Siojin

I keep getting these random pop ups even when IE is not running. I also keep getting clicking noises like it's constantly clicking on links. Lots of spyware issues I think. Please help! Here is the log:

Deckard's System Scanner v20070603.47
Run by Slake on 2007-06-05 at 22:01:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
46: 2007-06-06 02:01:36 UTC - RP46 - Deckard's System Scanner Restore Point
45: 2007-06-05 01:52:20 UTC - RP45 - Spybot-S&D Spyware removal
44: 2007-06-04 03:47:11 UTC - RP44 - System Checkpoint
43: 2007-06-03 03:35:26 UTC - RP43 - System Checkpoint
42: 2007-06-01 09:40:13 UTC - RP42 - System Checkpoint


-- First Restore Point --
1: 2007-04-10 00:28:42 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Slake.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:03:00 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\regscan.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Slake\My Documents\dss.exe
C:\PROGRA~1\HIJACK~1\Slake.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9fa74e90-06d3-40af-8ee4-461a0c1ae6ac} - C:\WINDOWS\system32\kmdrop.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp63.tmp.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [winpol] C:\WINDOWS\system32\winpol.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\nnomjg.dll",realset
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - Startup: Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.3.1.99.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljjjhf.dll
O20 - Winlogon Notify: kmdrop - C:\WINDOWS\SYSTEM32\kmdrop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Auto HotKey Poller - Unknown owner - C:\WINDOWS\system32\winpol.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20061129-090958-100 O4 - HKLM\..\Run: [Anti-Virus Update Scheduler] C:\WINDOWS\system32\wegoxkdsiw\winsp3.exe
backup-20061129-090958-106 O4 - HKLM\..\Run: [BnDcbckgJ] C:\WINDOWS\ctbfu.exe
backup-20061129-090958-118 R3 - URLSearchHook: (no name) - {6FE57914-9CFD-9773-D78D-C56943DB8EB1} - C:\WINDOWS\system32\bwa.dll (file missing)
backup-20061129-090958-176 O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
backup-20061129-090958-177 O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe"
backup-20061129-090958-272 O2 - BHO: (no name) - {6FE57914-9CFD-9773-D78D-C56943DB8EB1} - C:\WINDOWS\system32\bwa.dll (file missing)
backup-20061129-090958-375 O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
backup-20061129-090958-591 O4 - HKCU\..\Run: [Yvjhbmd] C:\Documents and Settings\Slake\My Documents\?icrosoft\?hkdsk.exe
backup-20061129-090958-607 O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup
backup-20061129-090958-848 O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
backup-20061129-090958-854 O4 - HKCU\..\Run: [Ncao] "C:\PROGRA~1\COMMON~1\SSTEM~1\spool32.exe" -vt tzt
backup-20061129-090958-877 O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
backup-20061129-090958-909 O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 DPCNET5U (Satellite USB Driver) - c:\windows\system32\drivers\dpcnet5u.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 gtermddo - c:\docume~1\slake\locals~1\temp\gtermddo.sys (file missing)
S3 SaiH0006 - c:\windows\system32\drivers\saih0006.sys <Not Verified; Saitek; Configuration Software>
S3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Auto HotKey Poller - c:\windows\system32\winpol.exe


-- Scheduled Tasks -------------------------------------------------------------

2007-06-05 20:30:27 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-05-05 and 2007-06-05 -----------------------------

2007-06-05 21:53:38 131191 --a------ C:\WINDOWS\nnomjg.dll
2007-06-05 21:43:22 131191 -----n--- C:\WINDOWS\nnonkk.dll
2007-06-05 21:27:44 131191 -----n--- C:\WINDOWS\khgddc.dll
2007-06-05 21:14:21 131191 -----n--- C:\WINDOWS\mlifgf.dll
2007-06-05 21:01:33 131191 -----n--- C:\WINDOWS\tusrst.dll
2007-06-04 21:29:11 131199 -----n--- C:\WINDOWS\nnoonk.dll
2007-06-02 22:45:26 12010 --a------ C:\WINDOWS\system32\mljjjhf.dll
2007-06-02 22:45:26 37535 --a------ C:\WINDOWS\system32\kmdrop.dll
2007-06-02 22:45:18 58796 --a------ C:\WINDOWS\ylyfn.exe
2007-06-01 03:15:01 0 d-------- C:\Documents and Settings\Slake\Application Data\Aquarius Soft
2007-06-01 03:15:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Aquarius Soft
2007-06-01 03:13:13 0 d-------- C:\Program Files\Aquarius Soft
2007-05-30 07:29:41 49152 --a------ C:\WINDOWS\system32\winpol.exe
2007-05-30 07:29:35 49152 --a------ C:\WINDOWS\wchph.exe
2007-05-29 22:50:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-29 22:50:47 35382 --a------ C:\WINDOWS\scunin.dat
2007-05-29 22:50:46 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-05-29 01:47:26 0 --a------ C:\WINDOWS\runnen
2007-05-28 15:14:18 22169 --a------ C:\WINDOWS\svchost.exe
2007-05-28 15:14:15 22169 --a------ C:\WINDOWS\zzzx.exe
2007-05-28 14:25:52 528 --a------ C:\WINDOWS\eReg.dat
2007-05-28 14:18:22 0 d-------- C:\Program Files\EA Games
2007-05-25 22:00:15 6144 --a------ C:\WINDOWS\system32\perfc000.dat
2007-05-25 21:57:30 0 d-------- C:\GB Advance
2007-05-22 00:25:44 0 d-------- C:\Program Files\PokerStars
2007-05-21 0015 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-21 0015 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-05-21 0015 75892 --a------ C:\WINDOWS\War3Unin.dat
2007-05-21 00:02:34 0 d-------- C:\Program Files\Warcraft III
2007-05-20 23:43:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-12 13:51:15 0 d-------- C:\Program Files\Common Files\AOLSHARE


-- Find3M Report ---------------------------------------------------------------

2007-06-05 21:53:38 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp65.tmp.exe
2007-06-05 21:53:30 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp64.tmp.exe
2007-06-05 21:53:25 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp63.tmp.exe
2007-06-05 21:52:21 0 d-------- C:\Program Files\Azureus
2007-06-05 21:43:27 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp5D.tmp.exe
2007-06-05 21:43:14 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp5C.tmp.exe
2007-06-05 21:43:13 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp5B.tmp.exe
2007-06-05 21:27:43 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp5A.tmp.exe
2007-06-05 21:27:34 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp59.tmp.exe
2007-06-05 21:27:24 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp58.tmp.exe
2007-06-05 21:14:21 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp51.tmp.exe
2007-06-05 21:14:06 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp50.tmp.exe
2007-06-05 21:13:53 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp4F.tmp.exe
2007-06-05 21:01:45 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp45.tmp.exe
2007-06-05 21:01:20 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp43.tmp.exe
2007-06-05 20:59:38 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp41.tmp.exe
2007-06-04 21:29:17 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp40.tmp.exe
2007-06-04 21:29:07 252169 --a------ C:\Documents and Settings\Slake\Application Data\tmp3F.tmp.exe
2007-06-04 15:50:11 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp3C.tmp.exe
2007-06-04 07:13:59 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp49.tmp.exe
2007-06-04 07:13:43 233611 --a------ C:\Documents and Settings\Slake\Application Data\tmp48.tmp.exe
2007-06-04 07:13:16 17010 --a------ C:\Documents and Settings\Slake\Application Data\tmp47.tmp.exe
2007-06-04 07:13:09 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp46.tmp.exe
2007-06-03 21:04:30 17010 --a------ C:\Documents and Settings\Slake\Application Data\tmp3E.tmp.exe
2007-06-03 21:03:00 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp3B.tmp.exe
2007-05-30 00:04:21 0 d-------- C:\Program Files\Starcraft
2007-05-17 06:30:45 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-16 19:11:30 0 d-------- C:\Program Files\World of Warcraft
2007-04-26 11:16:49 0 d-------- C:\Program Files\NetDevil
2007-04-26 11:14:13 0 d-------- C:\Documents and Settings\Slake\Application Data\GetRightToGo
2007-04-22 22:56:51 0 d-------- C:\Program Files\WarRock
2007-04-19 1422 0 d-------- C:\Program Files\LimeWire
2007-04-17 1645 112423 --a------ C:\WINDOWS\hpoins07.dat
2007-04-17 16:04:11 0 d-------- C:\Program Files\HP
2007-04-17 16:02:40 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-17 16:02:06 0 d-------- C:\Program Files\Common Files\HP
2007-04-17 15:59:12 0 d-------- C:\Program Files\Hewlett-Packard
2007-04-17 15:57:45 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-04-17 15:15:52 0 d-------- C:\Documents and Settings\Slake\Application Data\HP
2007-04-17 14:58:27 0 d-------- C:\Program Files\IGN
2007-04-16 13:34:27 0 d-------- C:\Documents and Settings\Slake\Application Data\Ipswitch
2007-04-16 13:34:12 0 d-------- C:\Program Files\Ipswitch
2007-04-16 13:34:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-09 15:59:36 0 d-------- C:\Documents and Settings\Slake\Application Data\Viewpoint
2007-04-01 23:59:01 43520 --a------ C:\WINDOWS\system32\svchqs.exe
2007-03-27 01:55:49 418312 --a------ C:\WINDOWS\system32\~.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-03-19 12:41:41 7409 --a------ C:\WINDOWS\extend.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9fa74e90-06d3-40af-8ee4-461a0c1ae6ac} C:\WINDOWS\system32\kmdrop.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll
{DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} C:\WINDOWS\system32\tmp63.tmp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="\"nwiz.exe\" /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Music Alarm Clock"="C:\\PROGRA~1\\MUSICA~1\\mac.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Install.exe"="C:\\WINDOWS\\svchost.exe"
"winpol"="C:\\WINDOWS\\system32\\winpol.exe"
"setup"="rundll32.exe \"C:\\WINDOWS\\nnomjg.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SHS"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"Update Manager"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"RogersAgent"="c:\\Program Files\\Rogers\\SelfHealing\\rogersagent.exe"
"Start WingMan Profiler"=""
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\Ahead\\data\\Xtras\\mssysmgr.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"Regscan"="C:\\WINDOWS\\system32\\regscan.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoAdminPage"=dword:00000000
"DisableRegistryTools"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kmdrop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\mljjjhf.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3915145c-00b8-11dc-bfc0-806d6172696f}]
Shell\AutoRun\command D:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb65c555-0c81-11dc-80d5-0080c6f1eee1}]
Shell\AutoRun\command F:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff304e43-998b-11d9-a201-806d6172696f}]
Shell\AutoRun\command D:\SETUP.EXE


-- End of Deckard's System Scanner: finished at 2007-06-05 at 22:04:18 ---------

Attached Files

extra.txt (15.0 KB, 5 views)

Siojin

Bumppp

Ried

Hello Siojin and welcome to TSF,

You have quite a bit going here and this will take a couple of rounds to properly eradicate. Please be sure to stay with me and post the requested logs.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

Run a new scan with dss.exe

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
C:\SDFix\Report.txt
main.txt

__________________

Member of ASAP since 2005
Member of UNITE since 2006

Siojin

I've realized that when I reboot I'm also getting a windows popup saying "SHS Run-time error'6': Overflow". Thank you for your help thus far..


Here is the DSS main.txt:

Deckard's System Scanner v20070603.47
Run by Slake on 2007-06-07 at 1047
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Slake.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1055 AM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Rogers\SelfHealing\SHS.exe
C:\Program Files\Rogers\SelfHealing\rogersagent.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Slake\My Documents\dss.exe
C:\PROGRA~1\HIJACK~1\Slake.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9fa74e90-06d3-40af-8ee4-461a0c1ae6ac} - C:\WINDOWS\system32\kmdrop.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Music Alarm Clock] C:\PROGRA~1\MUSICA~1\mac.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SHS] "C:\Program Files\Rogers\SelfHealing\SHS.exe" /background
O4 - HKCU\..\Run: [Update Manager] "C:\Program Files\Rogers\Update Manager\UpdateManager.exe" /background
O4 - HKCU\..\Run: [RogersAgent] c:\Program Files\Rogers\SelfHealing\rogersagent.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Aquarius Soft PC Alarm Clock Pro.lnk = C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kmdrop.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kmdrop.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca...C_2.3.1.99.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\mljjjhf.dll
O20 - Winlogon Notify: kmdrop - C:\WINDOWS\SYSTEM32\kmdrop.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- Files created between 2007-05-07 and 2007-06-07 -----------------------------

2007-06-05 22:54:16 12010 --a------ C:\WINDOWS\system32\vtutroo.dll
2007-06-05 22:54:12 58796 --a------ C:\WINDOWS\aitco.exe
2007-06-05 22:09:19 131191 --a------ C:\WINDOWS\vtromn.dll
2007-06-02 22:45:26 12010 --a------ C:\WINDOWS\system32\mljjjhf.dll
2007-06-02 22:45:26 37535 --a------ C:\WINDOWS\system32\kmdrop.dll
2007-06-02 22:45:18 58796 --a------ C:\WINDOWS\ylyfn.exe
2007-06-01 03:15:01 0 d-------- C:\Documents and Settings\Slake\Application Data\Aquarius Soft
2007-06-01 03:15:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Aquarius Soft
2007-06-01 03:13:13 0 d-------- C:\Program Files\Aquarius Soft
2007-05-30 07:29:35 49152 --a------ C:\WINDOWS\wchph.exe
2007-05-29 22:50:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-29 22:50:47 35382 --a------ C:\WINDOWS\scunin.dat
2007-05-29 22:50:46 94208 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-05-29 01:47:26 0 --a------ C:\WINDOWS\runnen
2007-05-28 15:14:15 22169 --a------ C:\WINDOWS\zzzx.exe
2007-05-28 14:25:52 528 --a------ C:\WINDOWS\eReg.dat
2007-05-28 14:18:22 0 d-------- C:\Program Files\EA Games
2007-05-25 22:00:15 6144 --a------ C:\WINDOWS\system32\perfc000.dat
2007-05-25 21:57:30 0 d-------- C:\GB Advance
2007-05-22 00:25:44 0 d-------- C:\Program Files\PokerStars
2007-05-21 0015 2829 --a------ C:\WINDOWS\War3Unin.pif
2007-05-21 0015 139264 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2007-05-21 0015 75892 --a------ C:\WINDOWS\War3Unin.dat
2007-05-21 00:02:34 0 d-------- C:\Program Files\Warcraft III
2007-05-20 23:43:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-12 13:51:15 0 d-------- C:\Program Files\Common Files\AOLSHARE


-- Find3M Report ---------------------------------------------------------------

2007-06-05 22:09:19 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp80.tmp.exe
2007-06-05 22:09:12 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp7F.tmp.exe
2007-06-05 22:09:07 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp7E.tmp.exe
2007-06-05 21:53:38 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp65.tmp.exe
2007-06-05 21:53:30 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp64.tmp.exe
2007-06-05 21:53:25 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp63.tmp.exe
2007-06-05 21:52:21 0 d-------- C:\Program Files\Azureus
2007-06-05 21:43:27 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp5D.tmp.exe
2007-06-05 21:43:14 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp5C.tmp.exe
2007-06-05 21:43:13 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp5B.tmp.exe
2007-06-05 21:27:43 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp5A.tmp.exe
2007-06-05 21:27:34 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp59.tmp.exe
2007-06-05 21:27:24 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp58.tmp.exe
2007-06-05 21:14:21 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp51.tmp.exe
2007-06-05 21:14:06 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp50.tmp.exe
2007-06-05 21:13:53 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp4F.tmp.exe
2007-06-05 21:01:45 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp45.tmp.exe
2007-06-05 21:01:20 252168 --a------ C:\Documents and Settings\Slake\Application Data\tmp43.tmp.exe
2007-06-05 20:59:38 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp41.tmp.exe
2007-06-04 21:29:17 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp40.tmp.exe
2007-06-04 21:29:07 252169 --a------ C:\Documents and Settings\Slake\Application Data\tmp3F.tmp.exe
2007-06-04 15:50:11 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp3C.tmp.exe
2007-06-04 07:13:59 2560 --a------ C:\Documents and Settings\Slake\Application Data\tmp49.tmp.exe
2007-06-04 07:13:43 233611 --a------ C:\Documents and Settings\Slake\Application Data\tmp48.tmp.exe
2007-06-04 07:13:16 17010 --a------ C:\Documents and Settings\Slake\Application Data\tmp47.tmp.exe
2007-06-04 07:13:09 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp46.tmp.exe
2007-06-03 21:04:30 17010 --a------ C:\Documents and Settings\Slake\Application Data\tmp3E.tmp.exe
2007-06-03 21:03:00 50970 --a------ C:\Documents and Settings\Slake\Application Data\tmp3B.tmp.exe
2007-05-30 00:04:21 0 d-------- C:\Program Files\Starcraft
2007-05-17 06:30:45 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-16 19:11:30 0 d-------- C:\Program Files\World of Warcraft
2007-04-26 11:16:49 0 d-------- C:\Program Files\NetDevil
2007-04-26 11:14:13 0 d-------- C:\Documents and Settings\Slake\Application Data\GetRightToGo
2007-04-22 22:56:51 0 d-------- C:\Program Files\WarRock
2007-04-19 1422 0 d-------- C:\Program Files\LimeWire
2007-04-17 1645 112423 --a------ C:\WINDOWS\hpoins07.dat
2007-04-17 16:04:11 0 d-------- C:\Program Files\HP
2007-04-17 16:02:40 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-04-17 16:02:06 0 d-------- C:\Program Files\Common Files\HP
2007-04-17 15:59:12 0 d-------- C:\Program Files\Hewlett-Packard
2007-04-17 15:57:45 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-04-17 15:15:52 0 d-------- C:\Documents and Settings\Slake\Application Data\HP
2007-04-17 14:58:27 0 d-------- C:\Program Files\IGN
2007-04-16 13:34:27 0 d-------- C:\Documents and Settings\Slake\Application Data\Ipswitch
2007-04-16 13:34:12 0 d-------- C:\Program Files\Ipswitch
2007-04-16 13:34:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-09 15:59:36 0 d-------- C:\Documents and Settings\Slake\Application Data\Viewpoint
2007-04-01 23:59:01 43520 --a------ C:\WINDOWS\system32\svchqs.exe
2007-03-19 12:41:41 7409 --a------ C:\WINDOWS\extend.dat


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9fa74e90-06d3-40af-8ee4-461a0c1ae6ac} C:\WINDOWS\system32\kmdrop.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"nwiz"="\"nwiz.exe\" /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Music Alarm Clock"="C:\\PROGRA~1\\MUSICA~1\\mac.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"Install.exe"="C:\\WINDOWS\\svchost.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"SHS"="\"C:\\Program Files\\Rogers\\SelfHealing\\SHS.exe\" /background"
"Update Manager"="\"C:\\Program Files\\Rogers\\Update Manager\\UpdateManager.exe\" /background"
"RogersAgent"="c:\\Program Files\\Rogers\\SelfHealing\\rogersagent.exe"
"Start WingMan Profiler"=""
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Ahead\\Ahead\\data\\Xtras\\mssysmgr.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kmdrop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\mljjjhf.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=dword:00000002

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command D:\autoplay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb65c555-0c81-11dc-80d5-0080c6f1eee1}]
Shell\AutoRun\command F:\setupSNK.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff304e43-998b-11d9-a201-806d6172696f}]
Shell\AutoRun\command D:\SETUP.EXE


-- End of Deckard's System Scanner: finished at 2007-06-07 at 10:08:07 ---------

Attached Files

	ComboFix.txt (21.1 KB, 5 views)
	Report.txt (13.0 KB, 3 views)

Ried

Hi Siojin,

Before I can continue, did you download the current ComboFix.exe using the link I gave you in my last post, and did you run that version? The reason I'm asking is that the dates on the ComboFix.txt you posted are as such:

Delete any previous versions of Combofix.exe that you may have and please download and run the newest version of ComboFix.exe using the link I gave you. Post the ComboFix.txt in your next reply.

__________________

Member of ASAP since 2005
Member of UNITE since 2006

Siojin