spyware problem

T

T34m1nat0r

New Member
okay, all of a sudden, a bunch of porn ads popup on my desktop and a bunch of errors start coming up and virus alert and stuff. Sooo... I'm not exactly sure how to get rid of this..but heres my hijack log. Can someone please help me?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:34:55 PM, on 9/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\VIE2AFB.exe
C:\Windows\System32\VIE2CEE.exe
C:\Windows\System32\VIE3009.exe
C:\Windows\System32\VIE31DD.exe
C:\Program Files\MSA\MSA.exe
C:\Windows\System32\VIEB1E5.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Alex\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: CodecPlugin Class - {d9fa8502-dd44-4152-a23f-65ea4ee2e556} - C:\Windows\system32\CodecBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [\VIE2AFB.exe] C:\Windows\System32\VIE2AFB.exe
O4 - HKLM\..\Run: [\VIE2CEE.exe] C:\Windows\System32\VIE2CEE.exe
O4 - HKLM\..\Run: [\VIE3009.exe] C:\Windows\System32\VIE3009.exe
O4 - HKLM\..\Run: [\VIE31DD.exe] C:\Windows\System32\VIE31DD.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIEB1E5.exe] C:\Windows\System32\VIEB1E5.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\VIE2AFB.exe] C:\Windows\System32\VIE2AFB.exe
O4 - HKCU\..\Run: [\VIE2CEE.exe] C:\Windows\System32\VIE2CEE.exe
O4 - HKCU\..\Run: [\VIE3009.exe] C:\Windows\System32\VIE3009.exe
O4 - HKCU\..\Run: [\VIE31DD.exe] C:\Windows\System32\VIE31DD.exe
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKCU\..\Run: [\VIEB1E5.exe] C:\Windows\System32\VIEB1E5.exe
O4 - HKCU\..\Run: [\VIE962.exe] C:\Windows\System32\VIE962.exe
O4 - HKCU\..\Run: [\VIE9A0.exe] C:\Windows\System32\VIE9A0.exe
O4 - HKCU\..\Run: [\VIEAD8.exe] C:\Windows\System32\VIEAD8.exe
O4 - HKCU\..\Run: [\VIEC7E.exe] C:\Windows\System32\VIEC7E.exe
O4 - HKCU\..\Run: [\VIEB3A5.exe] C:\Windows\System32\VIEB3A5.exe
O4 - HKCU\..\Run: [\VIE8EF5.exe] C:\Windows\System32\VIE8EF5.exe
O4 - HKCU\..\Run: [\VIE8F15.exe] C:\Windows\System32\VIE8F15.exe
O4 - HKCU\..\Run: [\VIE902D.exe] C:\Windows\System32\VIE902D.exe
O4 - HKCU\..\Run: [\VIE9221.exe] C:\Windows\System32\VIE9221.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 10711 bytes
 
I ran combofix and then did another hijack this log.... still porn sites will make shortcuts to my desktop and a firewall warning and ms antivirus pops up (cant tell if it's really microsoft or if its the adware) the ms antivirus says it has 90 threats and perform a scan to fix this...but it doesnt look like microsoft.... help???


ComboFix 08-09-01.01 - Alex 2008-09-01 14:45:43.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1876 [GMT -7:00]
Running from: C:\Users\Alex\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Alex\AppData\Roaming\macromedia\Flash Player\#SharedObjects\7V93M4WQ\bin.clearspring.com
C:\Users\Alex\AppData\Roaming\macromedia\Flash Player\#SharedObjects\7V93M4WQ\bin.clearspring.com\clearspring.sol
C:\Users\Alex\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\Alex\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.

2008-09-01 14:05 . 2008-08-29 19:46 106,496 --a------ C:\Windows\System32\VIEB1E5.exe
2008-09-01 14:03 . 2008-08-29 19:46 3,262 --a------ C:\Windows\System32\2.ico
2008-09-01 13:59 . 2008-09-01 13:59 <DIR> d-------- C:\Program Files\MSA
2008-09-01 13:59 . 2008-08-28 14:57 167,424 --a------ C:\Windows\System32\MSA.cpl
2008-09-01 13:59 . 2008-08-29 19:46 33,280 --a------ C:\Windows\System32\VIE2AFB.exe
2008-09-01 13:59 . 2008-08-29 19:46 32,768 --a------ C:\Windows\System32\VIE2CEE.exe
2008-09-01 13:59 . 2008-08-29 19:46 31,232 --a------ C:\Windows\System32\VIE31DD.exe
2008-09-01 13:59 . 2008-08-29 19:46 30,720 --a------ C:\Windows\System32\VIE3009.exe
2008-09-01 13:59 . 2008-08-29 19:46 3,262 --a------ C:\Windows\System32\1.ico
2008-09-01 10:08 . 2008-09-01 10:08 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-09-01 08:14 . 2008-09-01 08:14 155,648 --a------ C:\Windows\System32\CodecBHO.dll
2008-08-31 19:59 . 2008-08-31 19:59 <DIR> d-------- C:\Program Files\SEGA
2008-08-31 19:29 . 2008-08-31 19:29 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Electronic Arts
2008-08-29 10:28 . 2008-08-29 10:28 <DIR> d-------- C:\ProgramData\NexonUS
2008-08-29 10:28 . 2008-08-30 17:01 <DIR> d-------- C:\Nexon
2008-08-27 09:44 . 2008-08-27 09:44 <DIR> d-------- C:\ProgramData\Applications
2008-08-26 20:04 . 2008-08-26 20:04 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-26 14:36 . 2008-08-26 14:36 <DIR> d-------- C:\Program Files\Neffy
2008-08-26 09:10 . 2008-08-26 09:10 <DIR> d-------- C:\Program Files\Common Files\Microsoft Games
2008-08-26 08:25 . 2008-08-26 08:26 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-08-26 08:21 . 2008-08-26 08:21 <DIR> d-------- C:\Program Files\PowerISO
2008-08-25 23:29 . 2008-08-25 23:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-25 23:03 . 2008-08-25 23:03 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-08-25 23:03 . 2008-08-25 23:03 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-08-25 23:03 . 2008-08-25 23:03 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-08-25 23:03 . 2008-08-25 23:03 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-08-25 23:03 . 2008-08-25 23:03 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-25 22:17 . 2008-08-25 22:17 <DIR> d-------- C:\Program Files\HyCam2
2008-08-25 21:17 . 2007-11-08 02:04 11,967,524 --a------ C:\Windows\System32\korwbrkr.lex
2008-08-25 15:51 . 2008-07-18 22:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-25 15:51 . 2008-07-18 20:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-25 15:51 . 2008-07-18 22:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-25 15:51 . 2008-07-18 22:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-25 15:50 . 2008-07-18 22:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-25 15:50 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-25 15:50 . 2008-07-18 20:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-25 15:50 . 2008-07-18 22:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-25 15:50 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-25 14:04 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-08-25 14:04 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-08-25 14:04 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-08-25 14:03 . 2008-04-22 21:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-08-25 14:03 . 2008-04-22 21:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-08-25 14:03 . 2008-04-22 21:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-08-25 14:03 . 2008-04-22 21:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-08-25 13:46 . 2007-01-15 17:57 31,616 --a------ C:\Windows\System32\drivers\livecamv.sys
2008-08-25 13:45 . 2006-09-19 13:56 57,656 --------- C:\Windows\System32\drivers\FilterPC.bmp
2008-08-25 13:45 . 2007-08-30 11:39 24,995 --------- C:\Windows\System32\drivers\FilterPC.jpg
2008-08-25 11:32 . 2008-08-25 15:59 <DIR> d-------- C:\Program Files\PoRTaL
2008-08-24 20:41 . 2008-08-24 20:41 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-08-24 20:37 . 2008-08-24 20:37 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-08-24 20:27 . 2008-08-24 20:27 <DIR> d-------- C:\Program Files\Electronic Arts
2008-08-24 17:12 . 2008-08-24 17:12 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Roxio
2008-08-24 17:12 . 2008-08-24 17:12 <DIR> d-------- C:\ProgramData\Roxio
2008-08-24 16:23 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-08-24 16:22 . 2008-08-24 19:25 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Microsoft Game Studios
2008-08-24 16:22 . 2008-08-24 19:26 <DIR> d-------- C:\ProgramData\Microsoft Games
2008-08-24 15:38 . 2008-08-24 15:38 <DIR> d-------- C:\ProgramData\WinZip
2008-08-24 11:40 . 2008-08-24 20:38 22,328 --a------ C:\Users\Alex\AppData\Roaming\PnkBstrK.sys
2008-08-24 11:39 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-08-24 11:39 . 2007-05-16 16:45 3,497,832 --a------ C:\Windows\System32\d3dx9_34.dll
2008-08-24 11:39 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-08-24 11:39 . 2007-05-16 16:45 1,124,720 --a------ C:\Windows\System32\D3DCompiler_34.dll
2008-08-24 11:39 . 2008-08-24 20:38 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-08-24 11:39 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-08-24 11:39 . 2007-05-16 16:45 443,752 --a------ C:\Windows\System32\d3dx10_34.dll
2008-08-24 11:39 . 2007-04-04 18:53 81,768 --a------ C:\Windows\System32\xinput1_3.dll
2008-08-23 17:27 . 2008-03-24 18:00 265,568 --a------ C:\Windows\System32\drivers\OA002Vid.sys
2008-08-23 17:27 . 2007-06-07 18:00 148,056 --a------ C:\Windows\System32\drivers\OA002Afx.sys
2008-08-23 17:27 . 2008-03-24 20:37 142,432 --a------ C:\Windows\System32\drivers\OA002Ufd.sys
2008-08-23 17:27 . 2006-09-18 22:56 57,656 --a------ C:\Windows\System32\drivers\OA002PC.bmp
2008-08-23 17:27 . 2008-03-24 18:00 40,960 --a------ C:\Windows\System32\OA002Pin.dll
2008-08-23 17:27 . 2008-03-03 18:00 28,672 --a------ C:\Windows\OA002Cfg.exe
2008-08-23 17:27 . 2008-03-03 18:00 24,576 --a------ C:\Windows\System32\OA002Srv.exe
2008-08-23 17:27 . 2008-03-03 18:00 24,576 --a------ C:\Windows\System32\OA002Pin.crl
2008-08-23 17:27 . 2007-02-02 03:01 22,951 --a------ C:\Windows\System32\drivers\OA002PC.jpg
2008-08-23 17:27 . 2008-03-03 02:57 4,426 --a------ C:\Windows\OA002.uns
2008-08-23 13:38 . 2008-08-23 13:38 <DIR> d-------- C:\Windows\System32\vmm32
2008-08-23 12:47 . 2008-08-23 12:47 <DIR> d-------- C:\Program Files\Xvid
2008-08-23 12:47 . 2008-04-27 10:33 765,952 --a------ C:\Windows\System32\xvidcore.dll
2008-08-23 12:47 . 2008-04-27 10:35 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-08-23 12:47 . 2007-06-28 18:55 77,824 --a------ C:\Windows\System32\xvid.ax
2008-08-23 12:41 . 2008-08-23 12:41 <DIR> d-------- C:\Users\Alex\AppData\Roaming\vlc
2008-08-23 12:40 . 2008-08-23 12:40 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-23 11:51 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-08-23 11:50 . 2008-08-23 11:50 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-23 11:49 . 2008-08-23 11:49 <DIR> d-------- C:\Windows\PCHEALTH
2008-08-23 11:41 . 2008-08-25 21:16 <DIR> d-------- C:\Program Files\Windows Live
2008-08-23 11:41 . 2008-08-23 17:23 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-23 11:40 . 2008-08-23 11:40 <DIR> d-------- C:\ProgramData\WLInstaller
2008-08-23 11:23 . 2008-08-23 11:32 <DIR> d-------- C:\ProgramData\Creative
2008-08-23 10:48 . 2008-08-23 10:48 <DIR> d-------- C:\Users\Alex\AppData\Roaming\tmp
2008-08-23 10:48 . 2008-08-23 10:48 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Reallusion
2008-08-23 10:26 . 2008-08-25 13:47 <DIR> d-------- C:\Program Files\Dell Webcam
2008-08-23 09:37 . 2008-08-23 11:21 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Creative
2008-08-22 23:22 . 2008-08-31 20:39 162,008 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-08-22 23:22 . 2008-08-31 20:39 111,928 --a------ C:\Windows\System32\PnkBstrB.exe
2008-08-22 23:22 . 2008-08-24 11:39 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-08-22 23:07 . 2008-08-22 23:07 <DIR> d-------- C:\Users\Alex\AppData\Roaming\InstallShield
2008-08-22 22:47 . 2008-08-31 20:12 <DIR> d-------- C:\Program Files\WarRock
2008-08-22 22:14 . 2008-08-22 22:55 <DIR> d-------- C:\Windows\nvtmpinst
2008-08-22 22:12 . 2008-08-22 22:12 <DIR> d-------- C:\NVIDIA
2008-08-22 21:49 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Mcx1\Videos
2008-08-22 21:49 . 2006-11-02 03:23 <DIR> d-------- C:\Users\Mcx1\Saved Games
2008-08-22 21:49 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Mcx1\Pictures
2008-08-22 21:49 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Mcx1\Music
2008-08-22 21:49 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Mcx1\Links
2008-08-22 21:49 . 2006-11-02 03:23 <DIR> dr------- C:\Users\Mcx1\Downloads
2008-08-22 21:49 . 2008-08-22 21:49 <DIR> dr------- C:\Users\Mcx1\Documents
2008-08-22 21:49 . 2008-08-22 21:49 <DIR> d--h----- C:\Users\Mcx1\AppData
2008-08-22 21:49 . 2008-08-22 21:49 <DIR> d-------- C:\Users\Mcx1
2008-08-22 21:23 . 2008-09-01 13:40 <DIR> d-------- C:\Program Files\Starcraft
2008-08-22 20:15 . 2008-08-22 20:15 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-22 17:43 . 2008-08-25 22:20 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-22 17:43 . 2008-08-25 22:09 <DIR> d-------- C:\Fraps
2008-08-22 17:05 . 2008-08-23 23:31 <DIR> d-------- C:\Program Files\World of Warcraft
2008-08-22 16:55 . 2008-08-22 16:55 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Apple Computer
2008-08-22 16:54 . 2008-08-22 16:55 <DIR> d-------- C:\Program Files\iTunes
2008-08-22 16:54 . 2008-08-22 16:54 <DIR> d-------- C:\Program Files\iPod
2008-08-22 16:54 . 2008-08-22 16:54 <DIR> d-------- C:\Program Files\Bonjour
2008-08-22 16:53 . 2008-08-22 16:54 <DIR> d-------- C:\ProgramData\Apple Computer
2008-08-22 16:49 . 2008-08-25 21:02 412,265,405 --a------ C:\Windows\MEMORY.DMP
2008-08-22 16:49 . 2008-04-26 01:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-08-22 16:49 . 2008-04-26 01:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-08-22 16:49 . 2008-04-26 01:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 15:25 --------- d-----w C:\Program Files\Microsoft Games
2008-08-23 17:35 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-22 23:29 --------- d-----w C:\Program Files\Windows Mail
2008-08-22 22:45 --------- d-sh--w C:\ProgramData\Templates
2008-08-22 22:45 --------- d-sh--w C:\ProgramData\Start Menu
2008-08-22 22:45 --------- d-sh--w C:\ProgramData\Favorites
2008-08-22 22:45 --------- d-sh--w C:\ProgramData\Documents
2008-08-22 22:45 --------- d-sh--w C:\ProgramData\Desktop
2008-08-22 22:45 --------- d-sh--w C:\ProgramData\Application Data
2008-07-26 19:48 92,704 ----a-w C:\Windows\System32\nvmctray.dll
2008-07-19 02:08 36,368 ----a-w C:\Windows\system32\drivers\tmpreflt.sys
2008-07-19 02:08 205,328 ----a-w C:\Windows\system32\drivers\tmxpflt.sys
2008-07-19 01:51 1,195,448 ----a-w C:\Windows\system32\drivers\vsapint.sys
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-07 07:40 56,108 ----a-w C:\Windows\system32\drivers\scdemu.sys
2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9fa8502-dd44-4152-a23f-65ea4ee2e556}]
2008-09-01 08:14 155648 --a------ C:\Windows\system32\CodecBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-01-15 11:31 106496]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-20 19:25 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 20:56 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 05:11 490952]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 19:23 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 19:25 202240]
"\VIE2AFB.exe"="C:\Windows\System32\VIE2AFB.exe" [2008-08-29 19:46 33280]
"\VIE2CEE.exe"="C:\Windows\System32\VIE2CEE.exe" [2008-08-29 19:46 32768]
"\VIE3009.exe"="C:\Windows\System32\VIE3009.exe" [2008-08-29 19:46 30720]
"\VIE31DD.exe"="C:\Windows\System32\VIE31DD.exe" [2008-08-29 19:46 31232]
"\VIEB1E5.exe"="C:\Windows\System32\VIEB1E5.exe" [2008-08-29 19:46 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 21:18 17920]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2008-01-03 14:57 184864]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 10:44 16384]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-03-25 09:28 1393928]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-26 12:48 13576736]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-26 12:48 92704]
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-03-20 10:51 442499]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 00:34 167936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"\VIE2AFB.exe"="C:\Windows\System32\VIE2AFB.exe" [2008-08-29 19:46 33280]
"\VIE2CEE.exe"="C:\Windows\System32\VIE2CEE.exe" [2008-08-29 19:46 32768]
"\VIE3009.exe"="C:\Windows\System32\VIE3009.exe" [2008-08-29 19:46 30720]
"\VIE31DD.exe"="C:\Windows\System32\VIE31DD.exe" [2008-08-29 19:46 31232]
"Antivirus"="C:\Program Files\MSA\MSA.exe" [2008-08-28 14:55 415232]
"\VIEB1E5.exe"="C:\Windows\System32\VIEB1E5.exe" [2008-08-29 19:46 106496]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 04:00 4702208 C:\Windows\RtHDVCpl.exe]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 16:50 9728 C:\Windows\System32\HCIMNTR.DLL]
"PMX Daemon"="ICO.EXE" [2006-11-08 13:01 49152 C:\Windows\System32\ico.exe]

C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 14:33:10 1058088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-13 09:43:38 715568]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-28 11:20:00 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-15 21:01 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9DEC47C9-5634-44A4-87F9-D87F8DAA054D}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{935BEF25-1E35-446B-984B-7AD30F3E36CE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{6D9804D4-500C-4B72-95D2-A5680B0E43A9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{FB99460D-8EE1-48BD-815A-49563718A984}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E4DE087B-6B57-486E-AD51-41CDE3FD412B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2DEF891C-F633-4BE8-8E8A-6B1798E21FE6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{FB81D52A-FD4A-43C6-B943-957B564E243E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{BF7673B9-2284-4511-8369-4FA238E28311}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0CEAE6F9-E968-47D1-AD59-0BA0503B4385}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{22A7E85B-10B3-4631-9794-C0DBE7DFDA8D}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{3E1089DD-BA9B-4ABF-84B7-2E60847ED9D4}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{8EB8EDCC-94A6-4947-B163-C8579519447C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B7AD6C7F-F28A-49AD-A3AD-F2012728E1DB}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{00B09B7B-7E68-492C-8BFB-CDEE1F31400E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{8330AB01-816F-4301-9C6E-505591442696}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{0DE058E4-11D4-4B26-9679-982257D748D7}"= UDP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{ABF91656-3520-47D2-AC05-5B085FDDF417}"= TCP:C:\ProgramData\NexonUS\NGM\NGM.exe:Nexon Game Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2008-01-15 04:16]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2008-03-25 09:27]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 14:56]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2008-03-25 09:27]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-04-01 21:42]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-01 21:42]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-01 21:42]
R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;C:\Windows\system32\Drivers\OA002Afx.sys [2007-06-07 18:00]
R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys [2008-03-24 20:37]
R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys [2008-03-24 18:00]
R3 pmxmouse;PMXMOUSE;C:\Windows\system32\DRIVERS\pmxmouse.sys [2007-06-01 11:41]
R3 pmxusblf;PMXUSBLF;C:\Windows\system32\DRIVERS\pmxusblf.sys [2007-05-24 14:44]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\Windows\system32\DRIVERS\livecamv.sys [2007-01-15 17:57]
S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-20 19:23]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 19:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 19:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92cb64e3-70a0-11dd-9f0d-001e4ccc96ac}]
\shell\AutoRun\command - K:\SETUP.EXE

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\VIE962.exe - C:\Windows\System32\VIE962.exe
HKCU-Run-\VIE9A0.exe - C:\Windows\System32\VIE9A0.exe
HKCU-Run-\VIEAD8.exe - C:\Windows\System32\VIEAD8.exe
HKCU-Run-\VIEC7E.exe - C:\Windows\System32\VIEC7E.exe
HKCU-Run-\VIEB3A5.exe - C:\Windows\System32\VIEB3A5.exe
HKCU-Run-\VIE8EF5.exe - C:\Windows\System32\VIE8EF5.exe
HKCU-Run-\VIE8F15.exe - C:\Windows\System32\VIE8F15.exe
HKCU-Run-\VIE902D.exe - C:\Windows\System32\VIE902D.exe
HKCU-Run-\VIE9221.exe - C:\Windows\System32\VIE9221.exe
HKCU-Run-\VIEEAF.exe - C:\Windows\System32\VIEEAF.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\sa27m27t.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 14:51:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\VIE2AFB.exe"="C:\\Windows\\System32\\VIE2AFB.exe"
"\\VIE2CEE.exe"="C:\\Windows\\System32\\VIE2CEE.exe"
"\\VIE3009.exe"="C:\\Windows\\System32\\VIE3009.exe"
"\\VIE31DD.exe"="C:\\Windows\\System32\\VIE31DD.exe"
"\\VIEB1E5.exe"="C:\\Windows\\System32\\VIEB1E5.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\\VIE2AFB.exe"="C:\\Windows\\System32\\VIE2AFB.exe"
"\\VIE2CEE.exe"="C:\\Windows\\System32\\VIE2CEE.exe"
"\\VIE3009.exe"="C:\\Windows\\System32\\VIE3009.exe"
"\\VIE31DD.exe"="C:\\Windows\\System32\\VIE31DD.exe"
"\\VIEB1E5.exe"="C:\\Windows\\System32\\VIEB1E5.exe"
"\\VIE962.exe"="C:\\Windows\\System32\\VIE962.exe"
"\\VIE9A0.exe"="C:\\Windows\\System32\\VIE9A0.exe"
"\\VIEAD8.exe"="C:\\Windows\\System32\\VIEAD8.exe"
"\\VIEC7E.exe"="C:\\Windows\\System32\\VIEC7E.exe"
"\\VIEB3A5.exe"="C:\\Windows\\System32\\VIEB3A5.exe"
"\\VIE8EF5.exe"="C:\\Windows\\System32\\VIE8EF5.exe"
"\\VIE8F15.exe"="C:\\Windows\\System32\\VIE8F15.exe"
"\\VIE902D.exe"="C:\\Windows\\System32\\VIE902D.exe"
"\\VIE9221.exe"="C:\\Windows\\System32\\VIE9221.exe"
"\\VIEEAF.exe"="C:\\Windows\\System32\\VIEEAF.exe"
.
Completion time: 2008-09-01 14:54:35
ComboFix-quarantined-files.txt 2008-09-01 21:52:43

Pre-Run: 387,139,407,872 bytes free
Post-Run: 388,382,806,016 bytes free

316 --- E O F --- 2008-08-28 10:00:37
 
I couldnt fit the hijack onto the 2nd post, so here it is

hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:43 PM, on 9/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\System32\VIE2AFB.exe
C:\Windows\System32\VIE2CEE.exe
C:\Windows\System32\VIE3009.exe
C:\Windows\System32\VIE31DD.exe
C:\Program Files\MSA\MSA.exe
C:\Windows\System32\VIEB1E5.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: CodecPlugin Class - {d9fa8502-dd44-4152-a23f-65ea4ee2e556} - C:\Windows\system32\CodecBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [\VIE2AFB.exe] C:\Windows\System32\VIE2AFB.exe
O4 - HKLM\..\Run: [\VIE2CEE.exe] C:\Windows\System32\VIE2CEE.exe
O4 - HKLM\..\Run: [\VIE3009.exe] C:\Windows\System32\VIE3009.exe
O4 - HKLM\..\Run: [\VIE31DD.exe] C:\Windows\System32\VIE31DD.exe
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\MSA\MSA.exe
O4 - HKLM\..\Run: [\VIEB1E5.exe] C:\Windows\System32\VIEB1E5.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [\VIE2AFB.exe] C:\Windows\System32\VIE2AFB.exe
O4 - HKCU\..\Run: [\VIE2CEE.exe] C:\Windows\System32\VIE2CEE.exe
O4 - HKCU\..\Run: [\VIE3009.exe] C:\Windows\System32\VIE3009.exe
O4 - HKCU\..\Run: [\VIE31DD.exe] C:\Windows\System32\VIE31DD.exe
O4 - HKCU\..\Run: [\VIEB1E5.exe] C:\Windows\System32\VIEB1E5.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9546 bytes
 
Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
 
I already deleted everything in the recycle bin....but here it is

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, September 1, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, September 01, 2008 23:43:34
Records in database: 1175988
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\

Scan statistics:
Files scanned: 191958
Threat name: 6
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 03:05:53


File name / Threat name / Threats count
C:\$Recycle.Bin\S-1-5-21-2408029947-3369762149-3869174083-1000\$R3H73NK\MSA.cpl Infected: not-a-virus:FraudTool.Win32.MSAntivirus.r 1
C:\$Recycle.Bin\S-1-5-21-2408029947-3369762149-3869174083-1000\$R3H73NK\MSA.exe Infected: not-a-virus:FraudTool.Win32.MSAntivirus.r 1
C:\Windows\System32\MSA.cpl Infected: not-a-virus:FraudTool.Win32.MSAntivirus.r 1
C:\Windows\System32\VIE2AFB.exe Infected: not-a-virus:FraudTool.Win32.Agent.bp 1
C:\Windows\System32\VIE2CEE.exe Infected: not-a-virus:FraudTool.Win32.Agent.bo 1
C:\Windows\System32\VIE3009.exe Infected: Trojan.Win32.Agent.abux 1
C:\Windows\System32\VIE31DD.exe Infected: Trojan.Win32.Agent.abpr 1
C:\Windows\System32\VIEB1E5.exe Infected: Trojan-Downloader.Win32.Agent.aejp 1

The selected area was scanned.
 
T34m1nat0r said:
should i just delete the files that have infections and then im good?
Click to expand...

Pls don't do that,

wait for ceewi1 to come and he will help you, pls don't do anything with those files!

Thankyou.

You should have some instructions in a couple of hours.
 
still waiting...oh btw...i stopped those processes and shortly after everything seemed fixed....no more porn shortcuts and internet explorer popping up a blank screen every once in a while....but not I can't use the internet with my browsers......

Just wat I need.
 
OK, i'll PM ceewi1 and ask him to come here first so he can help you, it's not like ceewi1 to take so long, maybe he has been busy.

Sorry for the Delay.

Cohen
 
I do not have an unlimited amount of time to devote to providing members with free support, particularly as I've been working 14 hours a day recently.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • You can also access the log in the Logs tab of Malwarebytes' Anti-Malware.

  • Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\Windows\System32\MSA.cpl
C:\Windows\System32\VIE2AFB.exe
C:\Windows\System32\VIE2CEE.exe
C:\Windows\System32\VIE3009.exe
C:\Windows\System32\VIE31DD.exe
C:\Windows\System32\VIEB1E5.exe
C:\Windows\System32\2.ico
C:\Windows\System32\1.ico
C:\Windows\System32\CodecBHO.dll

Folder::
C:\Program Files\MSA

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d9fa8502-dd44-4152-a23f-65ea4ee2e556}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\VIE2AFB.exe"=-
"\VIE2CEE.exe"=-
"\VIE3009.exe"=-
"\VIE31DD.exe"=-
"\VIEB1E5.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\VIE2AFB.exe"=-
"\VIE2CEE.exe"=-
"\VIE3009.exe"=-
"\VIE31DD.exe"=-
"Antivirus"=-
"\VIEB1E5.exe"=-
  • Save this as CFScript.txt and change the Save as type to All Files and place it on your desktop.


    CFScriptB-4.gif



  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply, along with a new HijackThis log. How is your system running now?
CAUTION:
Do NOT mouse-click ComboFix's window while it is running. That may cause it to stall.
Also, please do NOT adjust your time format while ComboFix is running.

Please post
  • The Malwarebytes' Anti-Malware log
  • The ComboFix log
  • A new HijackThis log
  • An update on how your system is running now
 
okay, I downloaded malwarebytes and did everything you told me to do. I'll post the log. Then I tried the combofix script, windows said something like "cfccatchme has stopped working" over and over, so when I click ok to restart computer, it wouldn't let me. So.... eventually it stopped showing it but it only showed the desktop. Then I had to shut off my computer and I got a blue screen and checking my hard drive or whatever. Then my computer wasn't connected to the internet anymore. It wouldn't let me log in. I talked with quest and I deleted malwarbyte and it worked again. But i'm scared to do my combofix. But I have hijack this log. Oh, my computer works great:)

And yes, I know some of my posts seem like i'm complaining, but "bump" doesn't seem exactly appropriate. I'm just some 16 year old kid getting in trouble with his torrenting. I didn't know you had a job, (and you are doing this for free regardless) But I really do appreciate what you do ceewi. (you too cohen).

Anywayz, here are my logz.

Malwarebytes' Anti-Malware 1.26
Database version: 1113
Windows 6.0.6001 Service Pack 1

9/4/2008 6:37:48 PM
mbam-log-2008-09-04 (18-37-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 231446
Time elapsed: 1 hour(s), 16 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 28
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\CodecBHO.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{163685ed-1cdf-4cce-bd65-9e3a89dad89b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{44736d5c-0c65-478b-b5c5-d3e609597f8d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fbdf0788-3fbb-4ff1-a64e-877a4fa80be7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7a65bdb-dea9-4c59-aecd-4f48f1b3824c} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fa8502-dd44-4152-a23f-65ea4ee2e556} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9fa8502-dd44-4152-a23f-65ea4ee2e556} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2afb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2afb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2cee.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie2cee.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie3009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie31dd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie31dd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb1e5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb1e5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viefe5a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\viefeb8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieffb2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie1b4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie7ff8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieac96.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie5db0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie815.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieb1af.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie5b4a.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie4e4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieaead.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie5867.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie220.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vieabe9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie55d2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\vie85.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\VIE2AFB.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\VIE2CEE.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\VIE3009.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\VIE31DD.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\VIEB1E5.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\MSA.cpl (Rogue.MSAntivirus) -> Quarantined and deleted successfully.
C:\Windows\System32\CodecBHO.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.



And now my hijack logs


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:35 PM, on 9/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\Pmxmiced.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Users\Alex\Desktop\Alex's Stuff\Anti-v stuff\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8480 bytes

PS: I uninstalled trend micro anti-virus and got AVG instead. Hope that makes a difference.
 
Excellent, Malwarebytes' Anti-Malware has removed all the files I was targeting with CFScript, so there is no need to attempt that again. Your logfiles now appear to be clean.

Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:
  • Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
    It should have next icon next to it:
    javaicon.gif

    Select it and click Remove.
  • Then Download and install the newest version from here:

Below I have included some ideas on how to prevent future infections.

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please navigate to http://windowsupdate.microsoft.com and download all the Critical Updates for Windows. These will patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Some good free firewalls are ZoneAlarm, Kerio, or Outpost. All of these will provide a far greater level of protection than the firewall built into Windows.
A tutorial on understanding and using firewalls may be found here.

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's
Immunize and TeaTimer features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad which provides protections against malicious websites.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure are looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
 
You must log in or register to reply here.
Back
Top