1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

reditty.com, popups and multiple errors

Discussion in 'Virus & Other Malware Removal' started by mitchmedic, Apr 16, 2008.

Thread Status:
Not open for further replies.
  1. mitchmedic

    mitchmedic Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    3
    I seem to have contracted some sort of malware/adware/spyware called reditty.com and or vundo.g cant get rid of it, every time i try to install a spyware remover I get java errors and floating pont errors. I am pretty fed up here..

    Here is my HJT log

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
    C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\dlcjcoms.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
    C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\WINDOWS\mrofinu572.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Twain\Twain.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.dvbsquad.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,[email protected]
    O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [fcfb3d83] rundll32.exe "C:\WINDOWS\system32\bpwuyhxj.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Twain] C:\Program Files\Twain\Twain.exe
    O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/SCRABBLE/Images/stg_drm.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://142.176.79.114/tsweb/msrdp.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 13030 bytes


    Hope someone can help me!
     
  2. mitchmedic

    mitchmedic Thread Starter

    Joined:
    Apr 16, 2008
    Messages:
    3
    Here is the result of running Combofix.

    ComboFix 08-04-16.5 - Big Daddy 2008-04-17 1:42:55.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN [GMT -3:00]
    Running from: C:\Documents and Settings\Big Daddy\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Big Daddy\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\buildbu.bat
    C:\Documents and Settings\Big Daddy\Local Settings\Temporary Internet Files\bestwiner.stt
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\setup.inf
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\WINDOWS\system32\rsvxayay.ini
    C:\WINDOWS\system32\rsvxayay.ini2

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
    .

    2008-04-17 00:24 . 2008-04-17 00:24 <DIR> d-------- C:\WINDOWS\ERUNT
    2008-04-17 00:19 . 2008-04-17 00:19 <DIR> d-------- C:\Program Files\SDFix
    2008-04-17 00:04 . 2008-04-17 00:08 <DIR> d-------- C:\Documents and Settings\Big Daddy\.housecall6.6
    2008-04-16 23:57 . 2008-04-16 23:57 <DIR> d-------- C:\Program Files\FileZilla FTP Client
    2008-04-16 14:11 . 2008-04-16 14:11 <DIR> d-------- C:\Program Files\Trend Micro
    2008-04-16 13:56 . 2008-04-16 13:56 <DIR> d-------- C:\Program Files\AdwareAlert
    2008-04-16 13:56 . 2008-04-16 13:56 <DIR> d-------- C:\Documents and Settings\Big Daddy\Application Data\AdwareAlert
    2008-04-16 12:54 . 2008-04-17 01:54 1,524,544 ---hs---- C:\WINDOWS\system32\jxhyuwpb.ini
    2008-04-16 12:54 . 2008-04-16 12:54 100,379 --a------ C:\WINDOWS\system32\bpwuyhxj.dll
    2008-04-16 12:48 . 2008-04-16 12:48 108,044 --a------ C:\WINDOWS\system32\cymjqfik.dll
    2008-04-16 12:47 . 2008-04-16 12:47 <DIR> d-------- C:\Program Files\Twain
    2008-04-16 12:38 . 2008-04-16 12:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-04-16 12:22 . 2008-04-16 12:22 <DIR> d-------- C:\Program Files\Lavasoft
    2008-04-16 12:22 . 2008-04-16 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-04-16 12:16 . 2008-04-16 12:16 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
    2008-04-16 11:46 . 2008-04-16 11:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
    2008-04-16 11:45 . 2008-04-16 11:45 <DIR> d-------- C:\Program Files\Common Files\iS3
    2008-04-16 11:45 . 2008-04-16 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2008-04-15 15:51 . 2008-04-15 15:51 396,267 --a------ C:\WINDOWS\system32\yayaxvsr.dll
    2008-04-15 15:49 . 2008-04-15 15:49 34,099 --a------ C:\WINDOWS\system32\yayvusqq.dll
    2008-04-15 15:46 . 2008-04-15 15:46 34,099 --a------ C:\WINDOWS\system32\wvusroon.dll
    2008-04-10 22:23 . 2007-02-03 10:32 527,136 --a------ C:\WINDOWS\system32\LVUI2RC.dll
    2008-04-10 22:23 . 2007-02-03 10:29 264,992 --a------ C:\WINDOWS\system32\LVCodec2.dll
    2008-04-10 22:23 . 2007-02-03 10:32 215,840 --a------ C:\WINDOWS\system32\LVUI2.dll
    2008-04-10 22:18 . 2007-02-03 10:30 1,507,232 --a------ C:\WINDOWS\system32\drivers\lvpopflt.sys
    2008-04-10 22:18 . 2007-02-03 10:29 129,824 --a------ C:\WINDOWS\system32\lvci1051.dll
    2008-04-10 22:18 . 2007-02-03 08:59 50,127 --a------ C:\WINDOWS\system32\lvcoinst.ini
    2008-04-10 22:18 . 2007-02-03 10:32 41,504 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2008-04-10 22:18 . 2007-02-03 09:01 13,398 --a------ C:\WINDOWS\system32\Repository.reg
    2008-04-02 20:26 . 2008-04-02 20:26 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
    2008-04-01 13:02 . 2008-04-01 13:02 <DIR> d-------- C:\Documents and Settings\Baby Bear.DELLY\Application Data\Roxio
    2008-04-01 13:02 . 2008-04-01 13:02 <DIR> d-------- C:\Documents and Settings\Baby Bear.DELLY\Application Data\Logitech
    2008-03-27 01:22 . 2008-03-27 01:22 <DIR> d-------- C:\Documents and Settings\Big Daddy\Application Data\teamspeak2
    2008-03-27 01:22 . 2008-03-27 01:22 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
    2008-03-27 01:21 . 2008-03-27 01:22 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
    2008-03-22 09:56 . 2008-04-17 00:45 <DIR> d-------- C:\Temp
    2008-03-20 10:27 . 2008-03-20 11:54 <DIR> d-------- C:\Program Files\QuickTax 2007
    2008-03-20 10:27 . 2008-03-20 10:27 <DIR> d-------- C:\Program Files\Common Files\Intuit
    2008-03-20 10:27 . 2008-03-20 10:27 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
    2008-03-20 10:27 . 2008-03-20 10:27 <DIR> d-------- C:\Documents and Settings\Big Daddy\Application Data\Intuit Canada
    2008-03-20 10:26 . 2008-03-20 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit Canada
    2008-03-18 01:10 . 2008-04-16 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCPitstop

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-17 04:52 --------- d-----w C:\Program Files\Steam
    2008-04-17 02:37 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-04-17 02:35 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-04-16 15:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-16 15:12 --------- d-----w C:\Program Files\Google
    2008-04-15 16:59 --------- d-----w C:\Documents and Settings\Big Daddy\Application Data\Xfire
    2008-04-12 10:32 --------- d-----w C:\Program Files\Xfire
    2008-04-11 01:23 --------- d-----w C:\Program Files\Common Files\LogiShrd
    2008-04-11 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
    2008-04-10 14:59 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-04-06 22:30 --------- d-----w C:\Program Files\Dl_cats
    2008-03-26 02:38 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll
    2008-03-26 02:38 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll
    2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-18 04:10 --------- d-----w C:\Program Files\PCPitstop
    2008-03-11 03:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-03-11 03:15 --------- d-----w C:\Program Files\NovaLogic
    2008-03-01 21:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-28 15:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-28 13:30 --------- d-----w C:\Program Files\SCRABBLE
    2008-02-25 17:08 --------- d-----w C:\Documents and Settings\Big Daddy\Application Data\Roxio
    2008-02-25 17:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
    2008-02-25 17:01 --------- d-----w C:\Program Files\InterActual
    2008-02-25 16:50 --------- d-----w C:\Program Files\McAfee
    2008-02-25 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
    2008-02-25 16:46 --------- d-----w C:\Program Files\Roxio
    2008-02-25 16:43 --------- d-----w C:\Program Files\Common Files\SureThing Shared
    2008-02-25 16:43 --------- d-----w C:\Program Files\Common Files\Sonic Shared
    2008-02-25 16:41 --------- d-----w C:\Program Files\SightSpeed
    2008-02-25 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
    2008-02-25 16:39 --------- d-----w C:\Program Files\Common Files\Roxio Shared
    2008-02-25 16:38 --------- d-----w C:\Program Files\Common Files\SightSpeed
    2008-02-25 16:36 --------- d-----w C:\Program Files\DivX
    2008-02-25 16:30 --------- d-----w C:\Program Files\Sonic
    2008-02-24 02:28 --------- d-----w C:\Program Files\PartyGaming
    2008-02-23 01:05 --------- d-----w C:\Program Files\LimeWire
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-19 00:25 --------- d-----w C:\Program Files\Samsung
    2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-02-01 07:18 4 ----a-w C:\loadcounter.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1097CB08-A4A5-4770-894A-DDF83B62D7C1}]
    2008-04-17 01:56 393677 --a------ C:\WINDOWS\system32\rqrromjh.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a83c0c02-6151-4623-9177-c135b95ce73d}]
    2008-04-16 12:48 108044 --a------ C:\WINDOWS\system32\cymjqfik.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F34312CC-5BB9-4ED2-ACFB-0642BE235285}]
    2008-04-15 15:51 396267 --a------ C:\WINDOWS\system32\yayaxvsr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}]
    2008-04-15 15:46 34099 --a------ C:\WINDOWS\system32\wvusroon.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "Free Ram Optimizer"="C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe" [2003-08-22 09:19 57344]
    "igndlm.exe"="C:\Program Files\IGN\Download Manager\DLM.exe" [2007-03-05 13:57 1103480]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-31 02:41 1271032]
    "Twain"="C:\Program Files\Twain\Twain.exe" [2008-04-16 12:47 57344]
    "AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-04-14 18:48 7173360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 06:04 59392]
    "CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 12:43 57344]
    "CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 03:00 45056]
    "CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 03:00 90112]
    "BuildBU"="c:\dell\bldbubg.exe" [2005-08-09 23:32 61440]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\STSYSTRA.EXE]
    "DLCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 14:40 73728]
    "dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-09-30 11:51 430080]
    "MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 11:12 286720]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]
    "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
    "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 13:10 221184]
    "DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 02:07 102400]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 10:00 1116920]
    "PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-04 13:52 2577120]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12 488984]
    "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13 774168]
    "BMffc80e1f"="C:\WINDOWS\system32\afsflmou.dll" [2008-04-17 01:58 105642]
    "fcfb3d83"="C:\WINDOWS\system32\mbxmeukd.dll" [2008-04-17 01:59 100686]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-07 00:35:08 124400]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-13 02:56:13 784912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{FB422E7B-3D5E-4D9B-84C2-91B6C888CDE2}"= C:\WINDOWS\system32\wvusroon.dll [2008-04-15 15:46 34099]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvusroon]
    wvusroon.dll 2008-04-15 15:46 34099 C:\WINDOWS\system32\wvusroon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\rqrromjh

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\MSN Messenger\\msncall.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Atari\\ArmA Demo\\ArmADemo.exe"=
    "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Atari\\ArmA\\arma.exe"=

    R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 21:06]
    S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 17:12]
    S3 uisp;Motorola USB ICP driver;C:\WINDOWS\system32\Drivers\usbicp.sys []


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
    msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-04-17 04:52:56 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
    - C:\Program Files\AdwareAlert\AdwareAlert.ex
    - C:\Program Files\AdwareAler
    "2008-04-11 11:58:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-04-15 04:47:41 C:\WINDOWS\Tasks\McDefragTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe'
    "2008-04-01 04:00:14 C:\WINDOWS\Tasks\McQcTask.job"
    - c:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-17 01:53:31
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\system32\wvusroon.dll

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\system32\mbxmeukd.dll
    -> C:\WINDOWS\system32\afsflmou.dll
    -> C:\WINDOWS\system32\rqrromjh.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\ehome\ehRecvr.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
    C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
    C:\Program Files\McAfee\MPF\MpfSrv.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\WINDOWS\system32\dlcjcoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
    C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-17 2:01:16 - machine was rebooted [Big Daddy]
    ComboFix-quarantined-files.txt 2008-04-17 05:01:00

    Pre-Run: 17,175,404,544 bytes free
    Post-Run: 17,634,713,600 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    .
    2008-04-12 06:04:23 --- E O F ---
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - reditty popups multiple
  1. medreth
    Replies:
    1
    Views:
    522
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/704360

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice