For the past few weeks I have been experiencing some sort of Trojan that is driving me mad! I started getting numerous pop-ups and slowness. The pop-ups were for Music Downloads, Ebay, Jobs, Credit Cards, etc... Later after receiving many attempts to help me from McAfee to help me, nothing worked. I was referred here by the McAfee forums for help. I am not sure if this virus is hiding in the emails I send, putting other people at risk. I have also used VundoFix, and have came up with a program called "mlljgee.dll" that cannot be deleted.
I currently have:
McAfee Security Center 2007 (my computers main security)
SUPER-antivirus (A last resort measure for getting rid of my virus)
SUPER-antipopups (To temporarily stop pop-ups)
The 2 programs that were recommended to Install in Step 3 of the guide.
My Computer is running SP2 and is fully up-to date on security.
Here is log for the "Panda" Virusscan from step 1
Incident Status Location
Virus:Trj/ConHook.CV Disinfected Operating system
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch
Adware:adware/statblaster Not disinfected Windows Registry
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp130.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp158.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp1A1.tmp.exe
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp1C.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp1E3.tmp.exe
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp23.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp29E.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp2B.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp2FF.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp30C.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp32.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp335.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp36E.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp36F.tmp.exe
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp37.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp3A8.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp3C5.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp6C.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp6D.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp80.tmp.exe
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp90.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmpA0.tmp.exe
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmpAE.tmp.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alec\Cookies\alec@ad.yieldmanager[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Alec\Cookies\alec@ads.addynamix[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alec\Cookies\alec@com[1].txt
Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Alec\Cookies\alec@date[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@errorsafe[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alec\Cookies\alec@fastclick[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Alec\Cookies\alec@findwhat[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alec\Cookies\alec@mediaplex[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alec\Cookies\alec@searchportal.information[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alec\Cookies\alec@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Alec\Cookies\alec@stats1.reliablestats[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Alec\Cookies\alec@systemdoctor[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@www.errorsafe[1].txt
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Local Settings\Temporary Internet Files\Content.IE5\4JAW3J1D\dns_bot_20070615[1]
Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Local Settings\Temporary Internet Files\Content.IE5\OFO6V4R3\dns_bot_20070615[1]
Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Local Settings\Temporary Internet Files\Content.IE5\OFO6V4R3\ffa_dn[1]
Virus:Trj/ConHook.CV Disinfected C:\VundoFix Backups\geedebc.dll.bad
Virus:Trj/ConHook.CV Disinfected C:\VundoFix Backups\mlljgee.dll.bad
Adware:Adware/eZula Not disinfected C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe[²ΡΗ]
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\geedeb.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\mlkklm.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\pmnkih.dll
Virus:Trj/ConHook.CV Disinfected C:\WINDOWS\system32\mlljgee.dll
Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp10C.tmp.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\tuvtqo.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\vttqpo.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\vttssp.dll
Spyware:Spyware/Vundo
Log for Hijack!
Deckard's System Scanner v20070611.50
Run by Alec on 2007-06-27 at 21:07:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2007-06-28 01:07:30 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Alec.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:11:36 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\MSN Messenger\livecall.exe
c:\program files\aim6\anotify.exe
C:\Documents and Settings\Alec\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Alec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {ed652ace-34de-49de-8b5d-71c81e34d7fa} - C:\WINDOWS\system32\5E6tub.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\xxxvus.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1173546185312
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
https://rtc4.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://aimprods01.webex.com/client/...ex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...59/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\mlljgee.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 5E6tub - C:\WINDOWS\SYSTEM32\5E6tub.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0168601182965975) (0168601182965975mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016860~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alec\Application Data\tmpE.tmp.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - "regedit.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys <Not Verified; SuperAdBlocker.com; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
S1 SABDIFSV - c:\program files\superadblocker.com\super ad blocker\sabdifsv.sys
S3 o1394bul - c:\docume~1\alec\locals~1\temp\o1394bul.sys (file missing)
S3 SQTECH905C (Dual Camera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apache2 - "c:\opensa\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 SABSVC (Super Ad Blocker Service) - "c:\program files\superadblocker.com\super ad blocker\sabsvc.exe" <Not Verified; SuperAdBlocker.com; Super Ad Blocker Service>
S2 0168601182965975mcinstcleanup (McAfee Application Installer Cleanup (0168601182965975)) - c:\windows\temp\016860~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 DomainService - c:\documents and settings\alec\application data\tmpe.tmp.exe /service (file missing)
-- Scheduled Tasks -------------------------------------------------------------
2007-06-25 11:55:31 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-06-25 11:55:28 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
-- Files created between 2007-05-27 and 2007-06-27 -----------------------------
2007-06-27 19:48:58 0 d-------- C:\ie-spyad
2007-06-27 19:38:32 134917 --a------ C:\WINDOWS\xxxvus.dll
2007-06-27 19:21:41 0 d-------- C:\Program Files\SpywareBlaster
2007-06-27 16:21:02 134917 --a------ C:\WINDOWS\xxywur.dll
2007-06-27 16:08:17 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-06-27 16:08:15 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-06-27 15:52:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-27 15:37:23 134917 --a------ C:\WINDOWS\gebbxx.dll
2007-06-27 13:39:31 0 d-------- C:\WINDOWS\LastGood
2007-06-27 11:12:49 38232 --a------ C:\WINDOWS\system32\5E6tub.dll
2007-06-27 11:12:46 49252 --a------ C:\WINDOWS\system32\ddccy.exe
2007-06-27 10:51:19 49252 --a------ C:\WINDOWS\system32\gebcy.exe
2007-06-27 09:19:41 49252 --a------ C:\WINDOWS\system32\gebyw.exe
2007-06-26 22:33:01 135052 --a------ C:\WINDOWS\pmnkih.dll
2007-06-26 20:42:03 49252 --a------ C:\WINDOWS\system32\mljjk.exe
2007-06-26 20:19:18 135052 --a------ C:\WINDOWS\vttssp.dll
2007-06-26 10:48:58 0 d-------- C:\Documents and Settings\Alec\Application Data\SuperAdBlocker.com
2007-06-26 10:48:23 0 d-------- C:\Program Files\SuperAdBlocker.com
2007-06-26 10:41:18 0 d-------- C:\Program Files\NoAdware5.0
2007-06-26 09:34:19 49252 --a------ C:\WINDOWS\system32\pmkhi.exe
2007-06-25 23:07:12 49252 --a------ C:\WINDOWS\system32\jkhhi.exe
2007-06-25 22:40:07 49252 --a------ C:\WINDOWS\system32\vturs.exe
2007-06-25 21:44:34 135052 --a------ C:\WINDOWS\geedeb.dll
2007-06-25 21:07:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 18:15:46 135052 --a------ C:\WINDOWS\tuvtqo.dll
2007-06-25 17:38:19 135052 --a------ C:\WINDOWS\vttqpo.dll
2007-06-25 17:38:16 135052 --a------ C:\WINDOWS\xxxuvs.dll
2007-06-25 16:23:34 0 d-------- C:\WINDOWS\McAfee.com
2007-06-25 15:40:44 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-25 13:44:34 0 d-------- C:\WINDOWS\pss
2007-06-25 12:45:41 0 d-------- C:\Program Files\Roguescanfix
2007-06-25 12:05:21 135052 --a------ C:\WINDOWS\mlkklm.dll
2007-06-25 12:00:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-06-25 11:59:55 0 d-------- C:\Program Files\SiteAdvisor
2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\Alec\Application Data\SiteAdvisor
2007-06-25 11:58:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-06-25 11:55:02 0 d-------- C:\Program Files\McAfee.com
2007-06-25 11:54:47 0 d-------- C:\Program Files\Common Files\McAfee
2007-06-25 11:54:35 0 d-------- C:\Program Files\McAfee
2007-06-24 22:49:21 0 d-------- C:\SDAT
2007-06-24 22:45:22 18658085 --a------ C:\sdat5059.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2007-06-24 22:37:01 4020 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-24 22:25:15 557056 --a------ C:\Documents and Settings\Alec\GoToAssist_phone__320_en.exe <Not Verified; Citrix Online; GoToAssist>
2007-06-24 16:19:04 0 d-------- C:\Program Files\MyWebSearch
2007-06-24 16:18:51 0 d-------- C:\Program Files\FunWebProducts
2007-06-13 16:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-06-13 16:09:42 0 d-------- C:\Documents and Settings\Administrator\Contacts
2007-06-11 21:51:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-06-11 21:13:27 0 d--hs---- C:\WINDOWS\CSC
2007-06-02 22:09:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-02 17:58:54 0 d-------- C:\Program Files\Symantec
2007-06-02 17:58:42 0 d-------- C:\Program Files\Symantec AntiVirus
2007-06-02 17:58:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-02 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-02 12
24 106585 --a------ C:\WINDOWS\khedaa.dll
2007-06-02 11:45:36 106585 --a------ C:\WINDOWS\wvwwur.dll
2007-06-02 09:26:27 106597 --a------ C:\WINDOWS\nnomki.dll
2007-06-01 18:52:33 0 d-------- C:\VundoFix Backups
2007-06-01 07:31:51 106518 --a------ C:\WINDOWS\opqrpo.dll
2007-05-30 20:30:29 106515 --a------ C:\WINDOWS\rqpnmm.dll
2007-05-30 20:24:22 0 d-------- C:\Documents and Settings\Alec\Application Data\McAfee
2007-05-30 19:40:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-30 19:39:54 0 d-------- C:\Program Files\Promosoft Corporation
2007-05-30 19:37:41 106556 --a------ C:\WINDOWS\hgfcda.dll
2007-05-30 17:53:18 106461 --a------ C:\WINDOWS\yaaaab.dll
2007-05-30 16:52:52 106611 --a------ C:\WINDOWS\qomjij.dll
2007-05-30 16:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-05-30 16:41:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-05-30 16:41:24 0 d-------- C:\Documents and Settings\Alec\Application Data\SUPERAntiSpyware.com
2007-05-29 17:22:21 47836 --a------ C:\WINDOWS\system32\pmkhg.exe
2007-05-29 17:17:19 12494 -----n--- C:\WINDOWS\system32\mlljgee.dll
2007-05-28 20:36:19 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-05-28 20:36:19 0 d-------- C:\Program Files\VstPlugins
2007-05-28 20:33:31 0 d-------- C:\Program Files\Image-Line
-- Find3M Report ---------------------------------------------------------------
2007-06-27 21:01:15 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FE.tmp.exe
2007-06-27 19:38:29 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FB.tmp.exe
2007-06-27 18:26:20 0 d-------- C:\Program Files\MSN Messenger
2007-06-27 17:31:29 0 d-------- C:\Program Files\Google
2007-06-27 17:27:50 0 d-------- C:\Program Files\Digital Line Detect
2007-06-27 17:27:49 0 d-------- C:\Program Files\DellSupport
2007-06-27 17:23:54 0 d-------- C:\Program Files\AIM6
2007-06-27 16:25:05 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp415.tmp.exe
2007-06-27 16:20:59 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp40B.tmp.exe
2007-06-27 16:20:56 0 --a------ C:\Documents and Settings\Alec\Application Data\tmp40A.tmp.exe
2007-06-27 15:41:09 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp95.tmp.exe
2007-06-27 15:37:21 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp93.tmp.exe
2007-06-27 12:20:19 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp3B.tmp.exe
2007-06-27 12:18:32 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp38.tmp.exe
2007-06-27 11:56:30 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp25.tmp.exe
2007-06-27 11:55:47 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp24.tmp.exe
2007-06-27 11:37:46 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp1E.tmp.exe
2007-06-27 11:30:04 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp1D.tmp.exe
2007-06-27 11:16:29 77708 --a------ C:\logfile
2007-06-27 10:44:39 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp7D.tmp.exe
2007-06-27 10:41:43 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp7C.tmp.exe
2007-06-27 09:37:18 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp61.tmp.exe
2007-06-27 09:28:18 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp54.tmp.exe
2007-06-27 09:24:34 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp49.tmp.exe
2007-06-26 21:57:09 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp30F.tmp.exe
2007-06-26 21:25:33 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp306.tmp.exe
2007-06-26 20:48:48 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp2EE.tmp.exe
2007-06-26 19:31:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp23A.tmp.exe
2007-06-26 18:33:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp1A2.tmp.exe
2007-06-26 17:13:35 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp15A.tmp.exe
2007-06-26 15:44:52 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp132.tmp.exe
2007-06-26 11:49:06 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpB0.tmp.exe
2007-06-26 11:24:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA4.tmp.exe
2007-06-26 11:03:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp97.tmp.exe
2007-06-26 10:34:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp34.tmp.exe
2007-06-26 09:39:25 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp21.tmp.exe
2007-06-25 22:50:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp45.tmp.exe
2007-06-25 22:26:13 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp156.tmp.exe
2007-06-25 21:15:26 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp4E.tmp.exe
2007-06-25 18:17:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA7.tmp.exe
2007-06-25 17:33:06 0 d-------- C:\Program Files\Stardock
2007-06-25 17:28:21 0 d-------- C:\Program Files\GhostSurf 2005
2007-06-25 17:18:21 0 d-------- C:\Program Files\Common Files\Real
2007-06-25 13:15:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp84.tmp.exe
2007-06-25 12:16:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3C7.tmp.exe
2007-06-25 12:09:57 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3AB.tmp.exe
2007-06-25 11:28:51 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp12.tmp.exe
2007-06-24 23:42:15 0 d-------- C:\Program Files\mIRC
2007-06-24 23:18:29 0 d-------- C:\Program Files\GameSpy Arcade
2007-06-15 18:49:00 4548 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-15 18:49:00 56 -r-hs---- C:\WINDOWS\system32\F3C9371233.sys
2007-05-30 17:56:08 0 d-------- C:\Program Files\LimeWire
2007-05-30 17:08:26 384 --a------ C:\Documents and Settings\Alec\Application Data\internaldb6334.dat
2007-05-30 16:36:44 194 --a------ C:\Documents and Settings\Alec\Application Data\internaldb8467.dat
2007-05-30 16:36:44 18432 --a------ C:\Documents and Settings\Alec\Application Data\internaldb41.dat
2007-05-29 17:18:15 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-24 21:45:05 0 d-------- C:\Program Files\MUSICMATCH
2007-05-18 21:01:20 0 d-------- C:\Documents and Settings\Alec\Application Data\Lavasoft
2007-05-17 21:45:36 0 d-------- C:\Program Files\Microsoft Games
2007-05-12 15:57:20 177408 --a------ C:\outsound.bin
2007-05-12 11:51:21 0 d-------- C:\Program Files\Microsoft Easy Assist
2007-04-25 20:15:44 182745 --a------ C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
2007-04-19 20:57:22 4 --a------ C:\WINDOWS\system32\5E6453
2007-04-03 15:12:42 513152 --a------ C:\WINDOWS\system32\WmaCDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00000000-6C30-11D8-9363-000AE6309654} C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [SASInprocServer32] [x]
{ed652ace-34de-49de-8b5d-71c81e34d7fa} C:\WINDOWS\system32\5E6tub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"winehq.org"="rundll32.exe \"C:\\WINDOWS\\xxxvus.dll\",realset"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\5E6tub
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\mlljgee.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\launcher\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3dec1bf-7563-11da-874b-806d6172696f}]
Shell\AutoRun\command D:\launcher\autorun.exe
-- End of Deckard's System Scanner: finished at 2007-06-27 at 21:16:14 ---------
Deckard's System Scanner v20070611.50
Run by Alec on 2007-06-27 at 21:07:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2007-06-28 01:07:30 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Alec.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 9:11:36 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\Program Files\MSN Messenger\livecall.exe
c:\program files\aim6\anotify.exe
C:\Documents and Settings\Alec\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Alec.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - [SASInprocServer32] (file missing)
O2 - BHO: (no name) - {ed652ace-34de-49de-8b5d-71c81e34d7fa} - C:\WINDOWS\system32\5E6tub.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\xxxvus.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -
http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1173546185312
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -
https://rtc4.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://aimprods01.webex.com/client/...ex/ieatgpc.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...59/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\mlljgee.dll
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: 5E6tub - C:\WINDOWS\SYSTEM32\5E6tub.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0168601182965975) (0168601182965975mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016860~1.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alec\Application Data\tmpE.tmp.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.reg - regfile - shell\open\command - "regedit.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>
R3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys <Not Verified; SuperAdBlocker.com; >
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
S1 SABDIFSV - c:\program files\superadblocker.com\super ad blocker\sabdifsv.sys
S3 o1394bul - c:\docume~1\alec\locals~1\temp\o1394bul.sys (file missing)
S3 SQTECH905C (Dual Camera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apache2 - "c:\opensa\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 SABSVC (Super Ad Blocker Service) - "c:\program files\superadblocker.com\super ad blocker\sabsvc.exe" <Not Verified; SuperAdBlocker.com; Super Ad Blocker Service>
S2 0168601182965975mcinstcleanup (McAfee Application Installer Cleanup (0168601182965975)) - c:\windows\temp\016860~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing)
S2 DomainService - c:\documents and settings\alec\application data\tmpe.tmp.exe /service (file missing)
-- Scheduled Tasks -------------------------------------------------------------
2007-06-25 11:55:31 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-06-25 11:55:28 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
-- Files created between 2007-05-27 and 2007-06-27 -----------------------------
2007-06-27 19:48:58 0 d-------- C:\ie-spyad
2007-06-27 19:38:32 134917 --a------ C:\WINDOWS\xxxvus.dll
2007-06-27 19:21:41 0 d-------- C:\Program Files\SpywareBlaster
2007-06-27 16:21:02 134917 --a------ C:\WINDOWS\xxywur.dll
2007-06-27 16:08:17 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-06-27 16:08:15 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-06-27 15:52:50 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-06-27 15:37:23 134917 --a------ C:\WINDOWS\gebbxx.dll
2007-06-27 13:39:31 0 d-------- C:\WINDOWS\LastGood
2007-06-27 11:12:49 38232 --a------ C:\WINDOWS\system32\5E6tub.dll
2007-06-27 11:12:46 49252 --a------ C:\WINDOWS\system32\ddccy.exe
2007-06-27 10:51:19 49252 --a------ C:\WINDOWS\system32\gebcy.exe
2007-06-27 09:19:41 49252 --a------ C:\WINDOWS\system32\gebyw.exe
2007-06-26 22:33:01 135052 --a------ C:\WINDOWS\pmnkih.dll
2007-06-26 20:42:03 49252 --a------ C:\WINDOWS\system32\mljjk.exe
2007-06-26 20:19:18 135052 --a------ C:\WINDOWS\vttssp.dll
2007-06-26 10:48:58 0 d-------- C:\Documents and Settings\Alec\Application Data\SuperAdBlocker.com
2007-06-26 10:48:23 0 d-------- C:\Program Files\SuperAdBlocker.com
2007-06-26 10:41:18 0 d-------- C:\Program Files\NoAdware5.0
2007-06-26 09:34:19 49252 --a------ C:\WINDOWS\system32\pmkhi.exe
2007-06-25 23:07:12 49252 --a------ C:\WINDOWS\system32\jkhhi.exe
2007-06-25 22:40:07 49252 --a------ C:\WINDOWS\system32\vturs.exe
2007-06-25 21:44:34 135052 --a------ C:\WINDOWS\geedeb.dll
2007-06-25 21:07:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-25 18:15:46 135052 --a------ C:\WINDOWS\tuvtqo.dll
2007-06-25 17:38:19 135052 --a------ C:\WINDOWS\vttqpo.dll
2007-06-25 17:38:16 135052 --a------ C:\WINDOWS\xxxuvs.dll
2007-06-25 16:23:34 0 d-------- C:\WINDOWS\McAfee.com
2007-06-25 15:40:44 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-25 13:44:34 0 d-------- C:\WINDOWS\pss
2007-06-25 12:45:41 0 d-------- C:\Program Files\Roguescanfix
2007-06-25 12:05:21 135052 --a------ C:\WINDOWS\mlkklm.dll
2007-06-25 12:00:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-06-25 11:59:55 0 d-------- C:\Program Files\SiteAdvisor
2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\Alec\Application Data\SiteAdvisor
2007-06-25 11:58:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-06-25 11:55:02 0 d-------- C:\Program Files\McAfee.com
2007-06-25 11:54:47 0 d-------- C:\Program Files\Common Files\McAfee
2007-06-25 11:54:35 0 d-------- C:\Program Files\McAfee
2007-06-24 22:49:21 0 d-------- C:\SDAT
2007-06-24 22:45:22 18658085 --a------ C:\sdat5059.exe <Not Verified; McAfee, Inc.; McAfee Core Components>
2007-06-24 22:37:01 4020 --a------ C:\WINDOWS\system32\tmp.reg
2007-06-24 22:25:15 557056 --a------ C:\Documents and Settings\Alec\GoToAssist_phone__320_en.exe <Not Verified; Citrix Online; GoToAssist>
2007-06-24 16:19:04 0 d-------- C:\Program Files\MyWebSearch
2007-06-24 16:18:51 0 d-------- C:\Program Files\FunWebProducts
2007-06-13 16:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore
2007-06-13 16:09:42 0 d-------- C:\Documents and Settings\Administrator\Contacts
2007-06-11 21:51:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-06-11 21:13:27 0 d--hs---- C:\WINDOWS\CSC
2007-06-02 22:09:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-02 17:58:54 0 d-------- C:\Program Files\Symantec
2007-06-02 17:58:42 0 d-------- C:\Program Files\Symantec AntiVirus
2007-06-02 17:58:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-02 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-02 12
24 106585 --a------ C:\WINDOWS\khedaa.dll
2007-06-02 11:45:36 106585 --a------ C:\WINDOWS\wvwwur.dll
2007-06-02 09:26:27 106597 --a------ C:\WINDOWS\nnomki.dll
2007-06-01 18:52:33 0 d-------- C:\VundoFix Backups
2007-06-01 07:31:51 106518 --a------ C:\WINDOWS\opqrpo.dll
2007-05-30 20:30:29 106515 --a------ C:\WINDOWS\rqpnmm.dll
2007-05-30 20:24:22 0 d-------- C:\Documents and Settings\Alec\Application Data\McAfee
2007-05-30 19:40:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-05-30 19:39:54 0 d-------- C:\Program Files\Promosoft Corporation
2007-05-30 19:37:41 106556 --a------ C:\WINDOWS\hgfcda.dll
2007-05-30 17:53:18 106461 --a------ C:\WINDOWS\yaaaab.dll
2007-05-30 16:52:52 106611 --a------ C:\WINDOWS\qomjij.dll
2007-05-30 16:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-05-30 16:41:26 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-05-30 16:41:24 0 d-------- C:\Documents and Settings\Alec\Application Data\SUPERAntiSpyware.com
2007-05-29 17:22:21 47836 --a------ C:\WINDOWS\system32\pmkhg.exe
2007-05-29 17:17:19 12494 -----n--- C:\WINDOWS\system32\mlljgee.dll
2007-05-28 20:36:19 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-05-28 20:36:19 0 d-------- C:\Program Files\VstPlugins
2007-05-28 20:33:31 0 d-------- C:\Program Files\Image-Line
-- Find3M Report ---------------------------------------------------------------
2007-06-27 21:01:15 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FE.tmp.exe
2007-06-27 19:38:29 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FB.tmp.exe
2007-06-27 18:26:20 0 d-------- C:\Program Files\MSN Messenger
2007-06-27 17:31:29 0 d-------- C:\Program Files\Google
2007-06-27 17:27:50 0 d-------- C:\Program Files\Digital Line Detect
2007-06-27 17:27:49 0 d-------- C:\Program Files\DellSupport
2007-06-27 17:23:54 0 d-------- C:\Program Files\AIM6
2007-06-27 16:25:05 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp415.tmp.exe
2007-06-27 16:20:59 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp40B.tmp.exe
2007-06-27 16:20:56 0 --a------ C:\Documents and Settings\Alec\Application Data\tmp40A.tmp.exe
2007-06-27 15:41:09 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp95.tmp.exe
2007-06-27 15:37:21 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp93.tmp.exe
2007-06-27 12:20:19 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp3B.tmp.exe
2007-06-27 12:18:32 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp38.tmp.exe
2007-06-27 11:56:30 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp25.tmp.exe
2007-06-27 11:55:47 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp24.tmp.exe
2007-06-27 11:37:46 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp1E.tmp.exe
2007-06-27 11:30:04 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp1D.tmp.exe
2007-06-27 11:16:29 77708 --a------ C:\logfile
2007-06-27 10:44:39 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp7D.tmp.exe
2007-06-27 10:41:43 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp7C.tmp.exe
2007-06-27 09:37:18 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp61.tmp.exe
2007-06-27 09:28:18 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp54.tmp.exe
2007-06-27 09:24:34 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp49.tmp.exe
2007-06-26 21:57:09 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp30F.tmp.exe
2007-06-26 21:25:33 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp306.tmp.exe
2007-06-26 20:48:48 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp2EE.tmp.exe
2007-06-26 19:31:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp23A.tmp.exe
2007-06-26 18:33:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp1A2.tmp.exe
2007-06-26 17:13:35 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp15A.tmp.exe
2007-06-26 15:44:52 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp132.tmp.exe
2007-06-26 11:49:06 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpB0.tmp.exe
2007-06-26 11:24:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA4.tmp.exe
2007-06-26 11:03:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp97.tmp.exe
2007-06-26 10:34:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp34.tmp.exe
2007-06-26 09:39:25 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp21.tmp.exe
2007-06-25 22:50:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp45.tmp.exe
2007-06-25 22:26:13 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp156.tmp.exe
2007-06-25 21:15:26 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp4E.tmp.exe
2007-06-25 18:17:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA7.tmp.exe
2007-06-25 17:33:06 0 d-------- C:\Program Files\Stardock
2007-06-25 17:28:21 0 d-------- C:\Program Files\GhostSurf 2005
2007-06-25 17:18:21 0 d-------- C:\Program Files\Common Files\Real
2007-06-25 13:15:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp84.tmp.exe
2007-06-25 12:16:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3C7.tmp.exe
2007-06-25 12:09:57 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3AB.tmp.exe
2007-06-25 11:28:51 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp12.tmp.exe
2007-06-24 23:42:15 0 d-------- C:\Program Files\mIRC
2007-06-24 23:18:29 0 d-------- C:\Program Files\GameSpy Arcade
2007-06-15 18:49:00 4548 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-15 18:49:00 56 -r-hs---- C:\WINDOWS\system32\F3C9371233.sys
2007-05-30 17:56:08 0 d-------- C:\Program Files\LimeWire
2007-05-30 17:08:26 384 --a------ C:\Documents and Settings\Alec\Application Data\internaldb6334.dat
2007-05-30 16:36:44 194 --a------ C:\Documents and Settings\Alec\Application Data\internaldb8467.dat
2007-05-30 16:36:44 18432 --a------ C:\Documents and Settings\Alec\Application Data\internaldb41.dat
2007-05-29 17:18:15 0 d-------- C:\Program Files\Common Files\Download Manager
2007-05-24 21:45:05 0 d-------- C:\Program Files\MUSICMATCH
2007-05-18 21:01:20 0 d-------- C:\Documents and Settings\Alec\Application Data\Lavasoft
2007-05-17 21:45:36 0 d-------- C:\Program Files\Microsoft Games
2007-05-12 15:57:20 177408 --a------ C:\outsound.bin
2007-05-12 11:51:21 0 d-------- C:\Program Files\Microsoft Easy Assist
2007-04-25 20:15:44 182745 --a------ C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe
2007-04-19 20:57:22 4 --a------ C:\WINDOWS\system32\5E6453
2007-04-03 15:12:42 513152 --a------ C:\WINDOWS\system32\WmaCDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{00000000-6C30-11D8-9363-000AE6309654} C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [SASInprocServer32] [x]
{ed652ace-34de-49de-8b5d-71c81e34d7fa} C:\WINDOWS\system32\5E6tub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
"MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"winehq.org"="rundll32.exe \"C:\\WINDOWS\\xxxvus.dll\",realset"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Aim6"=""
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\5E6tub
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\mlljgee.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\launcher\autorun.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
Shell\AutoRun\command E:\setup.exe
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3dec1bf-7563-11da-874b-806d6172696f}]
Shell\AutoRun\command D:\launcher\autorun.exe
-- End of Deckard's System Scanner: finished at 2007-06-27 at 21:16:14 ---------
Thanks this is driving me crazy so PLEASE help!