RUNDLL >>>>>>Help!!!

vagg · 04-21-2008, 03:28 PM

Yes got me again.I can't belive im in the internet posting this as my computer is in bad shape.I was unable to repair it useing the hijack this as each time I deleted the rundll files and booted in safe mode and deleted all mt TEMP files the rundell's return the same or with diffrent names.My anti virus keeps blocking a RUNDLL trying to get onto my desktop and internet sheild from spysweeper keeps blocking TOMOTUA.COM.
Could someone plz go over my hijack log and find the errorr im missing that keeps reactivating my rundll's........? tks
I have unlocked all my files and made the hijack log as it is when I started up.
{NOTE}I havent rebooted after I unlocked the files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:25 AM, on 4/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp Remote\bin\orbtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Winamp Remote\bin\OrbIR.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\cBsPJCuU.dll,#1
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\vagg\AppData\Local\Temp\nnnoOgfd.dll,#1
O4 - HKCU\..\Run: [BM6d0a03fa] "Rundll32.exe" "C:\Users\vagg\AppData\Local\Temp\hjligita.dll ",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vagg\AppData\Local\Temp\rqRHwULc.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.ex e
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 12017 bytes

Punk · 04-21-2008, 05:04 PM

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

vagg · 04-21-2008, 07:01 PM

Quote:

Originally Posted by Punk

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file from one of the three below listed places :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

OMG I think that worked!!!!
No DLL errors and I can log into Internet explorer now.

color=purple]The following files were disabled during the run:[/color]
C:\Windows\system32\sockspy.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\cBsPJCuU.dll
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\systeminfo3.dll
C:\Windows\system32\wpcap.dll

I ran it twice cause I thought it froze but on second run it got sockspy which I feel was causing alot of the problems.Alot of stuff in my system files but as of now none of them gone is making a diffrence.
Tks for your help Punk

Punk · 04-21-2008, 07:10 PM

Hey could you please post the whole log with a new Hijackthis log as well?

I just want to make sure everything is gone

vagg · 04-21-2008, 07:27 PM

Quote:

Originally Posted by Punk

Hey could you please post the whole log with a new Hijackthis log as well?

I just want to make sure everything is gone

Np

Running from: C:\Users\vagg\Desktop\ComboFix.exe
* Resident AV is active

.
The following files were disabled during the run:
C:\Windows\system32\sockspy.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Windows\system32\cBsPJCuU.dll
C:\Windows\system32\drivers\npf.sys
C:\Windows\system32\packet.dll
C:\Windows\system32\systeminfo3.dll
C:\Windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-20 13:45 . 2008-04-20 13:48 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-04-18 20:29 . 2008-04-18 20:29 <DIR> d-------- C:\Program Files\Fox Magic
2008-04-18 20:29 . 2005-06-12 17:29 77,824 --a------ C:\Windows\System32\fmcodec.DLL
2008-04-18 10:42 . 2008-04-18 10:43 <DIR> d-------- C:\Program Files\Magic Video Converter
2008-04-18 10:42 . 2004-05-26 21:37 719,872 --a------ C:\Windows\System32\devil.dll
2008-04-18 10:42 . 2003-03-19 11:03 544,768 --a------ C:\Windows\System32\msvcr71d.dll
2008-04-18 10:42 . 2006-09-16 19:44 314,368 --a------ C:\Windows\System32\avisynth.dll
2008-04-18 10:04 . 2008-04-18 10:05 <DIR> d-------- C:\Program Files\InterActual
2008-04-18 01:34 . 2008-04-18 01:34 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-18 01:34 . 2008-04-18 01:34 1,409 --a------ C:\Windows\QTFont.for
2008-04-18 00:54 . 2008-04-18 01:08 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-04-18 00:54 . 2008-04-18 01:11 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-04-17 23:34 . 2008-04-17 23:34 <DIR> d-------- C:\Users\vagg\AppData\Roaming\PeerNetworking
2008-04-17 22:42 . 2008-04-17 22:42 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Apple Computer
2008-04-17 22:41 . 2008-04-17 22:42 <DIR> d-------- C:\Program Files\iTunes
2008-04-17 22:41 . 2008-04-17 22:41 <DIR> d-------- C:\Program Files\iPod
2008-04-17 22:40 . 2008-04-17 22:40 <DIR> d-------- C:\Program Files\Bonjour
2008-04-17 22:39 . 2008-04-17 22:41 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-04-17 22:39 . 2008-04-17 22:41 <DIR> d-------- C:\ProgramData\Apple Computer
2008-04-17 22:39 . 2008-04-17 22:40 <DIR> d-------- C:\Program Files\QuickTime
2008-04-17 22:38 . 2008-04-17 22:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-17 22:37 . 2008-04-17 22:37 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-04-17 22:36 . 2008-04-17 22:36 <DIR> d-------- C:\Users\All Users\Apple
2008-04-17 22:36 . 2008-04-17 22:36 <DIR> d-------- C:\ProgramData\Apple
2008-04-16 21:38 . 2008-04-16 21:38 <DIR> d-------- C:\Program Files\mSoft
2008-04-16 21:07 . 2008-04-16 21:07 <DIR> d-------- C:\Windows\Caps
2008-04-16 21:07 . 2008-04-16 21:07 <DIR> d-------- C:\Program Files\RapidLeecher Ultimate 2007
2008-04-15 07:49 . 2008-04-15 07:50 <DIR> d-------- C:\Windows\Lhsp
2008-04-15 07:49 . 2008-04-15 07:49 172,557 --a------ C:\Windows\KARI2 Uninstaller.exe
2008-04-15 07:48 . 2008-04-15 07:48 <DIR> d-------- C:\Program Files\KARI2
2008-04-14 19:00 . 2008-04-16 10:10 <DIR> d-------- C:\v2d
2008-04-14 15:23 . 2008-04-18 17:51 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-14 13:37 . 2008-04-14 13:37 0 --a------ C:\Windows\nsreg.dat
2008-04-14 09:50 . 2008-04-14 09:50 <DIR> d-------- C:\Program Files\Mayoko
2008-04-13 20:54 . 2008-04-13 20:54 <DIR> d-------- C:\Users\vagg\AppData\Roaming\StumbleUpon
2008-04-13 20:54 . 2008-04-13 21:07 <DIR> d-------- C:\Program Files\StumbleUpon
2008-04-12 18:00 . 2008-04-18 01:29 <DIR> d-------- C:\tmp
2008-04-12 11:56 . 2008-04-12 11:56 49 --a------ C:\Windows\NeroDigital.ini
2008-04-11 08:51 . 2008-04-11 08:51 <DIR> d-------- C:\NVIDIA
2008-04-11 08:46 . 2008-04-11 08:46 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-10 19:15 . 2008-04-10 19:16 <DIR> d-------- C:\Program Files\Ace Translator
2008-04-10 14:18 . 2008-04-10 14:18 <DIR> d-------- C:\Users\vagg\AppData\Roaming\TrojanHunter
2008-04-10 14:11 . 2008-04-10 14:13 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-04-10 00:04 . 2008-04-10 00:04 <DIR> d-------- C:\Program Files\ID Security Suite
2008-04-09 18:49 . 2008-04-09 18:49 <DIR> d-------- C:\Users\All Users\Icon Constructor 3
2008-04-09 18:49 . 2008-04-09 18:49 <DIR> d-------- C:\ProgramData\Icon Constructor 3
2008-04-09 18:48 . 2008-04-09 18:48 <DIR> d-------- C:\Program Files\Icon Constructor 3
2008-04-09 15:16 . 2008-04-09 15:16 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Axialis
2008-04-09 15:16 . 2008-04-09 15:16 <DIR> d-------- C:\Program Files\Axialis
2008-04-09 14:27 . 2008-04-09 14:27 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Stardock
2008-04-09 14:27 . 2008-04-09 14:27 <DIR> d--h----- C:\Users\All Users\{4D84A86B-BFC2-4B9B-B3C4-207F5860E952}
2008-04-09 14:27 . 2008-04-09 14:27 <DIR> d--h----- C:\ProgramData\{4D84A86B-BFC2-4B9B-B3C4-207F5860E952}
2008-04-08 22:24 . 2008-04-08 22:35 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-04-08 22:24 . 2008-04-08 22:35 <DIR> d-------- C:\ProgramData\Lavasoft
2008-04-08 22:24 . 2008-04-08 22:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-08 17:26 . 2008-04-08 17:26 <DIR> d-------- C:\Users\vagg\AppData\Roaming\DAEMON Tools Pro
2008-04-08 16:23 . 2008-04-08 16:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-04-08 16:23 . 2008-04-08 16:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-04-08 09:05 . 2008-04-08 09:05 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-04-08 09:05 . 2008-04-08 09:05 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-04-08 09:04 . 2008-04-08 09:04 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-04-08 09:04 . 2008-04-08 09:04 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-07 11:50 . 2008-04-07 11:50 <DIR> d-------- C:\Users\vagg\AppData\Roaming\CyberLink
2008-04-07 11:50 . 2008-04-07 11:50 <DIR> d-------- C:\Users\All Users\CyberLink
2008-04-07 11:50 . 2008-04-07 11:50 <DIR> d-------- C:\ProgramData\CyberLink
2008-04-07 08:02 . 2008-04-07 08:02 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-04-07 08:02 . 2008-04-07 08:02 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-04-07 08:01 . 2008-04-07 08:01 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information
2008-04-07 07:58 . 2008-04-07 07:58 <DIR> d--h----- C:\Program Files\CanonBJ
2008-04-07 07:58 . 2006-03-03 15:35 389,180 --------- C:\Windows\System32\UCS32P.DLL
2008-04-07 07:58 . 2006-09-13 05:00 197,632 --------- C:\Windows\System32\CNMLM6S.DLL
2008-04-07 07:58 . 2006-09-26 14:16 159,744 --------- C:\Windows\System32\CNCC130.DLL
2008-04-07 07:58 . 2006-09-26 14:16 94,208 --------- C:\Windows\System32\CNCL130.DLL
2008-04-07 07:58 . 2006-09-26 14:17 49,152 --------- C:\Windows\System32\cncisco.dll
2008-04-07 07:58 . 2006-09-26 14:16 37,376 --------- C:\Windows\System32\CNCI130.DLL
2008-04-07 01:16 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
2008-04-07 01:16 . 2008-03-03 18:21 568 --ah----- C:\Windows\nod32fixtemdono.reg
2008-04-07 01:13 . 2008-04-07 01:13 <DIR> d-------- C:\Users\All Users\ESET
2008-04-07 01:13 . 2008-04-07 01:13 <DIR> d-------- C:\ProgramData\ESET
2008-04-07 01:13 . 2008-04-07 01:13 <DIR> d-------- C:\Program Files\ESET
2008-04-06 20:08 . 2008-04-21 10:38 81,984 --a------ C:\Windows\System32\bdod.bin
2008-04-06 20:07 . 2008-04-06 20:07 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Bitdefender
2008-04-06 20:02 . 2008-04-06 20:03 <DIR> d-------- C:\Users\All Users\BitDefender
2008-04-06 20:02 . 2008-04-06 20:03 <DIR> d-------- C:\ProgramData\BitDefender
2008-04-06 20:02 . 2008-04-06 20:02 <DIR> d-------- C:\Program Files\Softwin
2008-04-06 20:01 . 2008-04-06 20:02 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-04-06 18:57 . 2008-04-06 18:57 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Uniblue
2008-04-06 18:57 . 2008-04-06 18:57 <DIR> d-------- C:\Program Files\Uniblue
2008-04-06 10:36 . 2008-04-06 10:38 <DIR> d-------- C:\Program Files\Dark Egypt
2008-04-06 09:32 . 2008-04-06 09:32 <DIR> d-------- C:\Program Files\The Game Creators
2008-04-06 01:47 . 2008-04-18 01:32 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Roxio
2008-04-06 01:24 . 2008-04-06 01:24 <DIR> d-------- C:\Users\All Users\Sonic
2008-04-06 01:24 . 2008-04-06 01:24 <DIR> d-------- C:\ProgramData\Sonic
2008-04-06 01:17 . 2008-04-18 01:00 <DIR> d-------- C:\Users\All Users\Roxio
2008-04-06 01:17 . 2008-04-18 01:00 <DIR> d-------- C:\ProgramData\Roxio
2008-04-06 01:11 . 2008-04-18 01:07 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2008-04-06 01:10 . 2008-04-06 01:33 <DIR> d-------- C:\Users\All Users\SmartSound Software Inc
2008-04-06 01:10 . 2008-04-06 01:10 <DIR> d-------- C:\Users\All Users\eSellerate
2008-04-06 01:10 . 2008-04-06 01:33 <DIR> d-------- C:\ProgramData\SmartSound Software Inc
2008-04-06 01:10 . 2008-04-06 01:10 <DIR> d-------- C:\ProgramData\eSellerate
2008-04-06 01:10 . 2008-04-06 01:10 <DIR> d-------- C:\Program Files\SmartSound Software
2008-04-06 01:08 . 2008-04-18 01:10 <DIR> d-------- C:\Program Files\Roxio
2008-04-06 01:05 . 2008-04-06 01:05 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-04-05 21:33 . 2008-04-05 21:33 1,048,576 --ahs---- C:\Users\vagg\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
2008-04-05 21:33 . 2008-04-05 21:33 1,048,576 --ahs---- C:\Users\vagg\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
2008-04-05 21:33 . 2008-04-05 21:33 1,048,576 --ahs---- C:\Users\vagg\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
2008-04-05 21:33 . 2008-04-05 21:33 65,536 --ahs---- C:\Users\vagg\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
2008-04-05 18:54 . 2008-04-06 17:38 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-05 18:52 . 2008-04-05 18:52 <DIR> d-------- C:\Program Files\Real
2008-04-05 18:11 . 2008-04-05 18:11 <DIR> d-------- C:\Users\All Users\Winamp Toolbar
2008-04-05 18:11 . 2008-04-05 18:38 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-04-05 18:11 . 2008-04-05 18:11 <DIR> d-------- C:\ProgramData\Winamp Toolbar
2008-04-05 18:11 . 2008-04-05 18:38 <DIR> d-------- C:\ProgramData\OrbNetworks
2008-04-05 18:11 . 2008-04-05 18:11 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-04-05 18:10 . 2008-04-20 18:47 <DIR> d-------- C:\Program Files\Winamp Remote
2008-04-05 18:09 . 2008-04-05 18:11 <DIR> d-------- C:\Users\vagg\AppData\Roaming\Winamp
2008-04-05 18:09 . 2008-04-05 18:11 <DIR> d-------- C:\Program Files\Winamp
2008-04-05 18:09 . 2007-03-07 16:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-04-05 16:31 . 2008-04-05 16:31 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-04-05 16:24 . 2008-04-05 16:24 685,816 --------- C:\Windows\System32\drivers\sptd.sys
2008-04-05 07:46 . 1996-11-05 16:13 299,008 --a------ C:\Windows\uninst.exe
2008-04-05 06:46 . 2008-04-05 06:51 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-05 06:33 . 2008-04-18 18:00 <DIR> d-------- C:\Program Files\Opera
2008-04-05 00:48 . 2008-04-05 00:48 22,575,104 --a------ C:\Windows\System32\imageres.dll
2008-04-05 00:47 . 2008-04-05 00:47 <DIR> d-------- C:\Users\All Users\Stardock

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-04-04 04:27 174 --sha-w C:\Program Files\desktop.ini
2008-04-04 04:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-04-04 04:22 --------- d-----w C:\Program Files\Windows Mail
2008-04-04 04:22 --------- d-----w C:\Program Files\Windows Defender
2008-04-04 04:22 --------- d-----w C:\Program Files\Windows Calendar
2008-04-04 04:12 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-04-04 04:12 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-04-04 04:12 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-04-04 04:12 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-04-04 04:12 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-04-04 04:10 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-04-04 04:07 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-04-04 04:07 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-04-04 04:07 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-04-04 04:07 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-04-04 04:07 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-04-04 04:07 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-04-04 04:07 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-04-04 04:07 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-04-04 04:01 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-04-04 04:01 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-04-04 04:01 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-03-14 06:04 46,652 ------w C:\Windows\system32\drivers\scdemu.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6}"= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-04-03 10:40 1523736]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Active Desktop Calendar"="C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-10-19 11:08 3678208]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2008-03-24 06:42 524800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-04-03 21:04 1006264]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-04-02 09:32 1261568]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-04-01 12:44 49152]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-19 23:36 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="RUNDLL32.exe" [2006-11-02 02:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 02:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 02:45 44544 C:\Windows\System32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 15:52 240112]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 03:44 113136]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Users\vagg\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 15:34:48 3746856]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{C3F37ECA-A8D9-4633-92C6-FE24C7D16ABA}"= C:\Windows\system32\cBsPJCuU.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]
fsp_lmwl.dll 2007-11-29 11:42 44400 C:\Windows\System32\fsp_lmwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2008-01-08 14:01 212728 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"VIDC.FMVC"= fmcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"TCP Query User{9BC5FAC1-A439-4B31-9E31-446837ACFFF5}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{704B0EAF-F140-4E9B-B565-B5E930C455B5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{98A42A16-63A6-4F6F-B622-3049B886FEC8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{12B7C0F6-548E-4AF5-92CB-C61818005D9E}C:\\program files\\ares ultra\\ares ultra.exe"= UDP:C:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows
"UDP Query User{B7B6C5F8-19E3-4BB5-B9D5-BFF55F3A637B}C:\\program files\\ares ultra\\ares ultra.exe"= TCP:C:\program files\ares ultra\ares ultra.exe:Ares Ultra p2p for windows
"TCP Query User{D8E47A24-3E0B-4262-91E7-B0C4BD6F664F}C:\\windows.old\\program files\\ares\\ares.exe"= UDP:C:\windows.old\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{897B910F-7D9D-4AE5-A5FA-A7E90F75D5FE}C:\\windows.old\\program files\\ares\\ares.exe"= TCP:C:\windows.old\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{0FDB8C10-E90C-45C5-A7F6-28D9B3F65D57}C:\\users\\vagg\\desktop\\ares.exe"= UDP:C:\users\vagg\desktop\ares.exe:ares.exe
"UDP Query User{429A5575-C090-4301-AB7A-ED3BA47AF7CF}C:\\users\\vagg\\desktop\\ares.exe"= TCP:C:\users\vagg\desktop\ares.exe:ares.exe
"TCP Query User{5E36C0B3-9F54-4DF0-B79F-92AEFD5370A5}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{2134B299-2206-429D-A316-4EAF0D69D46B}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{70F35B96-FC11-492F-BFCA-7D38D78C4A8D}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{DDC6D865-089D-4975-A82C-E8800C3D5643}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{A661E8E1-B921-40FA-A7DC-EB7D3B593B91}C:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= UDP:C:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"UDP Query User{FDBC20CB-0801-4535-B6C8-F5AADF65CF73}C:\\program files\\crs\\battleground europe\\ww2_sse2.exe"= TCP:C:\program files\crs\battleground europe\ww2_sse2.exe:WW2
"{2019B19C-96BB-46DD-8161-E3AFCE335D98}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{8EB28607-A30B-4F23-9C83-B0A9208FFD69}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{CCE9214B-230F-4B8D-81B4-9F432DE798DE}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{4866DDDF-733E-43D6-92D6-F992FF6298F1}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords
"{59C1D9BB-6BA2-4A66-9B73-CF4683D60B3E}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{BF1ED13C-82F8-4437-B2B5-167A1071A681}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss
"{58B474B9-B2AA-466C-BB93-6CA69537E81F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{72602707-24DC-4DBE-8504-42F4D18307B8}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{42C78627-8ACC-4C25-8142-A38CF0EFB0FC}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{A7915F68-43FD-4DE8-9D70-145ED120BC2E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F9D2A128-D6E2-42EA-B6A3-071C7B743D0B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{8A057680-9870-48BA-AE7B-B4A5C961FA4D}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{6DEFEFA9-1266-46B9-913A-5384004932BC}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{200804C7-B81A-4F79-AEE7-4CC0683477A2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"TCP Query User{7315CB20-70D6-40F5-ADC2-74513DC7F2B5}C:\\users\\vagg\\documents\\downloads \\cryptz downloader\\crypzt_totalgrafix.net\\crypzt_totalgr afix.net\\crypzt\\routerclient.exe"= UDP:C:\users\vagg\documents\downloads\cryptz downloader\crypzt_totalgrafix.net\crypzt_totalgraf ix.net\crypzt\routerclient.exe:routerclient.exe
"UDP Query User{1D0CCAE2-E9CC-4343-9FF6-25423884D8C3}C:\\users\\vagg\\documents\\downloads \\cryptz downloader\\crypzt_totalgrafix.net\\crypzt_totalgr afix.net\\crypzt\\routerclient.exe"= TCP:C:\users\vagg\documents\downloads\cryptz downloader\crypzt_totalgrafix.net\crypzt_totalgraf ix.net\crypzt\routerclient.exe:routerclient.exe
"TCP Query User{156E32A7-3FCC-41A0-9A7B-0F7271332FED}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F2DC9593-8EB2-474E-921D-08D888715F2A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"{B6EB72AC-AB1A-46E5-A0C1-0002D7466AB7}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{245071CF-481F-4866-91BE-DB5D8A9625EC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{92BEF852-BDD4-46DE-BB93-C5A24B3680B4}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5CA8D104-1414-41B9-9848-5F3611282BD8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

R1 c2scsi;c2scsi;C:\Windows\system32\DRIVERS\c2scsi.s ys [2007-08-18 01:34]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfw tdir.sys [2008-02-20 11:11]
R1 vdrv9000;vdrv9000;C:\Windows\system32\DRIVERS\vdrv 9000.sys [2007-11-14 12:42]
R2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-02-05 15:44]
R2 LmpcService;Lock My PC Service;C:\Program Files\Lock My PC 4\LmpcServ.exe [2007-06-12 15:47]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 02:45]
R2 VC9SecS;Virtual CD v9 Management Service;C:\Program Files\Virtual CD v9\System\vc9secs.exe [2007-12-03 14:03]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\Wi nTV\HCWTVS~1.EXE [2007-02-20 15:11]
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\system32\drivers\hcw18bda.sys [2007-04-18 16:30]
R3 LMPC4;LMPC4;C:\Windows\system32\drivers\LMPC4.sys [2007-10-08 22:59]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-11-19 06:59]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 02:45]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 15:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 15:52]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 15:52]
S3 HH9Help.sys;HH9Help.sys;C:\Windows\system32\driver s\HH9Help.sys [2006-09-20 11:42]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 15:53]
S3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 15:52]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.ex e [2008-04-04 10:16]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 17:41:09 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-21 17:41:10 C:\Windows\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-04 07:24:26 C:\Windows\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\wbload.dll
-> C:\Program Files\XemiComputers\Active Desktop Calendar\MouseHook.dll
-> C:\Program Files\Atomic Alarm Clock\Clock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.ex e
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Lock My PC 4\lockpc.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Winamp Remote\bin\OrbIR.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\WinTV\HCB046~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
.
************************************************** ************************
.
Completion time: 2008-04-21 10:48:03 - machine was rebooted [vagg]
ComboFix-quarantined-files.txt 2008-04-21 17:47:36

Pre-Run: 325,264,080,896 bytes free
Post-Run: 325,106,429,952 bytes free

344 --- E O F --- 2008-04-13 16:46:18

Punk · 04-21-2008, 08:57 PM

Ok your combifix log is clean.

Can you please post a new Hijackthis log? We got some lines to clean.

vagg · 04-21-2008, 10:01 PM

Quote:

Originally Posted by Punk

Ok your combifix log is clean.

Can you please post a new Hijackthis log? We got some lines to clean.

Running processes:
C:\Program Files\Lock My PC 4\lockpc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundTray] "C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.ex e
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10962 bytes

Punk · 04-22-2008, 11:19 AM

Alright your log is clean

04-21-2008, 03:28 PM	#1 (permalink)
vagg Bronze Member Join Date: May 2006 Posts: 47	RUNDLL >>>>>>Help!!! Yes got me again.I can't belive im in the internet posting this as my computer is in bad shape.I was unable to repair it useing the hijack this as each time I deleted the rundll files and booted in safe mode and deleted all mt TEMP files the rundell's return the same or with diffrent names.My anti virus keeps blocking a RUNDLL trying to get onto my desktop and internet sheild from spysweeper keeps blocking TOMOTUA.COM. Could someone plz go over my hijack log and find the errorr im missing that keeps reactivating my rundll's........? tks I have unlocked all my files and made the hijack log as it is when I started up. {NOTE}I havent rebooted after I unlocked the files. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:26:25 AM, on 4/21/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16609) Boot mode: Normal Running processes: C:\Program Files\Lock My PC 4\lockpc.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Winamp Remote\bin\orbtray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp Remote\bin\Orb.exe C:\Program Files\Winamp Remote\bin\OrbIR.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = socks= R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = .local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll O3 - Toolbar: (no name) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file) O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [SoundTray] "C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" O4 - HKLM\..\Run: [MSServer] "rundll32.exe" C:\Windows\system32\cBsPJCuU.dll,#1 O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SkinClock] "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\vagg\AppData\Local\Temp\nnnoOgfd.dll,#1 O4 - HKCU\..\Run: [BM6d0a03fa] "Rundll32.exe" "C:\Users\vagg\AppData\Local\Temp\hjligita.dll ",s O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\vagg\AppData\Local\Temp\rqRHwULc.dll,c O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O13 - Gopher Prefix: O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - C:\Program Files\Lock My PC 4\LmpcServ.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Program Files\Virtual CD v9\System\vc9secs.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.ex e O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe -- End of file - 12017 bytes Last edited by vagg; 04-21-2008 at 04:00 PM.*

04-21-2008, 05:04 PM	#2 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,489	Download and Run ComboFix If you already have Combofix, please delete this copy and download it again as it's being updated regularly. Download this file from one of the three below listed places : http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Then double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Combofix should never take more that 20 minutes including the reboot if malware is detected. If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue. If that happened we want to know, and also what process you had to end. __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

04-21-2008, 07:10 PM	#4 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,489	Hey could you please post the whole log with a new Hijackthis log as well? I just want to make sure everything is gone __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

04-21-2008, 08:57 PM	#6 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,489	Ok your combifix log is clean. Can you please post a new Hijackthis log? We got some lines to clean. __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

04-22-2008, 11:19 AM	#8 (permalink)
Punk Diamond Member Join Date: Jan 2007 Location: France Age: 18 Posts: 4,489	Alright your log is clean __________________ Punk's anti-hackers website Punk's Website making and registering tutorial! Rise And Fall, Rage And Grace The Offspring! Huck it! I just want to be who I want to be guess that's hard for others to see

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
rundll error	sglumc	General Software	1	06-30-2006 04:32 PM
Rundll???	sirmixalot42691	Computer Security	7	03-31-2006 03:04 AM
HP RUNDLL Error help needed!!!	Scrapped>.<	General Software	1	10-08-2004 07:57 PM