Tech Support Forum - View Single Post - Pop-ups keep coming !!!

Tps.llc · 01-24-2008, 02:01 PM

Ok here we go
ComboFix 08-01-23.2 - Kallen's 2008-01-24 4:14:06.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT -6:00]
Running from: C:\Documents and Settings\Kallen's\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Kallen's\Application Data\install.dat
C:\Documents and Settings\LocalService\Application Data\Install.dat
C:\Documents and Settings\NetworkService\Application Data\Install.dat
C:\Program Files\Helper
C:\Temp\abW9
C:\Temp\tpBe12
C:\WINDOWS\764.exe
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.log
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\inf\ultra.inf
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\kdnau.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rMa02yy
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\smtpdrv

((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 )))))))))))))))))))))))))))))))
.

2008-01-23 19:06 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-23 19:06 . 2007-04-10 03:09 211 --a------ C:\Boot.bak
2008-01-23 19:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 14:43 . 2008-01-21 14:43 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-17 15:25 . 2008-01-17 15:25 <DIR> d-------- C:\ie-spyad_zo
2008-01-17 03:26 . 2008-01-17 15:00 <DIR> d-------- C:\Program Files\SpyKillerPro
2008-01-16 19:05 . 2008-01-16 19:05 <DIR> d-------- C:\Deckard
2008-01-16 18:52 . 2008-01-16 18:55 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-16 16:23 . 2008-01-16 18:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-16 16:23 . 2008-01-16 16:33 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-16 16:23 . 2008-01-16 16:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-16 16:23 . 2008-01-16 16:33 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-16 14:50 . 2008-01-16 17:27 <DIR> d-------- C:\Program Files\DioCleanerPro
2008-01-15 14:34 . 2008-01-15 14:34 1 --a------ C:\WINDOWS\system32\rc.dat
2008-01-15 14:34 . 2008-01-15 14:34 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-01-15 14:34 . 2008-01-15 14:34 1 --a------ C:\WINDOWS\system32\cs.dat
2008-01-15 03:10 . 2008-01-15 14:30 3,412 --a------ C:\ntboot
2008-01-14 03:35 . 2008-01-14 03:35 <DIR> d-------- C:\WINDOWS\system32\edcA17
2008-01-14 03:35 . 2008-01-14 03:35 <DIR> d-------- C:\temp\Ryuan1
2008-01-14 03:35 . 2008-01-14 03:35 60,996 --a------ C:\cwulua.exe
2008-01-14 03:35 . 2008-01-14 03:35 58,880 --a------ C:\rkasjwm.exe
2008-01-14 03:35 . 2008-01-14 03:35 54,764 --a------ C:\WINDOWS\system32\dxdss.sys
2008-01-14 03:35 . 2008-01-20 06:33 30,441 --a------ C:\bjjburnk.exe
2008-01-14 03:35 . 2008-01-18 14:11 6,144 --a------ C:\WINDOWS\system32\msftp.dll
2008-01-14 03:35 . 2008-01-14 03:35 2 --a------ C:\-593915343

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 10:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 13:13 --------- d-----w C:\Program Files\Google
2008-01-20 13:00 --------- d-----w C:\Program Files\Paint Shop Pro 6
2008-01-20 12:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared
2008-01-20 12:52 --------- d-----w C:\Program Files\The Learning Company
2008-01-16 23:49 --------- d-----w C:\Program Files\System Soap Pro
2008-01-16 23:37 --------- d-----w C:\Program Files\Norton 360
2008-01-16 23:31 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-12 16:46 --------- d-----w C:\Program Files\Click'N Design 3D (V5)
2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-15 22:22 --------- d-----w C:\Program Files\BIAS
2007-12-15 21:54 --------- d-----w C:\Program Files\proDAD
2007-12-15 21:36 --------- d-----w C:\Program Files\AdorageI-GfxDatas
2007-12-15 21:35 --------- d-----w C:\Program Files\AdorageI-SAL
2007-12-15 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 21:01 --------- d-----w C:\Program Files\Pinnacle
2007-12-15 12:32 --------- d-----w C:\Program Files\AIM
2007-12-15 12:31 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 10:18 --------- d-----w C:\Program Files\Sonic Foundry
2007-12-09 12:04 --------- d-----w C:\Program Files\Pure Motion
2007-12-09 12:04 --------- d-----w C:\Program Files\DebugMode
2007-12-05 21:42 160,297 ----a-w C:\WINDOWS\Sqirlz Morph Uninstaller.exe
2007-12-05 21:42 --------- d-----w C:\Program Files\Sqirlz Morph
2007-12-05 08:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-05 08:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-05 08:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-05 08:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-05 08:40 --------- d-----w C:\Program Files\Symantec
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_19.46.58.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-24 01:21:13 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-24 08:38:52 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-24 01:21:13 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-24 08:38:52 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489C5DDD-AB4C-48EC-B397-505BABF9B4BD}]
C:\DOCUME~1\Kallen's\LOCALS~1\Temp\ieobj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"quartz"="C:\WINDOWS\System32\quartz.exe" [ ]
"dmime"="C:\WINDOWS\System32\dmime.exe" [ ]
"anti_troj"="C:\WINDOWS\system32\anti_troj.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2007-10-10 04:59 625152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 11:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 11:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 11:50 114688]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 17:05 1117184]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 01:27 176128]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584]
"mmnext06"="C:\WINDOWS\trjdwnl.dll" [ ]
"anti_troj"="C:\WINDOWS\system32\anti_troj.exe" [ ]
"vmlib"="vmlib.exe" []
"cssrss.exe"="cssrss.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22

36 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll [2008-01-17 03:12 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-12-20 13:05 227328 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-05-15 08:14 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe

S3 SpyKillerProFilter;1/17/20083:26:52 AM;C:\Program Files\SpyKillerPro\SSS.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-12-27 18:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-24 09:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
"2008-01-13 17:26:00 C:\WINDOWS\Tasks\WebReg 20060802112613.job"
- c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060802112613 /N
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 04:19:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\ntio922.sys 37632 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ndisaluo]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\ndisaluo.sys"
--

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntio922]
"ImagePath"="system32\Drivers\ntio922.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll
.

Next

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Kallen's\Desktop\Virus\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AboutBlank Class - {489C5DDD-AB4C-48EC-B397-505BABF9B4BD} - C:\DOCUME~1\Kallen's\LOCALS~1\Temp\ieobj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll
O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKLM\..\Run: [vmlib] vmlib.exe
O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe
O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe
O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/ser...00030.0000010e
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160389912203
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V...ACNePlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/onlin...meLauncher.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8DFA09-B585-4007-9F28-0BB0EA5A1428}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kallen's/LOCALS~1/Temp/msohtml1/01/clip_image002.gif

--
End of file - 11242 bytes

Hope thats good !!
Thanks for letting me know where to look for Log.

01-24-2008, 02:01 PM	#10 (permalink)
Tps.llc Registered User Join Date: Jan 2008 Location: Midwest N.W Indiana Posts: 45 OS: XP sp2	Re: Pop-ups keep coming !!! Ok here we go ComboFix 08-01-23.2 - Kallen's 2008-01-24 4:14:06.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.521 [GMT -6:00] Running from: C:\Documents and Settings\Kallen's\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Kallen's\Application Data\install.dat C:\Documents and Settings\LocalService\Application Data\Install.dat C:\Documents and Settings\NetworkService\Application Data\Install.dat C:\Program Files\Helper C:\Temp\abW9 C:\Temp\tpBe12 C:\WINDOWS\764.exe C:\WINDOWS\absolute key logger.lnk C:\WINDOWS\aconti.exe C:\WINDOWS\aconti.log C:\WINDOWS\acontidialer.txt C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\daxtime.dll C:\WINDOWS\default.htm C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\inf\ultra.inf C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.dll C:\WINDOWS\kkcomp.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.dll C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.dll C:\WINDOWS\liqui.exe C:\WINDOWS\ngd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\conf.dat C:\WINDOWS\system32\kdnau.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\rMa02yy C:\WINDOWS\xadbrk.dll C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv ((((((((((((((((((((((((( Files Created from 2007-12-24 to 2008-01-24 ))))))))))))))))))))))))))))))) . 2008-01-23 19:06 . 2004-08-03 23:00 260,272 --a------ C:\cmldr 2008-01-23 19:06 . 2007-04-10 03:09 211 --a------ C:\Boot.bak 2008-01-23 19:03 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-21 14:43 . 2008-01-21 14:43 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-17 15:25 . 2008-01-17 15:25 <DIR> d-------- C:\ie-spyad_zo 2008-01-17 03:26 . 2008-01-17 15:00 <DIR> d-------- C:\Program Files\SpyKillerPro 2008-01-16 19:05 . 2008-01-16 19:05 <DIR> d-------- C:\Deckard 2008-01-16 18:52 . 2008-01-16 18:55 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-01-16 16:23 . 2008-01-16 18:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-16 16:23 . 2008-01-16 16:33 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-16 16:23 . 2008-01-16 16:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-16 16:23 . 2008-01-16 16:33 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-16 14:50 . 2008-01-16 17:27 <DIR> d-------- C:\Program Files\DioCleanerPro 2008-01-15 14:34 . 2008-01-15 14:34 1 --a------ C:\WINDOWS\system32\rc.dat 2008-01-15 14:34 . 2008-01-15 14:34 1 --a------ C:\WINDOWS\system32\ps1.dat 2008-01-15 14:34 . 2008-01-15 14:34 1 --a------ C:\WINDOWS\system32\cs.dat 2008-01-15 03:10 . 2008-01-15 14:30 3,412 --a------ C:\ntboot 2008-01-14 03:35 . 2008-01-14 03:35 <DIR> d-------- C:\WINDOWS\system32\edcA17 2008-01-14 03:35 . 2008-01-14 03:35 <DIR> d-------- C:\temp\Ryuan1 2008-01-14 03:35 . 2008-01-14 03:35 60,996 --a------ C:\cwulua.exe 2008-01-14 03:35 . 2008-01-14 03:35 58,880 --a------ C:\rkasjwm.exe 2008-01-14 03:35 . 2008-01-14 03:35 54,764 --a------ C:\WINDOWS\system32\dxdss.sys 2008-01-14 03:35 . 2008-01-20 06:33 30,441 --a------ C:\bjjburnk.exe 2008-01-14 03:35 . 2008-01-18 14:11 6,144 --a------ C:\WINDOWS\system32\msftp.dll 2008-01-14 03:35 . 2008-01-14 03:35 2 --a------ C:\-593915343 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-24 10:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-01-20 13:13 --------- d-----w C:\Program Files\Google 2008-01-20 13:00 --------- d-----w C:\Program Files\Paint Shop Pro 6 2008-01-20 12:54 --------- d-----w C:\Program Files\Common Files\Sandlot Shared 2008-01-20 12:52 --------- d-----w C:\Program Files\The Learning Company 2008-01-16 23:49 --------- d-----w C:\Program Files\System Soap Pro 2008-01-16 23:37 --------- d-----w C:\Program Files\Norton 360 2008-01-16 23:31 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-01-12 16:46 --------- d-----w C:\Program Files\Click'N Design 3D (V5) 2007-12-19 20:05 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys 2007-12-15 22:22 --------- d-----w C:\Program Files\BIAS 2007-12-15 21:54 --------- d-----w C:\Program Files\proDAD 2007-12-15 21:36 --------- d-----w C:\Program Files\AdorageI-GfxDatas 2007-12-15 21:35 --------- d-----w C:\Program Files\AdorageI-SAL 2007-12-15 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-15 21:01 --------- d-----w C:\Program Files\Pinnacle 2007-12-15 12:32 --------- d-----w C:\Program Files\AIM 2007-12-15 12:31 --------- d-----w C:\Program Files\Common Files\AOL 2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 10:18 --------- d-----w C:\Program Files\Sonic Foundry 2007-12-09 12:04 --------- d-----w C:\Program Files\Pure Motion 2007-12-09 12:04 --------- d-----w C:\Program Files\DebugMode 2007-12-05 21:42 160,297 ----a-w C:\WINDOWS\Sqirlz Morph Uninstaller.exe 2007-12-05 21:42 --------- d-----w C:\Program Files\Sqirlz Morph 2007-12-05 08:40 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-12-05 08:40 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-05 08:40 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-05 08:40 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-12-05 08:40 --------- d-----w C:\Program Files\Symantec 2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll 2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-23_19.46.58.68 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-24 01:21:13 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-24 08:38:52 73,668 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-24 01:21:13 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-24 08:38:52 448,774 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{489C5DDD-AB4C-48EC-B397-505BABF9B4BD}] C:\DOCUME~1\Kallen's\LOCALS~1\Temp\ieobj.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032] "quartz"="C:\WINDOWS\System32\quartz.exe" [ ] "dmime"="C:\WINDOWS\System32\dmime.exe" [ ] "anti_troj"="C:\WINDOWS\system32\anti_troj.exe" [ ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "@"="C:\Program Files\Internet Explorer\iexplore.exe" [2007-10-10 04:59 625152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 11:49 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 11:46 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 11:50 114688] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [ ] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 03:40 218032] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940] "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 17:05 1117184] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 01:27 176128] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38 49152] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 19:09 842584] "mmnext06"="C:\WINDOWS\trjdwnl.dll" [ ] "anti_troj"="C:\WINDOWS\system32\anti_troj.exe" [ ] "vmlib"="vmlib.exe" [] "cssrss.exe"="cssrss.exe" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38 241664] HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 2236 53248] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{24E31EA9-FCE2-404F-BD80-20543565D946}"= C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll [2008-01-17 03:12 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] C:\Program Files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2006-12-20 13:05 227328 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2007-05-15 08:14 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe S3 SpyKillerProFilter;1/17/20083:26:52 AM;C:\Program Files\SpyKillerPro\SSS.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a Newly Created Service - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-12-27 18:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-24 09:30:00 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job" - C:\Program Files\RegSweep\RegSweep.ex - C:\Program Files\RegSweep "2008-01-13 17:26:00 C:\WINDOWS\Tasks\WebReg 20060802112613.job" - c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exeX/TaskName 20060802112613 /N . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-24 04:19:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\drivers\ntio922.sys 37632 bytes executable scan completed successfully hidden files: 1 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ndisaluo] "ImagePath"="\??\C:\WINDOWS\system32\Drivers\ndisaluo.sys" -- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntio922] "ImagePath"="system32\Drivers\ntio922.sys" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll . Next Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:51, on 2008-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Documents and Settings\Kallen's\Desktop\Virus\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: AboutBlank Class - {489C5DDD-AB4C-48EC-B397-505BABF9B4BD} - C:\DOCUME~1\Kallen's\LOCALS~1\Temp\ieobj.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [mmnext06] C:\WINDOWS\trjdwnl.dll O4 - HKLM\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe O4 - HKLM\..\Run: [vmlib] vmlib.exe O4 - HKLM\..\Run: [cssrss.exe] cssrss.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKCU\..\Run: [quartz] C:\WINDOWS\System32\quartz.exe O4 - HKCU\..\Run: [dmime] C:\WINDOWS\System32\dmime.exe O4 - HKCU\..\Run: [anti_troj] C:\WINDOWS\system32\anti_troj.exe O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/ser...00030.0000010e O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160389912203 O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v49/luxor/luxor.cab O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V...ACNePlayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/onlin...meLauncher.cab O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.0.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DB8DFA09-B585-4007-9F28-0BB0EA5A1428}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\Kallen's\LOCALS~1\Temp\~~install.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Kallen's/LOCALS~1/Temp/msohtml1/01/clip_image002.gif -- End of file - 11242 bytes Hope thats good !! Thanks for letting me know where to look for Log.