Automatic Update Virus, and then some...

View previous topic View next topic Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 19th December 2009, 2:25 am

Yep, the 2 %fystemroot s came right back.

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 19th December 2009, 3:44 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 20th December 2009, 7:32 pm

When I click on the "Link 1" above, it shows the downloading of:
KittyFix.exe

is this correct?

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 20th December 2009, 9:28 pm

Yep. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 22nd December 2009, 8:27 pm

Ehhhhhh, holiday crap to do the last few days! But I am back again. And, with what I think is very good news!

I ran Combo-Fix, and it installed Windows Recovery Console, but then crashed with a blue screen and a continuous beeping noise that scared the "you know what out of me"! However, on the subsequent fresh restart of the computer, it ran all the way through perfectly fine!

And,.....

For the first time in months I got my "yellow shield" in the system tray telling me there are updates ready to download, and upon clicking it, updates are installing as we speak! I also looked (just to verify) in Control Panel/Administrative Tools/Services, and sure enough both Automatic Updates & Background Intelligent Transfer Service (BITS) are started!!!!!

Okay, my updates are complete I am going to restart my computer again as requested! Meantime, below is my Combo-Fix log. I haven't surfed the Internet yet, so I do not know if my Google redirecting virus is still alive. Should I expect it to be?


ComboFix 09-12-21.08 - z 12/22/2009 13:35:31.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.3032 [GMT -6:00]
Running from: c:\documents and settings\z\My Documents\My Downloads\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\z\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\z\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
C:\LOG460.tmp
C:\LOGC0D.tmp
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\kb913800.exe
c:\windows\system32\2827131531.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\Data
G:\Autorun.inf
K:\AUTORUN.INF

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KSI32SK
-------\Legacy_NICSK32
-------\Legacy_SECURENTM
-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_sys


((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\documents and settings\z\Application Data\Viewpoint
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\program files\Microsoft Money 2006
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\documents and settings\z\Local Settings\Application Data\AOL OCP
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\program files\AIM6
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\documents and settings\z\Local Settings\Application Data\cqfqou
2009-12-17 22:12 . 2009-12-17 22:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-17 22:11 . 2009-12-17 22:52 -------- d-----w- c:\program files\Viewpoint
2009-12-17 08:33 . 2009-12-17 08:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-05 18:37 . 2009-12-05 18:37 -------- d-----w- c:\documents and settings\z\Local Settings\Application Data\Unity
2009-12-02 21:13 . 2009-12-02 21:13 -------- d-----w- c:\program files\Trend Micro
2009-11-28 23:53 . 2009-11-28 23:53 -------- d-----w- c:\documents and settings\z\Application Data\Malwarebytes
2009-11-28 23:53 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 23:53 . 2009-12-19 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 23:53 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 23:53 . 2009-11-28 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 19:45 . 2007-02-13 20:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-22 18:33 . 2006-12-26 22:49 3834 ----a-w- c:\documents and settings\z\Application Data\SAS7_000.DAT
2009-12-22 18:33 . 2007-10-31 01:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-22 02:19 . 2008-04-17 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-21 04:51 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-21 04:51 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-20 18:20 . 2006-03-21 15:43 -------- d-----w- c:\program files\McAfee
2009-12-18 23:39 . 2006-04-06 19:35 -------- d-----w- c:\documents and settings\z\Application Data\Canon
2009-12-17 22:52 . 2006-03-21 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-17 22:51 . 2007-09-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 02:07 . 2006-03-21 15:23 -------- d-----w- c:\program files\Java
2009-12-11 23:45 . 2009-12-17 22:08 239834 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-12-11 21:37 . 2009-04-30 17:32 -------- d-----w- c:\program files\SpywareBlaster
2009-12-04 23:30 . 2006-03-21 15:40 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2009-12-04 05:28 . 2006-03-21 15:38 -------- d-----w- c:\program files\Corel
2009-12-04 05:23 . 2006-03-24 04:04 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-04 05:23 . 2006-03-24 04:04 104 --sh--r- c:\windows\system32\690E1F2E0D.sys
2009-12-04 01:46 . 2007-10-21 20:48 -------- d-----w- c:\documents and settings\z\Application Data\HPAppData
2009-11-30 01:20 . 2009-06-25 17:32 -------- d-----w- c:\program files\sys
2009-11-28 23:07 . 2009-10-15 17:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-27 21:57 . 2007-09-04 02:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-11 21:34 . 2007-02-08 21:14 -------- d-----w- c:\documents and settings\z\Application Data\Skype
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"CallControl 4.5"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-03 160592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallControl 4.5]
2002-05-18 16:05 122368 ----a-w- c:\program files\FaxTalk Communicator\FTCtrl32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 ----a-w- c:\progra~1\DELLSU~1\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-10-08 21:50 41824 ----a-w- c:\program files\Common Files\AOL\1170476348\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-20 04:10 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 21:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2006-12-22 18:28 756248 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-18 19:00 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-21 01:01 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-21 15:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-05-03 17:19 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-07 03:54 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-15 09:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-17 18:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 13:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170476348\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 1:06 PM 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/1/2008 8:57 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/21/2007 6:34 PM 24652]
S1 5922436;5922436;c:\windows\system32\drivers\5922436.sys [5/24/2009 3:39 PM 0]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: lasallebank.com\onlinebanking
Trusted Zone: musicmatch.com\online
DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-mferkdk
MSConfigStartUp-EPSON Stylus CX7400 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-22 13:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4154388428-524900779-1368262275-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,70,88,7e,1a,eb,83,91,be,92,ac,83,fb,c1,a3,5f,d1,9c,66,69,bf,eb,d4,
ac,6d,97,17,37,0a,ed,86,3e,50,d8,0e,1c,7d,a2,85,1d,c2,90,61,c8,d6,c3,a5,91,\
"??"=hex:b3,63,35,0c,d0,1b,29,1f,0b,4d,22,c5,a9,03,97,e6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2352)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\z\LOCALS~1\Temp\clclean.0001
c:\program files\FAXTALK COMMUNICATOR\FAPIEXE.EXE
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-22 13:57:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 19:57

Pre-Run: 86,251,737,088 bytes free
Post-Run: 86,019,002,368 bytes free

- - End Of File - - DD92EDB48C4A08D9AEA91A3892AD77F6

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 22nd December 2009, 8:35 pm

Okay, one more thing to do before we finish this up.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 22nd December 2009, 8:51 pm

Here ya go,...... {now, might you shovel snow in midwest USA too?! LOL}

3D Groove Playback Engine
Ad-Aware
Ad-Aware
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Reader 8
Adobe Shockwave Player 11
Advanced WindowsCare Personal 2.6.0
AI RoboForm (All Users)
AIM 6
Amazon MP3 Downloader 1.0.3
Andrea VoiceCenter
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5
ATI Control Panel
ATI Display Driver
ATI Parental Control
AusLogics Registry Defrag
Banctec Service Agreement
Big Kahuna Reef 2 (remove only)
Bonjour
BUM
Calendar Creator
Canon CanoScan Toolbox 4.1
CanoScan LiDE20,30 Manual
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Corel Photo Album 6
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Digital Content Portal
Digital Line Detect
Dragon NaturallySpeaking 10
Dragon NaturallySpeaking 9
EducateU
ELIcon
ESPNMotion
Eusing Free Registry Cleaner
FaxTalk Communicator 4.5
GemMaster Mystic
Get High Speed Internet!
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
HouseCall 6.6
HP Customer Participation Program 9.0
hp deskjet 940c series (Remove only)
HP Deskjet Printer Driver Software 9.0
HP Driver Diagnostics
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Small Business Image Uploader
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MVision
NetWaiting
NetZeroInstallers
OfxGen - 0.6
OmniPage SE
Otto
OverDrive Media Console
QuickTime
RealPlayer Basic
RollerCoaster Tycoon 3 Platinum
Roxio DLA
Roxio Express Labeler
Roxio MyDVD Plus
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scrabble
Search Assist
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Skype™ 4.0
Sonic Activation Module
Sonic Advanced Decoder
Sonic Encoders
Sonic Update Manager
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spybot - Search & Destroy
SpywareBlaster 4.2
The Print Shop 21
The Print Shop 21 Update
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtools 3D Life Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ Runtime for Dragon NaturallySpeaking
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 22nd December 2009, 10:36 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    Java 2 Runtime Environment, SE v1.4.2_03
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    KILALL::

    Driver::
    5922436

    File::
    c:\windows\bk23567.dat
    c:\windows\system32\drivers\5922436.sys

    Folder::
    c:\documents and settings\z\Application Data\Viewpoint
    c:\documents and settings\All Users\Application Data\Viewpoint
    c:\program files\Viewpoint
    c:\documents and settings\z\Local Settings\Application Data\cqfqou
    c:\program files\sys
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 22nd December 2009, 11:55 pm

Arrrgh, I made a mistake,..... I forgot to do step 1, remove the Javas & Viewpoints before I ran the altered Combo-Fix!
Did I screw stuff up?



ComboFix 09-12-21.08 - z 12/22/2009 17:29:07.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3710.3119 [GMT -6:00]
Running from: c:\documents and settings\z\My Documents\My Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\z\My Documents\My Downloads\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\bk23567.dat"
"c:\windows\system32\drivers\5922436.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\z\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\config.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\23EF2E17A90A8C08052F56425EC9E2848534890A.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\490CF6174BC02B54D21168BCD611BB33589E0794.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\6A166E84C45EC276DBB65A7996EFB86E493B4957.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\87DDC8B961B19EC0966E2A98AD734F5FEAEC078A.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\92922B9D40E438B2C3543BDA1B34726ACE24ABB0.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\cache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\CBE17F446A45122C541FC839C9FCE4FD8C751073.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache\FBC98F6BFA9328F33B48DFB25539F435C30FFA74.dat
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\history.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate-akamai.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\locate.mtz
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\policy-akamai.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\ServicesRegistry.xml
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\updates-akamai.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Manager\vdt.dat
c:\documents and settings\z\Application Data\Viewpoint
c:\documents and settings\z\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\z\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\z\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\z\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\z\Local Settings\Application Data\cqfqou
c:\documents and settings\z\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp
c:\program files\sys
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ExtremeShot.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\windows\system32\drivers\5922436.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_5922436
-------\Legacy_Viewpoint_Manager_Service
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2009-11-22 to 2009-12-22 )))))))))))))))))))))))))))))))
.

2009-12-22 20:09 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-12-22 19:55 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-22 19:54 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\program files\Microsoft Money 2006
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\documents and settings\z\Local Settings\Application Data\AOL OCP
2009-12-17 22:52 . 2009-12-17 22:52 -------- d-----w- c:\program files\AIM6
2009-12-17 22:12 . 2009-12-17 22:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-17 08:33 . 2009-12-17 08:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-05 18:37 . 2009-12-05 18:37 -------- d-----w- c:\documents and settings\z\Local Settings\Application Data\Unity
2009-12-02 21:13 . 2009-12-02 21:13 -------- d-----w- c:\program files\Trend Micro
2009-11-28 23:53 . 2009-11-28 23:53 -------- d-----w- c:\documents and settings\z\Application Data\Malwarebytes
2009-11-28 23:53 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-28 23:53 . 2009-12-19 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-28 23:53 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-28 23:53 . 2009-11-28 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-22 23:37 . 2007-02-13 20:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-22 20:32 . 2007-10-31 01:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-22 20:11 . 2009-12-22 20:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-22 20:10 . 2009-12-22 20:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-22 18:33 . 2006-12-26 22:49 3834 ----a-w- c:\documents and settings\z\Application Data\SAS7_000.DAT
2009-12-22 02:19 . 2008-04-17 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-21 04:51 . 2004-08-04 04:59 96512 ----a-w- c:\windows\system32\drivers\atapi.svs
2009-12-21 04:51 . 2004-08-04 04:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2009-12-20 18:20 . 2006-03-21 15:43 -------- d-----w- c:\program files\McAfee
2009-12-19 01:37 . 2009-12-19 01:37 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-18 23:39 . 2006-04-06 19:35 -------- d-----w- c:\documents and settings\z\Application Data\Canon
2009-12-17 22:51 . 2007-09-04 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-15 02:07 . 2006-03-21 15:23 -------- d-----w- c:\program files\Java
2009-12-11 23:45 . 2009-12-17 22:08 239834 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-12-11 21:37 . 2009-04-30 17:32 -------- d-----w- c:\program files\SpywareBlaster
2009-12-04 23:30 . 2006-03-21 15:40 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2009-12-04 05:28 . 2006-03-21 15:38 -------- d-----w- c:\program files\Corel
2009-12-04 05:23 . 2006-03-24 04:04 6216 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-04 05:23 . 2006-03-24 04:04 104 --sh--r- c:\windows\system32\690E1F2E0D.sys
2009-12-04 01:46 . 2007-10-21 20:48 -------- d-----w- c:\documents and settings\z\Application Data\HPAppData
2009-12-01 01:49 . 2009-09-22 00:49 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 23:07 . 2009-10-15 17:40 -------- d-----w- c:\program files\Windows Live Safety Center
2009-11-27 21:57 . 2007-09-04 02:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-11 21:34 . 2007-02-08 21:14 -------- d-----w- c:\documents and settings\z\Application Data\Skype
2009-10-29 07:46 . 2005-08-16 10:18 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-20 00:49 . 2009-06-30 00:55 2353992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-15 18:44 . 2009-10-15 18:44 183356 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\Uninstaller.exe
2009-10-15 18:44 . 2009-10-15 18:44 61440 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\Toolkit.dll
2009-10-15 18:44 . 2009-10-15 18:44 98304 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\getMac.exe
2009-10-15 18:44 . 2009-10-15 18:44 69632 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\mfcm80.dll
2009-10-15 18:44 . 2009-10-15 18:44 626688 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\msvcr80.dll
2009-10-15 18:44 . 2009-10-15 18:44 57344 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\mfcm80u.dll
2009-10-15 18:44 . 2009-10-15 18:44 548864 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\msvcp80.dll
2009-10-15 18:44 . 2009-10-15 18:44 479232 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\msvcm80.dll
2009-10-15 18:44 . 2009-10-15 18:44 1093632 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\mfc80.dll
2009-10-15 18:44 . 2009-10-15 18:44 1079808 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\mfc80u.dll
2009-10-15 18:43 . 2009-10-15 18:43 218736 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\patch.exe
2009-10-15 18:43 . 2009-10-15 18:43 189968 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\ciussi32.dll
2009-10-15 18:43 . 2009-10-15 18:43 170512 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\PATCHW32.DLL
2009-10-15 18:43 . 2009-10-15 18:43 1267320 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\TmUpdate.dll
2009-10-15 18:43 . 2009-10-15 18:43 90183 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\TmEngDrv.dll
2009-10-15 18:43 . 2009-10-15 18:43 832776 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\lea.dll
2009-10-15 18:43 . 2009-10-15 18:43 439560 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\jlea.dll
2009-10-15 18:43 . 2009-10-15 18:43 42320 ----a-w- c:\documents and settings\z\Application Data\HouseCall 6.6\dsvout.dll
2009-10-13 10:30 . 2005-08-16 10:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 10:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 10:18 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"CallControl 4.5"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-05-03 160592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CallControl 4.5]
2002-05-18 16:05 122368 ----a-w- c:\program files\FaxTalk Communicator\FTCtrl32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
2004-12-03 00:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 08:04 332800 ----a-w- c:\progra~1\DELLSU~1\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 20:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2007-10-08 21:50 41824 ----a-w- c:\program files\Common Files\AOL\1170476348\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-12 02:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2001-11-20 04:10 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-10-15 02:50 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-10-15 02:49 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-04-02 21:11 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2006-12-22 18:28 756248 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
2006-01-18 19:00 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-21 01:01 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-21 15:35 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2008-05-03 17:19 160592 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-03-07 03:54 24095528 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-15 09:23 75520 ----a-w- c:\program files\Java\jre1.5.0_11\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-17 18:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
2005-09-19 13:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170476348\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\McAfee.com\\Agent\\mcagent.exe"=

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 1:06 PM 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/1/2008 8:57 PM 93320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: lasallebank.com\onlinebanking
Trusted Zone: musicmatch.com\online
DPF: {7A7BA269-2D21-4B33-B60A-8510A1865D5F} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Viewpoint Manager - c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-12-22 17:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4154388428-524900779-1368262275-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,70,88,7e,1a,eb,83,91,be,92,ac,83,fb,c1,a3,5f,d1,9c,66,69,bf,eb,d4,
ac,6d,97,17,37,0a,ed,86,3e,50,d8,0e,1c,7d,a2,85,1d,c2,90,61,c8,d6,c3,a5,91,\
"??"=hex:b3,63,35,0c,d0,1b,29,1f,0b,4d,22,c5,a9,03,97,e6
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7608)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\Rundll32.exe
c:\docume~1\z\LOCALS~1\Temp\clclean.0001
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\program files\FAXTALK COMMUNICATOR\FAPIEXE.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-12-22 17:47:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-22 23:47
ComboFix2.txt 2009-12-22 19:57

Pre-Run: 85,484,343,296 bytes free
Post-Run: 85,480,804,352 bytes free

- - End Of File - - 8F103053643C1F9E885BB9FBB974B488

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 23rd December 2009, 12:03 am

No, uninstall the Java/Viewpoint stuff now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 23rd December 2009, 1:52 am

Okay I removed the Javas, The Viewpoints were no longer present.

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 23rd December 2009, 7:11 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 23rd December 2009, 10:51 pm

Hi there,

Computer seems to be great so far. I had to reinstall the latest version of Java. That went smoothly. I am very happy to have the updates working again. I have not done many Google searches yet, but what I have done so far has not been redirecting.

There are just a few issues that I have found:

My Calendar Creator program no longer loads. I get the following:
Cannot determine configuration in file "C:\Program Files\Broderbund\Calendar Creator\AGB\Startup.cfg".

I really need this fixed, as I use it daily. I actually do not recall if I have the CD or if I bought it via a download installation. Is there a way I could recapture it with backups or restores?

My Print Shop 21 program seems to have been deleted. I think I have my discs somewhere, but same question as above, is there a way I could recapture it with backups or restores? as this program would come in handy for some Christmas stuff and right now I do not know where my discs are without searching the entire house.

(Incidentally I believe Print Shop is also a Broderbund program)

Also, I have tried to remove Money 2006 and Dragon NaturallySpeaking version 9, via Start > Control Panel > Add/Remove Programs, but I do not get a clean uninstall without encountering an error.

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 23rd December 2009, 11:39 pm

Was that program error there before we started or result of the malware damage? As for programs that wont uninstall, lets try the Revo uninstaller.

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the programs you want to remove.
  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 27th December 2009, 10:31 pm

Hello, I'm back again after the holiday celebrations. I am liking how my computer is working, although it is a little slow at times.

Revo Uninstaller did not work for me, although I am not sure I ran it correctly. I got an error that some file was missing and then there was one part of it that looked like it was going to delete A LOT of files which I did not necessarily recognize, and I was worried that something else would get screwed up, so skipped that step.

I am thinking the old money and Dragon programs that I want to get rid of got goofed up when I did that restore after I had already uninstalled them?

Another issue has also come to light, that I believe the malware attacked, that I did that realize before.,..... My rear microphone no longer works. When I go to set up Speech in Control Panel I get :
"The requested task cannot be carried out because the necessary engine could not be created. Please select a different engine and/or a different audio device."

And when I go to set up my Sigma Tell Audio, the test hardware does not pick up any incoming audio from the microphone.

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 30th December 2009, 8:11 pm

Hello, I'm back again after the holiday celebrations. I am liking how my computer is working, although it is a little slow at times.

Revo Uninstaller did not work for me, although I am not sure I ran it correctly. I got an error that some file was missing and then there was one part of it that looked like it was going to delete A LOT of files which I did not necessarily recognize, and I was worried that something else would get screwed up, so skipped that step.

I am thinking the old money and Dragon programs that I want to get rid of got goofed up when I did that restore after I had already uninstalled them?

Another issue has also come to light, that I believe the malware attacked, that I did that realize before.,..... My rear microphone no longer works. When I go to set up Speech in Control Panel I get :
"The requested task cannot be carried out because the necessary engine could not be created. Please select a different engine and/or a different audio device."

And when I go to set up my Sigma Tell Audio, the test hardware does not pick up any incoming audio from the microphone.

Could I just download the Sigma Tell Audio driver from Dell and reinstall it? Would that ruin anything else?

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 30th December 2009, 8:26 pm

Could I just download the Sigma Tell Audio driver from Dell and reinstall it? Would that ruin anything else?

Yes, give that a try and let me know how it goes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 4th February 2010, 7:52 pm

Hi,

I have had a busy new year and am finally getting back to my computer issues after a month.

Actually, I haven't had to get back, because I am very satisfied with the fixes you gave me!. However, I am still having one major issue that I think developed during our fixes, my rear microphone is not working.

I could not find the proper driver to reinstall on the Dell website, so I did not do the step mentioned in the previous 2 posts. I really need the mic to work because it connects to my modem which I use to connect to my land line telephone.

Are there any backup files on my computer that I could use to restore the microphone
Got any suggestions?

Got any suggestions?

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 8th February 2010, 7:06 pm

Hi,

I have had a busy new year and am finally getting back to my computer issues after a month.

Actually, I haven't had to get back, because I am very satisfied with the fixes you gave me!. However, I am still having one major issue that I think developed during our fixes, my rear microphone is not working.

I could not find the proper driver to reinstall on the Dell website, so I did not do the step mentioned in the previous 2 posts. I really need the mic to work because it connects to my modem which I use to connect to my land line telephone.

Are there any backup files on my computer that I could use to restore the microphone?

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 8th February 2010, 8:16 pm

It's been awhile, lets make sure nothing snook back in.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 9th February 2010, 12:12 am

Thanks for your help again! Looks like I'm still running a clean system!

Malwarebytes' Anti-Malware 1.44
Database version: 3710
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/8/2010 6:07:03 PM
mbam-log-2010-02-08 (18-07-03).txt

Scan type: Quick Scan
Objects scanned: 136386
Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by Belahzur on 9th February 2010, 1:28 am

Hello.
Not sure what I can do about the microphone issue, you can try opening a topic in our hardware section and see if anyone has an answer for this.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Automatic Update Virus, and then some...

Post by GussieFinch on 9th February 2010, 1:46 am

Okay, will do!

Thanks again for all the help with my virus infections of the past!

I am going to donate to you guys!

GussieFinch
Novice
Novice

Posts Posts : 47
Joined Joined : 2009-11-29
OS OS : Windows XP Media Center Edition
Points Points : 26291
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum