-----w- c:\progra~2\NortonInstaller
2010-04-07 22:13 . 2010-03-20 12:00 -------- d-----w- c:\program files\CoffeeCup Software
2010-04-06 23:59 . 2007-08-03 17:16 -------- d-----w- c:\program files\Replay Converter
2010-04-06 17:56 . 2010-03-13 19:01 -------- d-----w- c:\program files\NCH Software
2010-04-06 17:56 . 2007-04-28 17:41 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Vso
2010-04-06 17:56 . 2007-04-28 17:41 -------- d-----w- c:\program files\VSO
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-06 17:56 . 2007-04-28 17:41 47360 ----a-w- c:\users\TheNostradamus\AppData\Roaming\pcouffin.sys
2010-04-02 15:54 . 2007-09-17 08:07 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-03-27 17:27 . 2010-03-27 17:27 -------- d-----w- c:\program files\Bridge Builder
2010-03-27 16:57 . 2010-03-27 16:56 20895216 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\rp\RealPlayerSPGold.exe
2010-03-27 16:56 . 2010-03-27 16:56 79368 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\RUP\vista.exe
2010-03-27 16:56 . 2010-03-27 16:56 52288 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gtapi.dll
2010-03-27 16:56 . 2010-03-27 16:56 64000 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\gcapi_dll.dll
2010-03-27 16:56 . 2010-03-27 16:56 50688 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\fftbapi.dll
2010-03-27 16:56 . 2010-03-27 16:56 49152 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\CarboniteCompatibility.dll
2010-03-27 16:56 . 2010-03-27 16:56 118784 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.11\RUP\inst_config\compat.dll
2010-03-18 21:32 . 2007-03-30 11:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-18 21:17 . 2009-12-20 11:31 -------- d-----w- c:\program files\Kalypso
2010-03-18 21:15 . 2007-04-05 17:51 -------- d-----w- c:\program files\Macromedia
2010-03-17 08:05 . 2008-07-19 09:41 -------- d-----w- c:\program files\Safari
2010-03-16 08:43 . 2007-08-04 19:21 -------- d-----w- c:\program files\Common Files\Real
2010-03-16 08:43 . 2008-03-01 14:33 -------- d-----w- c:\program files\Real
2010-03-16 08:43 . 2010-03-16 08:43 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-15 20:16 . 2010-03-08 20:16 439816 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-13 12:11 . 2007-04-04 19:33 228944 ----a-w- c:\users\TheNostradamus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-13 11:53 . 2010-03-13 11:52 -------- d-----w- c:\users\TheNostradamus\AppData\Roaming\Ulead Systems
2010-03-13 11:30 . 2010-03-13 11:30 -------- d-----w- c:\program files\Windows Media Components
2010-03-12 15:11 . 2009-04-02 09:20 -------- d-----w- c:\program files\Windows Live
2010-03-12 15:09 . 2009-03-21 16:40 -------- d-----w- c:\program files\Microsoft
2010-03-09 18:32 . 2008-11-07 11:01 588472 ----a-w- c:\windows\system32\ezsvc7x.dll
2010-03-09 07:45 . 2010-03-09 07:45 79368 ----a-w- c:\users\TheNostradamus\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-02-23 06:39 . 2010-03-31 09:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 19:01 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 19:01 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 19:01 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 10:32 . 2010-03-24 19:00 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-09 14:37 . 2010-03-29 13:39 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-02-09 14:37 . 2010-03-29 13:39 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-02-09 14:37 . 2010-03-29 13:39 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-02-09 14:37 . 2010-03-29 13:39 102439 ----a-w- c:\windows\system32\sipr3260.dll
2007-08-03 17:03 . 2007-08-03 17:03 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2009-03-31 21:47 . 2009-01-13 10:56 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2002-07-31 18:55 . 2010-03-20 13:18 106 --sh--w- c:\windows\WSYS049.SYS
2007-03-30 18:43 . 2007-03-30 18:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-05-03_08.23.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-04 20:47 . 2010-05-03 09:21 28492 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3951779315-1583897901-968269241-1000_UserData.bin
- 2007-04-04 20:47 . 2010-05-03 08:01 28492 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3951779315-1583897901-968269241-1000_UserData.bin
- 2007-04-04 19:27 . 2010-05-03 08:24 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-04 19:27 . 2010-05-03 09:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-04-04 19:27 . 2010-05-03 08:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-04 19:27 . 2010-05-03 09:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-04-04 19:45 . 2010-05-03 07:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-04 19:45 . 2010-05-03 09:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-04-04 19:45 . 2010-05-03 09:19 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-04 19:45 . 2010-05-03 07:59 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-04-04 19:45 . 2010-05-03 07:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-04-04 19:45 . 2010-05-03 09:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-03 09:19 . 2010-05-03 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-03 07:59 . 2010-05-03 07:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-03 07:59 . 2010-05-03 07:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-03 09:19 . 2010-05-03 09:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-03-30 11:11 . 2010-05-03 09:21 115712 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-03 09:21 208122 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-03 08:01 208122 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-04-04 19:27 . 2010-05-03 08:24 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-04-04 19:27 . 2010-05-03 09:34 180224 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\TheNostradamus\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\axcmd.exe" [2008-03-20 216520]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\TheNostradamus\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-22 39408]
"NortonUpdateAgent"="c:\programdata\Norton\NUA.exe" [2010-04-12 1808752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"kdx"="c:\program files\Kontiki\KHost.exe" [2008-10-21 1032640]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"tdmic"="c:\windows\system32\tdmic.exe" [2010-04-05 237568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-14 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-14 92704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\MissyLooby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\TheNostradamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-4-28 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-10 16:00 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-03-09 08:22 654648 ----a-w- c:\program files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-02-13 23:09 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-04-20 19:51 1217872 ----a-w- c:\games\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):76,7b,7c,91,7a,44,ca,01

R2 gupdate1c98bb3a2193e23;Google Update Service (gupdate1c98bb3a2193e23);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 133104]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 JL2005;JL2005A Toy Camera;c:\windows\system32\Drivers\toywdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-04-07 79888]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 ColdFusion 8 .NET Service;ColdFusion 8 .NET Service;c:\coldfusion8dotnetservice\CF8DotNetsvc.exe [2008-10-30 77824]
R4 ColdFusion 8 Application Server;ColdFusion 8 Application Server;c:\coldfusion8\runtime\bin\jrunsvc.exe [2008-03-18 65536]
R4 ColdFusion 8 ODBC Agent;ColdFusion 8 ODBC Agent;c:\coldfusion8\db\slserver54\bin\swagent.exe ColdFusion 8 ODBC Agent [x]
R4 ColdFusion 8 ODBC Server;ColdFusion 8 ODBC Server;c:\coldfusion8\db\slserver54\bin\swstrtr.exe ColdFusion 8 ODBC Server [x]
R4 ColdFusion 8 Search Server;ColdFusion 8 Search Server;c:\coldfusion8\verity\k2\_nti40\bin\k2admin.exe [2008-03-12 2743056]
R4 Macromedia JRun Admin Server;Macromedia JRun Admin Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 Macromedia JRun CFusion Server;Macromedia JRun CFusion Server;c:\jrun4\bin\jrunsvc.exe [2008-03-18 65536]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2008-04-14 716272]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2006-07-11 42392]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100422.001\IDSvix86.sys [2009-11-20 286768]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-19 21504]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-07-24 12856]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe [2010-01-08 103280]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe [2009-08-24 126392]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 19:19]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-10 19:12]

2010-05-02 c:\windows\Tasks\Norton Security Scan for TheNostradamus.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-04-13 12:46]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{41F550E9-2C3D-46F6-920F-BA37B5932926}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.itv-f1.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: hp.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\TheNostradamus\AppData\Roaming\Mozilla\Firefox\Profiles\hpxqd8dw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 11:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.543\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3951779315-1583897901-968269241-1000\C* Å*]
@Allowed: (Read) (RestrictedCode)
"WriteErrorLog"="No"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4912)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
.
Completion time: 2010-05-03 11:25:27
ComboFix-quarantined-files.txt 2010-05-03 10:25
ComboFix2.txt 2010-05-03 08:28
ComboFix3.txt 2010-05-01 19:39

Pre-Run: 126,349,258,752 bytes free
Post-Run: 126,300,725,248 bytes free

- - End Of File - - 23F16D97B2BE853167D5C144F0CF52E0


Report •

#18
May 11, 2010 at 00:25:32
***BUMP***

Report •

#19
May 14, 2010 at 02:15:56
right guys, the popunders seem to be gone however im still getting this popup that vanishes after 1 second, i looked in the history and its going to this site,>>>

http://redvase.bravenet.com/deliver...

Any ideas???


Report •

#20
June 10, 2010 at 01:25:24
Hi guys

I been away for a bit but the above popup is still on my computer..

these are the addresses that are ran..

http://www.myplanets.netai.net/ipad...

file:///C:/Users/TheNostradamus/Pictures/1280x1024.jpg (this is an image on my computer why is IE running this)

http://www.10fast.net/404.jsp

Any ideas.. I need your help....


Report •

Ask Question