|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-27-2007, 06:36 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Pop-ups, Slowness, Oh My!
For the past few weeks I have been experiencing some sort of Trojan that is driving me mad! I started getting numerous pop-ups and slowness. The pop-ups were for Music Downloads, Ebay, Jobs, Credit Cards, etc... Later after receiving many attempts to help me from McAfee to help me, nothing worked. I was referred here by the McAfee forums for help. I am not sure if this virus is hiding in the emails I send, putting other people at risk. I have also used VundoFix, and have came up with a program called "mlljgee.dll" that cannot be deleted.
I currently have: McAfee Security Center 2007 (my computers main security) SUPER-antivirus (A last resort measure for getting rid of my virus) SUPER-antipopups (To temporarily stop pop-ups) The 2 programs that were recommended to Install in Step 3 of the guide. My Computer is running SP2 and is fully up-to date on security. Here is log for the "Panda" Virusscan from step 1 Incident Status Location Virus:Trj/ConHook.CV Disinfected Operating system Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts Potentially unwanted tool:application/mywebsearch Not disinfected c:\program files\MyWebSearch Adware:adware/statblaster Not disinfected Windows Registry Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp130.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp158.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp1A1.tmp.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp1C.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp1E3.tmp.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp23.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp29E.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp2B.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp2FF.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp30C.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp32.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp335.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp36E.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp36F.tmp.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp37.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp3A8.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp3C5.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp6C.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp6D.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmp80.tmp.exe Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Application Data\tmp90.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmpA0.tmp.exe Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Application Data\tmpAE.tmp.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alec\Cookies\alec@ad.yieldmanager[2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Alec\Cookies\alec@ads.addynamix[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alec\Cookies\alec@com[1].txt Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Alec\Cookies\alec@date[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alec\Cookies\alec@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Alec\Cookies\alec@findwhat[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alec\Cookies\alec@mediaplex[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alec\Cookies\alec@searchportal.information[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alec\Cookies\alec@statcounter[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Alec\Cookies\alec@stats1.reliablestats[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Alec\Cookies\alec@systemdoctor[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@www.errorsafe[1].txt Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Local Settings\Temporary Internet Files\Content.IE5\4JAW3J1D\dns_bot_20070615[1] Virus:Trj/Downloader.OZB Disinfected C:\Documents and Settings\Alec\Local Settings\Temporary Internet Files\Content.IE5\OFO6V4R3\dns_bot_20070615[1] Virus:Trj/Downloader.PEC Disinfected C:\Documents and Settings\Alec\Local Settings\Temporary Internet Files\Content.IE5\OFO6V4R3\ffa_dn[1] Virus:Trj/ConHook.CV Disinfected C:\VundoFix Backups\geedebc.dll.bad Virus:Trj/ConHook.CV Disinfected C:\VundoFix Backups\mlljgee.dll.bad Adware:Adware/eZula Not disinfected C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe[²ÑÇ] Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\geedeb.dll Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\mlkklm.dll Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\pmnkih.dll Virus:Trj/ConHook.CV Disinfected C:\WINDOWS\system32\mlljgee.dll Adware:Adware/WebSearch Not disinfected C:\WINDOWS\system32\tmp10C.tmp.dll Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\tuvtqo.dll Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\vttqpo.dll Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\vttssp.dll Spyware:Spyware/Vundo Log for Hijack! Deckard's System Scanner v20070611.50 Run by Alec on 2007-06-27 at 21:07:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-06-28 01:07:30 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Alec.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 9:11:36 PM, on 6/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\OpenSA\Apache2\bin\Apache.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\OpenSA\Apache2\bin\Apache.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\MSN Messenger\livecall.exe c:\program files\aim6\anotify.exe C:\Documents and Settings\Alec\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Alec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - [SASInprocServer32] (file missing) O2 - BHO: (no name) - {ed652ace-34de-49de-8b5d-71c81e34d7fa} - C:\WINDOWS\system32\5E6tub.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\xxxvus.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173546185312 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.webex.com/client/...ex/ieatgpc.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - AppInit_DLLs: c:\windows\system32\mlljgee.dll O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: 5E6tub - C:\WINDOWS\SYSTEM32\5E6tub.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: McAfee Application Installer Cleanup (0168601182965975) (0168601182965975mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016860~1.EXE (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alec\Application Data\tmpE.tmp.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe -- File Associations ----------------------------------------------------------- .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71 .inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1 .reg - regfile - shell\open\command - "regedit.exe" "%1" .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70 .vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys <Not Verified; SuperAdBlocker.com; > R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver> S1 SABDIFSV - c:\program files\superadblocker.com\super ad blocker\sabdifsv.sys S3 o1394bul - c:\docume~1\alec\locals~1\temp\o1394bul.sys (file missing) S3 SQTECH905C (Dual Camera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apache2 - "c:\opensa\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 SABSVC (Super Ad Blocker Service) - "c:\program files\superadblocker.com\super ad blocker\sabsvc.exe" <Not Verified; SuperAdBlocker.com; Super Ad Blocker Service> S2 0168601182965975mcinstcleanup (McAfee Application Installer Cleanup (0168601182965975)) - c:\windows\temp\016860~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing) S2 DomainService - c:\documents and settings\alec\application data\tmpe.tmp.exe /service (file missing) -- Scheduled Tasks ------------------------------------------------------------- 2007-06-25 11:55:31 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job 2007-06-25 11:55:28 350 --a------ C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2007-05-27 and 2007-06-27 ----------------------------- 2007-06-27 19:48:58 0 d-------- C:\ie-spyad 2007-06-27 19:38:32 134917 --a------ C:\WINDOWS\xxxvus.dll 2007-06-27 19:21:41 0 d-------- C:\Program Files\SpywareBlaster 2007-06-27 16:21:02 134917 --a------ C:\WINDOWS\xxywur.dll 2007-06-27 16:08:17 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys 2007-06-27 16:08:15 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware> 2007-06-27 15:52:50 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 15:37:23 134917 --a------ C:\WINDOWS\gebbxx.dll 2007-06-27 13:39:31 0 d-------- C:\WINDOWS\LastGood 2007-06-27 11:12:49 38232 --a------ C:\WINDOWS\system32\5E6tub.dll 2007-06-27 11:12:46 49252 --a------ C:\WINDOWS\system32\ddccy.exe 2007-06-27 10:51:19 49252 --a------ C:\WINDOWS\system32\gebcy.exe 2007-06-27 09:19:41 49252 --a------ C:\WINDOWS\system32\gebyw.exe 2007-06-26 22:33:01 135052 --a------ C:\WINDOWS\pmnkih.dll 2007-06-26 20:42:03 49252 --a------ C:\WINDOWS\system32\mljjk.exe 2007-06-26 20:19:18 135052 --a------ C:\WINDOWS\vttssp.dll 2007-06-26 10:48:58 0 d-------- C:\Documents and Settings\Alec\Application Data\SuperAdBlocker.com 2007-06-26 10:48:23 0 d-------- C:\Program Files\SuperAdBlocker.com 2007-06-26 10:41:18 0 d-------- C:\Program Files\NoAdware5.0 2007-06-26 09:34:19 49252 --a------ C:\WINDOWS\system32\pmkhi.exe 2007-06-25 23:07:12 49252 --a------ C:\WINDOWS\system32\jkhhi.exe 2007-06-25 22:40:07 49252 --a------ C:\WINDOWS\system32\vturs.exe 2007-06-25 21:44:34 135052 --a------ C:\WINDOWS\geedeb.dll 2007-06-25 21:07:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 18:15:46 135052 --a------ C:\WINDOWS\tuvtqo.dll 2007-06-25 17:38:19 135052 --a------ C:\WINDOWS\vttqpo.dll 2007-06-25 17:38:16 135052 --a------ C:\WINDOWS\xxxuvs.dll 2007-06-25 16:23:34 0 d-------- C:\WINDOWS\McAfee.com 2007-06-25 15:40:44 0 d-------- C:\WINDOWS\system32\LogFiles 2007-06-25 13:44:34 0 d-------- C:\WINDOWS\pss 2007-06-25 12:45:41 0 d-------- C:\Program Files\Roguescanfix 2007-06-25 12:05:21 135052 --a------ C:\WINDOWS\mlkklm.dll 2007-06-25 12:00:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Program Files\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\Alec\Application Data\SiteAdvisor 2007-06-25 11:58:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-06-25 11:55:02 0 d-------- C:\Program Files\McAfee.com 2007-06-25 11:54:47 0 d-------- C:\Program Files\Common Files\McAfee 2007-06-25 11:54:35 0 d-------- C:\Program Files\McAfee 2007-06-24 22:49:21 0 d-------- C:\SDAT 2007-06-24 22:45:22 18658085 --a------ C:\sdat5059.exe <Not Verified; McAfee, Inc.; McAfee Core Components> 2007-06-24 22:37:01 4020 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 22:25:15 557056 --a------ C:\Documents and Settings\Alec\GoToAssist_phone__320_en.exe <Not Verified; Citrix Online; GoToAssist> 2007-06-24 16:19:04 0 d-------- C:\Program Files\MyWebSearch 2007-06-24 16:18:51 0 d-------- C:\Program Files\FunWebProducts 2007-06-13 16:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore 2007-06-13 16:09:42 0 d-------- C:\Documents and Settings\Administrator\Contacts 2007-06-11 21:51:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2007-06-11 21:13:27 0 d--hs---- C:\WINDOWS\CSC 2007-06-02 22:09:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-02 17:58:54 0 d-------- C:\Program Files\Symantec 2007-06-02 17:58:42 0 d-------- C:\Program Files\Symantec AntiVirus 2007-06-02 17:58:42 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-02 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-06-02 12  24 106585 --a------ C:\WINDOWS\khedaa.dll2007-06-02 11:45:36 106585 --a------ C:\WINDOWS\wvwwur.dll 2007-06-02 09:26:27 106597 --a------ C:\WINDOWS\nnomki.dll 2007-06-01 18:52:33 0 d-------- C:\VundoFix Backups 2007-06-01 07:31:51 106518 --a------ C:\WINDOWS\opqrpo.dll 2007-05-30 20:30:29 106515 --a------ C:\WINDOWS\rqpnmm.dll 2007-05-30 20:24:22 0 d-------- C:\Documents and Settings\Alec\Application Data\McAfee 2007-05-30 19:40:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-05-30 19:39:54 0 d-------- C:\Program Files\Promosoft Corporation 2007-05-30 19:37:41 106556 --a------ C:\WINDOWS\hgfcda.dll 2007-05-30 17:53:18 106461 --a------ C:\WINDOWS\yaaaab.dll 2007-05-30 16:52:52 106611 --a------ C:\WINDOWS\qomjij.dll 2007-05-30 16:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-05-30 16:41:26 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-05-30 16:41:24 0 d-------- C:\Documents and Settings\Alec\Application Data\SUPERAntiSpyware.com 2007-05-29 17:22:21 47836 --a------ C:\WINDOWS\system32\pmkhg.exe 2007-05-29 17:17:19 12494 -----n--- C:\WINDOWS\system32\mlljgee.dll 2007-05-28 20:36:19 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire> 2007-05-28 20:36:19 0 d-------- C:\Program Files\VstPlugins 2007-05-28 20:33:31 0 d-------- C:\Program Files\Image-Line -- Find3M Report --------------------------------------------------------------- 2007-06-27 21:01:15 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FE.tmp.exe 2007-06-27 19:38:29 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FB.tmp.exe 2007-06-27 18:26:20 0 d-------- C:\Program Files\MSN Messenger 2007-06-27 17:31:29 0 d-------- C:\Program Files\Google 2007-06-27 17:27:50 0 d-------- C:\Program Files\Digital Line Detect 2007-06-27 17:27:49 0 d-------- C:\Program Files\DellSupport 2007-06-27 17:23:54 0 d-------- C:\Program Files\AIM6 2007-06-27 16:25:05 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp415.tmp.exe 2007-06-27 16:20:59 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp40B.tmp.exe 2007-06-27 16:20:56 0 --a------ C:\Documents and Settings\Alec\Application Data\tmp40A.tmp.exe 2007-06-27 15:41:09 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp95.tmp.exe 2007-06-27 15:37:21 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp93.tmp.exe 2007-06-27 12:20:19 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp3B.tmp.exe 2007-06-27 12:18:32 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp38.tmp.exe 2007-06-27 11:56:30 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp25.tmp.exe 2007-06-27 11:55:47 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp24.tmp.exe 2007-06-27 11:37:46 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp1E.tmp.exe 2007-06-27 11:30:04 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp1D.tmp.exe 2007-06-27 11:16:29 77708 --a------ C:\logfile 2007-06-27 10:44:39 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp7D.tmp.exe 2007-06-27 10:41:43 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp7C.tmp.exe 2007-06-27 09:37:18 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp61.tmp.exe 2007-06-27 09:28:18 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp54.tmp.exe 2007-06-27 09:24:34 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp49.tmp.exe 2007-06-26 21:57:09 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp30F.tmp.exe 2007-06-26 21:25:33 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp306.tmp.exe 2007-06-26 20:48:48 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp2EE.tmp.exe 2007-06-26 19:31:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp23A.tmp.exe 2007-06-26 18:33:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp1A2.tmp.exe 2007-06-26 17:13:35 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp15A.tmp.exe 2007-06-26 15:44:52 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp132.tmp.exe 2007-06-26 11:49:06 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpB0.tmp.exe 2007-06-26 11:24:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA4.tmp.exe 2007-06-26 11:03:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp97.tmp.exe 2007-06-26 10:34:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp34.tmp.exe 2007-06-26 09:39:25 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp21.tmp.exe 2007-06-25 22:50:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp45.tmp.exe 2007-06-25 22:26:13 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp156.tmp.exe 2007-06-25 21:15:26 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp4E.tmp.exe 2007-06-25 18:17:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA7.tmp.exe 2007-06-25 17:33:06 0 d-------- C:\Program Files\Stardock 2007-06-25 17:28:21 0 d-------- C:\Program Files\GhostSurf 2005 2007-06-25 17:18:21 0 d-------- C:\Program Files\Common Files\Real 2007-06-25 13:15:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp84.tmp.exe 2007-06-25 12:16:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3C7.tmp.exe 2007-06-25 12:09:57 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3AB.tmp.exe 2007-06-25 11:28:51 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp12.tmp.exe 2007-06-24 23:42:15 0 d-------- C:\Program Files\mIRC 2007-06-24 23:18:29 0 d-------- C:\Program Files\GameSpy Arcade 2007-06-15 18:49:00 4548 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-15 18:49:00 56 -r-hs---- C:\WINDOWS\system32\F3C9371233.sys 2007-05-30 17:56:08 0 d-------- C:\Program Files\LimeWire 2007-05-30 17:08:26 384 --a------ C:\Documents and Settings\Alec\Application Data\internaldb6334.dat 2007-05-30 16:36:44 194 --a------ C:\Documents and Settings\Alec\Application Data\internaldb8467.dat 2007-05-30 16:36:44 18432 --a------ C:\Documents and Settings\Alec\Application Data\internaldb41.dat 2007-05-29 17:18:15 0 d-------- C:\Program Files\Common Files\Download Manager 2007-05-24 21:45:05 0 d-------- C:\Program Files\MUSICMATCH 2007-05-18 21:01:20 0 d-------- C:\Documents and Settings\Alec\Application Data\Lavasoft 2007-05-17 21:45:36 0 d-------- C:\Program Files\Microsoft Games 2007-05-12 15:57:20 177408 --a------ C:\outsound.bin 2007-05-12 11:51:21 0 d-------- C:\Program Files\Microsoft Easy Assist 2007-04-25 20:15:44 182745 --a------ C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe 2007-04-19 20:57:22 4 --a------ C:\WINDOWS\system32\5E6453 2007-04-03 15:12:42 513152 --a------ C:\WINDOWS\system32\WmaCDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver> -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000000-6C30-11D8-9363-000AE6309654} C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [SASInprocServer32] [x] {ed652ace-34de-49de-8b5d-71c81e34d7fa} C:\WINDOWS\system32\5E6tub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "SigmatelSysTrayApp"="stsystra.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe" "SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe" "winehq.org"="rundll32.exe \"C:\\WINDOWS\\xxxvus.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Aim6"="" "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoColorChoice"=dword:00000000 "NoSizeChoice"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispCPL"=dword:00000000 "NoVisualStyleChoice"=dword:00000000 "NoDispSettingsPage"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\5E6tub HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="c:\windows\system32\mlljgee.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command D:\launcher\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Shell\AutoRun\command E:\setup.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3dec1bf-7563-11da-874b-806d6172696f}] Shell\AutoRun\command D:\launcher\autorun.exe -- End of Deckard's System Scanner: finished at 2007-06-27 at 21:16:14 --------- Deckard's System Scanner v20070611.50 Run by Alec on 2007-06-27 at 21:07:19 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2007-06-28 01:07:30 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Alec.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 9:11:36 PM, on 6/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\OpenSA\Apache2\bin\Apache.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\OpenSA\Apache2\bin\Apache.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\MSN Messenger\livecall.exe c:\program files\aim6\anotify.exe C:\Documents and Settings\Alec\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Alec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - [SASInprocServer32] (file missing) O2 - BHO: (no name) - {ed652ace-34de-49de-8b5d-71c81e34d7fa} - C:\WINDOWS\system32\5E6tub.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\xxxvus.dll",realset O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173546185312 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.webex.com/client/...ex/ieatgpc.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - AppInit_DLLs: c:\windows\system32\mlljgee.dll O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: 5E6tub - C:\WINDOWS\SYSTEM32\5E6tub.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: McAfee Application Installer Cleanup (0168601182965975) (0168601182965975mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\016860~1.EXE (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Alec\Application Data\tmpE.tmp.exe (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe -- File Associations ----------------------------------------------------------- .bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71 .inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69 .reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1 .reg - regfile - shell\open\command - "regedit.exe" "%1" .txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70 .vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2 -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 SABKUTIL - c:\program files\superadblocker.com\super ad blocker\sabkutil.sys R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 SABProcEnum - c:\program files\superadblocker.com\super ad blocker\sabprocenum.sys <Not Verified; SuperAdBlocker.com; > R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R3 WmaCDriverV32 - c:\windows\system32\drivers\wmacdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver> S1 SABDIFSV - c:\program files\superadblocker.com\super ad blocker\sabdifsv.sys S3 o1394bul - c:\docume~1\alec\locals~1\temp\o1394bul.sys (file missing) S3 SQTECH905C (Dual Camera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apache2 - "c:\opensa\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server> R2 SABSVC (Super Ad Blocker Service) - "c:\program files\superadblocker.com\super ad blocker\sabsvc.exe" <Not Verified; SuperAdBlocker.com; Super Ad Blocker Service> S2 0168601182965975mcinstcleanup (McAfee Application Installer Cleanup (0168601182965975)) - c:\windows\temp\016860~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service (file missing) S2 DomainService - c:\documents and settings\alec\application data\tmpe.tmp.exe /service (file missing) -- Scheduled Tasks ------------------------------------------------------------- 2007-06-25 11:55:31 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job 2007-06-25 11:55:28 350 --a------ C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2007-05-27 and 2007-06-27 ----------------------------- 2007-06-27 19:48:58 0 d-------- C:\ie-spyad 2007-06-27 19:38:32 134917 --a------ C:\WINDOWS\xxxvus.dll 2007-06-27 19:21:41 0 d-------- C:\Program Files\SpywareBlaster 2007-06-27 16:21:02 134917 --a------ C:\WINDOWS\xxywur.dll 2007-06-27 16:08:17 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys 2007-06-27 16:08:15 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware> 2007-06-27 15:52:50 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 15:37:23 134917 --a------ C:\WINDOWS\gebbxx.dll 2007-06-27 13:39:31 0 d-------- C:\WINDOWS\LastGood 2007-06-27 11:12:49 38232 --a------ C:\WINDOWS\system32\5E6tub.dll 2007-06-27 11:12:46 49252 --a------ C:\WINDOWS\system32\ddccy.exe 2007-06-27 10:51:19 49252 --a------ C:\WINDOWS\system32\gebcy.exe 2007-06-27 09:19:41 49252 --a------ C:\WINDOWS\system32\gebyw.exe 2007-06-26 22:33:01 135052 --a------ C:\WINDOWS\pmnkih.dll 2007-06-26 20:42:03 49252 --a------ C:\WINDOWS\system32\mljjk.exe 2007-06-26 20:19:18 135052 --a------ C:\WINDOWS\vttssp.dll 2007-06-26 10:48:58 0 d-------- C:\Documents and Settings\Alec\Application Data\SuperAdBlocker.com 2007-06-26 10:48:23 0 d-------- C:\Program Files\SuperAdBlocker.com 2007-06-26 10:41:18 0 d-------- C:\Program Files\NoAdware5.0 2007-06-26 09:34:19 49252 --a------ C:\WINDOWS\system32\pmkhi.exe 2007-06-25 23:07:12 49252 --a------ C:\WINDOWS\system32\jkhhi.exe 2007-06-25 22:40:07 49252 --a------ C:\WINDOWS\system32\vturs.exe 2007-06-25 21:44:34 135052 --a------ C:\WINDOWS\geedeb.dll 2007-06-25 21:07:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 18:15:46 135052 --a------ C:\WINDOWS\tuvtqo.dll 2007-06-25 17:38:19 135052 --a------ C:\WINDOWS\vttqpo.dll 2007-06-25 17:38:16 135052 --a------ C:\WINDOWS\xxxuvs.dll 2007-06-25 16:23:34 0 d-------- C:\WINDOWS\McAfee.com 2007-06-25 15:40:44 0 d-------- C:\WINDOWS\system32\LogFiles 2007-06-25 13:44:34 0 d-------- C:\WINDOWS\pss 2007-06-25 12:45:41 0 d-------- C:\Program Files\Roguescanfix 2007-06-25 12:05:21 135052 --a------ C:\WINDOWS\mlkklm.dll 2007-06-25 12:00:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Program Files\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\Alec\Application Data\SiteAdvisor 2007-06-25 11:58:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-06-25 11:55:02 0 d-------- C:\Program Files\McAfee.com 2007-06-25 11:54:47 0 d-------- C:\Program Files\Common Files\McAfee 2007-06-25 11:54:35 0 d-------- C:\Program Files\McAfee 2007-06-24 22:49:21 0 d-------- C:\SDAT 2007-06-24 22:45:22 18658085 --a------ C:\sdat5059.exe <Not Verified; McAfee, Inc.; McAfee Core Components> 2007-06-24 22:37:01 4020 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 22:25:15 557056 --a------ C:\Documents and Settings\Alec\GoToAssist_phone__320_en.exe <Not Verified; Citrix Online; GoToAssist> 2007-06-24 16:19:04 0 d-------- C:\Program Files\MyWebSearch 2007-06-24 16:18:51 0 d-------- C:\Program Files\FunWebProducts 2007-06-13 16:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore 2007-06-13 16:09:42 0 d-------- C:\Documents and Settings\Administrator\Contacts 2007-06-11 21:51:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2007-06-11 21:13:27 0 d--hs---- C:\WINDOWS\CSC 2007-06-02 22:09:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-02 17:58:54 0 d-------- C:\Program Files\Symantec 2007-06-02 17:58:42 0 d-------- C:\Program Files\Symantec AntiVirus 2007-06-02 17:58:42 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-02 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-06-02 12 24 106585 --a------ C:\WINDOWS\khedaa.dll2007-06-02 11:45:36 106585 --a------ C:\WINDOWS\wvwwur.dll 2007-06-02 09:26:27 106597 --a------ C:\WINDOWS\nnomki.dll 2007-06-01 18:52:33 0 d-------- C:\VundoFix Backups 2007-06-01 07:31:51 106518 --a------ C:\WINDOWS\opqrpo.dll 2007-05-30 20:30:29 106515 --a------ C:\WINDOWS\rqpnmm.dll 2007-05-30 20:24:22 0 d-------- C:\Documents and Settings\Alec\Application Data\McAfee 2007-05-30 19:40:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-05-30 19:39:54 0 d-------- C:\Program Files\Promosoft Corporation 2007-05-30 19:37:41 106556 --a------ C:\WINDOWS\hgfcda.dll 2007-05-30 17:53:18 106461 --a------ C:\WINDOWS\yaaaab.dll 2007-05-30 16:52:52 106611 --a------ C:\WINDOWS\qomjij.dll 2007-05-30 16:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-05-30 16:41:26 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-05-30 16:41:24 0 d-------- C:\Documents and Settings\Alec\Application Data\SUPERAntiSpyware.com 2007-05-29 17:22:21 47836 --a------ C:\WINDOWS\system32\pmkhg.exe 2007-05-29 17:17:19 12494 -----n--- C:\WINDOWS\system32\mlljgee.dll 2007-05-28 20:36:19 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire> 2007-05-28 20:36:19 0 d-------- C:\Program Files\VstPlugins 2007-05-28 20:33:31 0 d-------- C:\Program Files\Image-Line -- Find3M Report --------------------------------------------------------------- 2007-06-27 21:01:15 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FE.tmp.exe 2007-06-27 19:38:29 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp12FB.tmp.exe 2007-06-27 18:26:20 0 d-------- C:\Program Files\MSN Messenger 2007-06-27 17:31:29 0 d-------- C:\Program Files\Google 2007-06-27 17:27:50 0 d-------- C:\Program Files\Digital Line Detect 2007-06-27 17:27:49 0 d-------- C:\Program Files\DellSupport 2007-06-27 17:23:54 0 d-------- C:\Program Files\AIM6 2007-06-27 16:25:05 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp415.tmp.exe 2007-06-27 16:20:59 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp40B.tmp.exe 2007-06-27 16:20:56 0 --a------ C:\Documents and Settings\Alec\Application Data\tmp40A.tmp.exe 2007-06-27 15:41:09 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp95.tmp.exe 2007-06-27 15:37:21 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp93.tmp.exe 2007-06-27 12:20:19 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp3B.tmp.exe 2007-06-27 12:18:32 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp38.tmp.exe 2007-06-27 11:56:30 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp25.tmp.exe 2007-06-27 11:55:47 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp24.tmp.exe 2007-06-27 11:37:46 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp1E.tmp.exe 2007-06-27 11:30:04 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp1D.tmp.exe 2007-06-27 11:16:29 77708 --a------ C:\logfile 2007-06-27 10:44:39 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp7D.tmp.exe 2007-06-27 10:41:43 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp7C.tmp.exe 2007-06-27 09:37:18 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp61.tmp.exe 2007-06-27 09:28:18 128153 --a------ C:\Documents and Settings\Alec\Application Data\tmp54.tmp.exe 2007-06-27 09:24:34 73936 --a------ C:\Documents and Settings\Alec\Application Data\tmp49.tmp.exe 2007-06-26 21:57:09 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp30F.tmp.exe 2007-06-26 21:25:33 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp306.tmp.exe 2007-06-26 20:48:48 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp2EE.tmp.exe 2007-06-26 19:31:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp23A.tmp.exe 2007-06-26 18:33:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp1A2.tmp.exe 2007-06-26 17:13:35 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp15A.tmp.exe 2007-06-26 15:44:52 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp132.tmp.exe 2007-06-26 11:49:06 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpB0.tmp.exe 2007-06-26 11:24:28 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA4.tmp.exe 2007-06-26 11:03:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp97.tmp.exe 2007-06-26 10:34:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp34.tmp.exe 2007-06-26 09:39:25 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp21.tmp.exe 2007-06-25 22:50:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp45.tmp.exe 2007-06-25 22:26:13 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp156.tmp.exe 2007-06-25 21:15:26 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp4E.tmp.exe 2007-06-25 18:17:49 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmpA7.tmp.exe 2007-06-25 17:33:06 0 d-------- C:\Program Files\Stardock 2007-06-25 17:28:21 0 d-------- C:\Program Files\GhostSurf 2005 2007-06-25 17:18:21 0 d-------- C:\Program Files\Common Files\Real 2007-06-25 13:15:07 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp84.tmp.exe 2007-06-25 12:16:58 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3C7.tmp.exe 2007-06-25 12:09:57 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp3AB.tmp.exe 2007-06-25 11:28:51 73931 --a------ C:\Documents and Settings\Alec\Application Data\tmp12.tmp.exe 2007-06-24 23:42:15 0 d-------- C:\Program Files\mIRC 2007-06-24 23:18:29 0 d-------- C:\Program Files\GameSpy Arcade 2007-06-15 18:49:00 4548 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-15 18:49:00 56 -r-hs---- C:\WINDOWS\system32\F3C9371233.sys 2007-05-30 17:56:08 0 d-------- C:\Program Files\LimeWire 2007-05-30 17:08:26 384 --a------ C:\Documents and Settings\Alec\Application Data\internaldb6334.dat 2007-05-30 16:36:44 194 --a------ C:\Documents and Settings\Alec\Application Data\internaldb8467.dat 2007-05-30 16:36:44 18432 --a------ C:\Documents and Settings\Alec\Application Data\internaldb41.dat 2007-05-29 17:18:15 0 d-------- C:\Program Files\Common Files\Download Manager 2007-05-24 21:45:05 0 d-------- C:\Program Files\MUSICMATCH 2007-05-18 21:01:20 0 d-------- C:\Documents and Settings\Alec\Application Data\Lavasoft 2007-05-17 21:45:36 0 d-------- C:\Program Files\Microsoft Games 2007-05-12 15:57:20 177408 --a------ C:\outsound.bin 2007-05-12 11:51:21 0 d-------- C:\Program Files\Microsoft Easy Assist 2007-04-25 20:15:44 182745 --a------ C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe 2007-04-19 20:57:22 4 --a------ C:\WINDOWS\system32\5E6453 2007-04-03 15:12:42 513152 --a------ C:\WINDOWS\system32\WmaCDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver> -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000000-6C30-11D8-9363-000AE6309654} C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} [SASInprocServer32] [x] {ed652ace-34de-49de-8b5d-71c81e34d7fa} C:\WINDOWS\system32\5E6tub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "SigmatelSysTrayApp"="stsystra.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe" "SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe" "winehq.org"="rundll32.exe \"C:\\WINDOWS\\xxxvus.dll\",realset" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "Aim6"="" "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 "DisableTaskMgr"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=dword:00000000 "NoDispAppearancePage"=dword:00000000 "NoColorChoice"=dword:00000000 "NoSizeChoice"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispCPL"=dword:00000000 "NoVisualStyleChoice"=dword:00000000 "NoDispSettingsPage"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktop"=dword:00000000 "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 "ForceActiveDesktopOn"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\5E6tub HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="c:\windows\system32\mlljgee.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command D:\launcher\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Shell\AutoRun\command E:\setup.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3dec1bf-7563-11da-874b-806d6172696f}] Shell\AutoRun\command D:\launcher\autorun.exe -- End of Deckard's System Scanner: finished at 2007-06-27 at 21:16:14 --------- Thanks this is driving me crazy so PLEASE help! |
|
     |
| Sponsored Links |
|
06-27-2007, 06:38 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
NOTE: for some reason I cannot post "extra" attachment so i'll put it here.
-- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz Percentage of Memory in Use: 78% Physical Memory (total/avail): 1270.07 MiB / 272.64 MiB Pagefile Memory (total/avail): 2392.36 MiB / 942.63 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.24 MiB C: is Fixed (NTFS) - 69.82 GiB total, 29.52 GiB free. D: is CDROM (CDFS) -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FirstRunDisabled is set. AntiVirusDisableNotify is set. FirewallDisableNotify is set. FW: McAfee Personal Firewall v (McAfee) AV: McAfee VirusScan v (McAfee) [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger" "C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe:*:Enabled:Halo" "C:\\Documents and Settings\\Alec\\Local Settings\\Temporary Internet Files\\Content.IE5\\733PCF4P\\StickOnline[1]\\StickOnline.exe"="C:\\Documents and Settings\\Alec\\Local Settings\\Temporary Internet Files\\Content.IE5\\733PCF4P\\StickOnline[1]\\StickOnline.exe:*:Enabled:StickOnline" "C:\\OpenSA\\Apache2\\bin\\Apache.exe"="C:\\OpenSA\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server" "C:\\Perl\\bin\\perl.exe"="C:\\Perl\\bin\\perl.exe:*:Enabled:Perl Command Line Interpreter" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater" "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" "C:\\Documents and Settings\\Alec\\Application Data\\tmpE.tmp.exe"="C:\\Documents and Settings\\Alec\\Applic" "C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Alec\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DJ9G1091 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Alec LOGONSERVER=\\DJ9G1091 NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Perl\bin\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\VXIPNP\WinNT\Bin;C:\OpenSA\Apache2\bin;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0403 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip SESSIONNAME=Console SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Alec\LOCALS~1\Temp TMP=C:\DOCUME~1\Alec\LOCALS~1\Temp USERDOMAIN=DJ9G1091 USERNAME=Alec USERPROFILE=C:\Documents and Settings\Alec VXIPNPPATH=C:\VXIPNP\ windir=C:\WINDOWS __COMPAT_LAYER=EnableNXShowUI -- User Profiles --------------------------------------------------------------- Alec (admin) Jared (admin) Jamison Administrator (admin) Guest (guest) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} --> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} --> C:\WINDOWS\uninst.exe -fC:\Maxis\SimAnt\DeIsL1.isu --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} --> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E} --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ActivePerl 5.8.3 Build 809 --> MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E} Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AIM 6 --> C:\Program Files\AIM6\uninst.exe America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe AOL Coach Version 1.0(Build:20040229.1 en) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe AOL Connectivity Services --> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe" AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} Best Buy Rhapsody --> C:\PROGRA~1\BESTBU~1\Unwise32.exe /A C:\PROGRA~1\BESTBU~1\install.log CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354} Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe" DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE} EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864} Electronic Arts Game Updater --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\EACom\Update\Uninst.isu" ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4} ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} FL Studio 5 --> C:\Program Files\Image-Line\FLStudio5\uninstall.exe Free Registry Fix 3.10 --> C:\Program Files\Promosoft Corporation\Free Registry Fix\uninst.exe GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe" Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IconPackager --> C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772 Intel(R) PRO Network Connections Drivers --> Prounstl.exe Intel(R) PROSet for Wired Connections --> MsiExec.exe /I{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA} Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344} kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E} kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1} kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B} kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4} kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC} kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549} Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_6e3e79\Setup.exe /APR-REMOVE KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267} Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe LEGO® MINDSTORMS® NXT - English Language Pack --> MsiExec.exe /I{3E4153AF-3D74-4062-8812-B1FDCE6B1F37} LEGO® MINDSTORMS® NXT Driver --> MsiExec.exe /I{E14D4E88-DBBF-4AEE-A8EB-C4744E95EEEA} LEGO® MINDSTORMS® NXT Software v1.0 --> MsiExec.exe /I{4246326C-E861-43CA-B47D-2357454385F9} LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c} MAX DS Video Converter --> "C:\Program Files\Datel\MAX DS Video Converter\unins001.exe" McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Easy Assist --> MsiExec.exe /I{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9} Microsoft Expedia Streets 98 --> C:\Program Files\Common Files\Microsoft Shared\Geography\Setup\acmsetup.exe /U /T SUS60409.stf Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6} Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9} Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel MS Access 97 SP2 --> C:\Program Files\Microsoft Office\setup\setup.exe MSXML 6.0 Parser (KB927977) --> MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C} netbrdg --> MsiExec.exe /I{11511E0E-B847-46CD-81EF-1A8C488A042C} NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9} NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe" Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} OpenSA web server 2 --> MsiExec.exe /I{919B9228-CEBF-418C-BCF5-A1BA043504F4} Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1 QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8} RollerCoaster Tycoon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}\Setup.exe" -l0x9 Sansa Media Converter --> "C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} SimCity 3000 Unlimited --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000 Unlimited\DeIsL1.isu" -c"C:\Program Files\Maxis\SimCity 3000 Unlimited\_UnInstall.dll" SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE} SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Sothink SWF Quicker --> "C:\Program Files\SourceTec\Sothink SWF Quicker\unins000.exe" SpongeBob --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9 SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe" Stardock Central --> C:\PROGRA~1\Stardock\SDCENT~1\UNWISE.EXE C:\PROGRA~1\Stardock\SDCENT~1\INSTALL.LOG staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} Super Ad Blocker --> MsiExec.exe /X{F8BA8B13-856D-4DFB-A28F-7EC868142453} SUPERAntiSpyware Professional --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe The Sims 2 Open For Business --> C:\Sims2 OFB\EAUninstall.exe tooltips --> MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" WG111v2 Configuration Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\setup.exe" -l0x9 REMOVE -removeonly WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} WMAConvert 2.3.1 --> "C:\Program Files\WMAConvert\unins000.exe" WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe" XML Paper Specification Shared Components Pack 1.0 --> Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe -- End of Deckard's System Scanner: finished at 2007-06-27 at 21:16:14 --------- |
|
|
|
|
06-27-2007, 09:11 PM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Hello Alec22,
We'll begin with the following tool: Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix and save it to your desktop. **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall |
|
|
|
|
06-28-2007, 08:56 AM
|
#4 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
Thanks so much for getting back to me, here are the logs requested.
COMBOFIX LOG "Alec" - 2007-06-28 11:09:05 - ComboFix 07-06-28.4 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\hgfcda.dll C:\WINDOWS\khedaa.dll C:\WINDOWS\nnomki.dll C:\WINDOWS\opqrpo.dll C:\WINDOWS\qomjij.dll C:\WINDOWS\rqpnmm.dll C:\WINDOWS\wvwwur.dll C:\WINDOWS\yaaaab.dll C:\WINDOWS\system32\pmkhg.exe C:\WINDOWS\adcfgh.ini C:\WINDOWS\ikmonn.ini C:\WINDOWS\oprqpo.ini C:\WINDOWS\jijmoq.ini C:\WINDOWS\mmnpqr.ini C:\WINDOWS\baaaay.ini * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Alec\APPLIC~1\tmp12.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp12FB.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp12FE.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp131D.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp132.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp1390.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp156.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp15A.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp1A2.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp1D.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp1E.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp21.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp23A.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp24.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp25.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp2EE.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp306.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp30F.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp34.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp38.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp3AB.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp3B.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp3C7.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp40B.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp415.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp45.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp49.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp4E.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp54.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp61.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp7C.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp7D.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp84.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp93.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp95.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmp97.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmpA4.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmpA7.tmp.exe C:\DOCUME~1\Alec\APPLIC~1\tmpB0.tmp.exe C:\WINDOWS\DOWNLO~1.\MyWebEx C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atarm.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atas32.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atasanot.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atasctrl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atasnt40.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atcarmcl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atjpeg60.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atkbctl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atlchat.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atmemmgr.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atnetext.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atpack.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atres.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\attp.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\atwbxui.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\ieatgpc.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\mwm.ini C:\WINDOWS\DOWNLO~1.\MyWebEx\491\mwmcliun.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\491\mwmHook.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\mwmproxy.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\mwmres.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\mwmupd.exe C:\WINDOWS\DOWNLO~1.\MyWebEx\491\ratrace.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\raurl.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\uilibres.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\wbxcrypt.dll C:\WINDOWS\DOWNLO~1.\MyWebEx\491\webexmgr.dll C:\WINDOWS\DOWNLO~1.\ODCTOOLS C:\WINDOWS\DOWNLO~1.\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab C:\WINDOWS\DOWNLO~1.\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\tmp10C.tmp.dll C:\WINDOWS\system32\tmp124.tmp.dll C:\WINDOWS\system32\tmp15B.tmp.dll C:\WINDOWS\system32\tmp1FE.tmp.dll C:\WINDOWS\system32\tmp37.tmp.dll C:\WINDOWS\system32\tmp54.tmp.dll C:\WINDOWS\system32\tmp55.tmp.dll C:\WINDOWS\system32\tmp6D.tmp.dll C:\WINDOWS\system32\tmpB5.tmp.dll C:\WINDOWS\system32\tmpD9.tmp.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) 2007-06-28 11:08 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-28 00:10 59,427 --a------ C:\WINDOWS\system32\tmp1390.tmp.dll 2007-06-27 21:38 134,917 --a------ C:\WINDOWS\awtqqq.dll 2007-06-27 21:06 <DIR> d-------- C:\Deckard 2007-06-27 21:01 59,427 --a------ C:\WINDOWS\system32\tmp12FE.tmp.dll 2007-06-27 19:48 <DIR> d-------- C:\ie-spyad 2007-06-27 19:21 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-27 16:25 59,427 --a------ C:\WINDOWS\system32\tmp415.tmp.dll 2007-06-27 16:21 134,917 --a------ C:\WINDOWS\xxywur.dll 2007-06-27 15:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 15:37 134,917 --a------ C:\WINDOWS\gebbxx.dll 2007-06-27 12:20 59,427 --a------ C:\WINDOWS\system32\tmp3B.tmp.dll 2007-06-27 11:56 59,427 --a------ C:\WINDOWS\system32\tmp25.tmp.dll 2007-06-27 11:37 59,427 --a------ C:\WINDOWS\system32\tmp1E.tmp.dll 2007-06-27 11:12 49,252 --a------ C:\WINDOWS\system32\ddccy.exe 2007-06-27 10:51 49,252 --a------ C:\WINDOWS\system32\gebcy.exe 2007-06-27 10:44 59,427 --a------ C:\WINDOWS\system32\tmp7D.tmp.dll 2007-06-27 09:37 59,427 --a------ C:\WINDOWS\system32\tmp61.tmp.dll 2007-06-27 09:24 59,427 --a------ C:\WINDOWS\system32\tmp49.tmp.dll 2007-06-27 09:19 49,252 --a------ C:\WINDOWS\system32\gebyw.exe 2007-06-26 22:33 135,052 --a------ C:\WINDOWS\pmnkih.dll 2007-06-26 21:57 59,480 --a------ C:\WINDOWS\system32\tmp30F.tmp.dll 2007-06-26 21:25 59,480 --a------ C:\WINDOWS\system32\tmp306.tmp.dll 2007-06-26 20:48 59,480 --a------ C:\WINDOWS\system32\tmp2EE.tmp.dll 2007-06-26 20:42 49,252 --a------ C:\WINDOWS\system32\mljjk.exe 2007-06-26 20:19 135,052 --a------ C:\WINDOWS\vttssp.dll 2007-06-26 19:31 59,480 --a------ C:\WINDOWS\system32\tmp23A.tmp.dll 2007-06-26 18:33 59,480 --a------ C:\WINDOWS\system32\tmp1A2.tmp.dll 2007-06-26 17:13 59,480 --a------ C:\WINDOWS\system32\tmp15A.tmp.dll 2007-06-26 15:44 59,480 --a------ C:\WINDOWS\system32\tmp132.tmp.dll 2007-06-26 11:49 59,480 --a------ C:\WINDOWS\system32\tmpB0.tmp.dll 2007-06-26 11:24 59,480 --a------ C:\WINDOWS\system32\tmpA4.tmp.dll 2007-06-26 10:48 <DIR> d-------- C:\Program Files\SuperAdBlocker.com 2007-06-26 10:48 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SuperAdBlocker.com 2007-06-26 10:41 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-06-26 10:34 59,480 --a------ C:\WINDOWS\system32\tmp34.tmp.dll 2007-06-26 09:39 59,480 --a------ C:\WINDOWS\system32\tmp21.tmp.dll 2007-06-26 09:34 49,252 --a------ C:\WINDOWS\system32\pmkhi.exe 2007-06-25 23:07 49,252 --a------ C:\WINDOWS\system32\jkhhi.exe 2007-06-25 22:40 49,252 --a------ C:\WINDOWS\system32\vturs.exe 2007-06-25 21:44 135,052 --a------ C:\WINDOWS\geedeb.dll 2007-06-25 21:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 18:15 135,052 --a------ C:\WINDOWS\tuvtqo.dll 2007-06-25 17:38 135,052 --a------ C:\WINDOWS\xxxuvs.dll 2007-06-25 17:38 135,052 --a------ C:\WINDOWS\vttqpo.dll 2007-06-25 16:23 <DIR> d-------- C:\WINDOWS\McAfee.com 2007-06-25 15:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-06-25 13:44 <DIR> d-------- C:\WINDOWS\pss 2007-06-25 12:45 <DIR> d-------- C:\Program Files\Roguescanfix 2007-06-25 12:05 135,052 --a------ C:\WINDOWS\mlkklm.dll 2007-06-25 12:00 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\Program Files\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SiteAdvisor 2007-06-25 11:58 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-06-25 11:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-06-25 11:56 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-06-25 11:56 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-06-25 11:56 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-06-25 11:56 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-06-25 11:55 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-06-25 11:55 <DIR> d-------- C:\Program Files\McAfee.com 2007-06-25 11:54 <DIR> d-------- C:\Program Files\McAfee 2007-06-25 11:54 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-06-24 22:49 <DIR> d-------- C:\SDAT 2007-06-24 22:45 18,658,085 --a------ C:\sdat5059.exe 2007-06-24 22:37 4,020 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 22:25 557,056 --a------ C:\DOCUME~1\Alec\GoToAssist_phone__320_en.exe 2007-06-24 16:19 <DIR> d-------- C:\Program Files\MyWebSearch 2007-06-24 16:18 <DIR> d-------- C:\Program Files\FunWebProducts 2007-06-13 16:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\acccore 2007-06-13 16:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts 2007-06-11 21:13 <DIR> d--hs---- C:\WINDOWS\CSC 2007-06-02 22:09 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-02 17:58 <DIR> d-------- C:\Program Files\Symantec AntiVirus 2007-06-02 17:58 <DIR> d-------- C:\Program Files\Symantec 2007-06-02 17:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-02 17:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-06-01 18:52 <DIR> d-------- C:\VundoFix Backups 2007-05-30 20:24 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\McAfee 2007-05-30 19:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-30 19:39 <DIR> d-------- C:\Program Files\Promosoft Corporation 2007-05-30 18:19 59,480 --a------ C:\WINDOWS\system32\tmp97.tmp.dll 2007-05-30 16:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-30 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-30 16:41 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SUPERAntiSpyware.com 2007-05-28 20:36 225,280 --a------ C:\WINDOWS\system32\rewire.dll 2007-05-28 20:36 <DIR> d-------- C:\Program Files\VstPlugins 2007-05-28 20:33 <DIR> d-------- C:\Program Files\Image-Line (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-28 02:11:44 4,548 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-28 02:11:42 56 --sh--r C:\WINDOWS\system32\F3C9371233.sys 2007-06-27 22:26:20 -------- d-----w C:\Program Files\MSN Messenger 2007-06-27 21:31:29 -------- d-----w C:\Program Files\Google 2007-06-27 21:27:50 -------- d-----w C:\Program Files\Digital Line Detect 2007-06-27 21:27:49 -------- d-----w C:\Program Files\DellSupport 2007-06-27 21:23:54 -------- d-----w C:\Program Files\AIM6 2007-06-25 21:33:06 -------- d-----w C:\Program Files\Stardock 2007-06-25 21:28:21 -------- d-----w C:\Program Files\GhostSurf 2005 2007-06-25 21:18:21 -------- d-----w C:\Program Files\Common Files\Real 2007-06-25 03:42:15 -------- d-----w C:\Program Files\mIRC 2007-06-25 03:18:29 -------- d-----w C:\Program Files\GameSpy Arcade 2007-05-30 21:56:08 -------- d-----w C:\Program Files\LimeWire 2007-05-30 21:08:26 384 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb6334.dat 2007-05-30 20:36:44 194 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb8467.dat 2007-05-30 20:36:44 18,432 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb41.dat 2007-05-29 21:18:15 -------- d-----w C:\Program Files\Common Files\Download Manager 2007-05-25 01:45:05 -------- d-----w C:\Program Files\MUSICMATCH 2007-05-19 01:01:20 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\Lavasoft 2007-05-18 01:45:36 -------- d-----w C:\Program Files\Microsoft Games 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-12 19:57:20 177,408 ----a-w C:\outsound.bin 2007-05-12 15:51:21 -------- d-----w C:\Program Files\Microsoft Easy Assist 2007-04-26 00:15:44 182,745 ----a-w C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-03 19:12:42 513,152 ----a-w C:\WINDOWS\system32\WmaCDriverV32.sys 2007-03-17 14:30:56 56 --sh--r C:\WINDOWS\system32\5CF562FE09.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000000-6C30-11D8-9363-000AE6309654}=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll [2007-06-05 09:38] {ed652ace-34de-49de-8b5d-71c81e34d7fa}=C:\WINDOWS\system32\5E6tub.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 C:\WINDOWS\stsystra.exe] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-14 16:41] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 11:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-06 21:54] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24] "Aim6"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-06-05 09:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 12:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=c:\windows\system32\mlljgee.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\launcher\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf Contents of the 'Scheduled Tasks' folder 2007-06-25 15:55:31 C:\WINDOWS\tasks\McDefragTask.job 2007-06-25 15:55:28 C:\WINDOWS\tasks\McQcTask.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-28 11:32:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-28 11:36:54 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-28 11:36 --- E O F --- HIJACKTHIS LOG Logfile of HijackThis v1.99.1 Scan saved at 11:53:56 AM, on 6/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\OpenSA\Apache2\bin\Apache.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe C:\OpenSA\Apache2\bin\Apache.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: (no name) - {ed652ace-34de-49de-8b5d-71c81e34d7fa} - C:\WINDOWS\system32\5E6tub.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173546185312 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.webex.com/client/...ex/ieatgpc.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - AppInit_DLLs: c:\windows\system32\mlljgee.dll O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe |
|
|
|
|
06-28-2007, 08:43 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Hi Alec22, let's continue.
 Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Open notepad and copy/paste the text in the quotebox below into it: Code:
@echo off For %%g in ( C:\WINDOWS\awtqqq.dll C:\WINDOWS\gebbxx.dll C:\WINDOWS\geedeb.dll C:\WINDOWS\mlkklm.dll C:\WINDOWS\pmnkih.dll C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\jkhhi.exe C:\WINDOWS\system32\mljjk.exe c:\windows\system32\mlljgee.dll C:\WINDOWS\system32\pmkhi.exe C:\WINDOWS\system32\tmp12FE.tmp.dll C:\WINDOWS\system32\tmp132.tmp.dll C:\WINDOWS\system32\tmp1390.tmp.dll C:\WINDOWS\system32\tmp15A.tmp.dll C:\WINDOWS\system32\tmp1A2.tmp.dll C:\WINDOWS\system32\tmp1E.tmp.dll C:\WINDOWS\system32\tmp21.tmp.dll C:\WINDOWS\system32\tmp23A.tmp.dll C:\WINDOWS\system32\tmp25.tmp.dll C:\WINDOWS\system32\tmp2EE.tmp.dll C:\WINDOWS\system32\tmp306.tmp.dll C:\WINDOWS\system32\tmp30F.tmp.dll C:\WINDOWS\system32\tmp34.tmp.dll C:\WINDOWS\system32\tmp3B.tmp.dll C:\WINDOWS\system32\tmp415.tmp.dll C:\WINDOWS\system32\tmp49.tmp.dll C:\WINDOWS\system32\tmp61.tmp.dll C:\WINDOWS\system32\tmp7D.tmp.dll C:\WINDOWS\system32\tmp97.tmp.dll C:\WINDOWS\system32\tmpA4.tmp.dll C:\WINDOWS\system32\tmpB0.tmp.dll C:\WINDOWS\system32\vturs.exe C:\WINDOWS\tuvtqo.dll C:\WINDOWS\vttqpo.dll C:\WINDOWS\vttssp.dll C:\WINDOWS\xxxuvs.dll C:\WINDOWS\xxywur.dll ) do catchme -l nul -k %%g >nul For %%g in ( C:\WINDOWS\awtqqq.dll C:\WINDOWS\gebbxx.dll C:\WINDOWS\geedeb.dll C:\WINDOWS\mlkklm.dll C:\WINDOWS\pmnkih.dll C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\jkhhi.exe C:\WINDOWS\system32\mljjk.exe c:\windows\system32\mlljgee.dll C:\WINDOWS\system32\pmkhi.exe C:\WINDOWS\system32\tmp12FE.tmp.dll C:\WINDOWS\system32\tmp132.tmp.dll C:\WINDOWS\system32\tmp1390.tmp.dll C:\WINDOWS\system32\tmp15A.tmp.dll C:\WINDOWS\system32\tmp1A2.tmp.dll C:\WINDOWS\system32\tmp1E.tmp.dll C:\WINDOWS\system32\tmp21.tmp.dll C:\WINDOWS\system32\tmp23A.tmp.dll C:\WINDOWS\system32\tmp25.tmp.dll C:\WINDOWS\system32\tmp2EE.tmp.dll C:\WINDOWS\system32\tmp306.tmp.dll C:\WINDOWS\system32\tmp30F.tmp.dll C:\WINDOWS\system32\tmp34.tmp.dll C:\WINDOWS\system32\tmp3B.tmp.dll C:\WINDOWS\system32\tmp415.tmp.dll C:\WINDOWS\system32\tmp49.tmp.dll C:\WINDOWS\system32\tmp61.tmp.dll C:\WINDOWS\system32\tmp7D.tmp.dll C:\WINDOWS\system32\tmp97.tmp.dll C:\WINDOWS\system32\tmpA4.tmp.dll C:\WINDOWS\system32\tmpB0.tmp.dll C:\WINDOWS\system32\vturs.exe C:\WINDOWS\tuvtqo.dll C:\WINDOWS\vttqpo.dll C:\WINDOWS\vttssp.dll C:\WINDOWS\xxxuvs.dll C:\WINDOWS\xxywur.dll ) do ( catchme -l nul -c %%g "%%~g.vir" catchme -l nul -k "%%~g.vir" if exist "%%~g.vir" del /a/f "%%~g.vir" )>nul 2>&1 echo.Please submit the file, catchme.zip located on Desktop pause exit It should look like this:  Double click on Submit.bat & allow it to run This will generate a archive on your desktop, catchme.zip Please submit it to this site → http://www.bleepingcomputer.com/subm....php?channel=4 and include a link to this topic in the message. -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: O2 - BHO: (no name) - {ed652ace-34de-49de-8b5d-71c81e34d7fa} - C:\WINDOWS\system32\5E6tub.dll (file missing) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...1.0.0.15-3.cab O20 - AppInit_DLLs: c:\windows\system32\mlljgee.dll Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Please ensure Hidden files and folders are viewable: Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading: * select Show hidden files and folders. * Uncheck Hide protected operating system files (recommended) option. *Also, make sure there is no checkmark beside Hide file extensions for known file types. * Click OK. -------------------------------------------------------------------- Using 'My Computer', navigate to and delete the following Folders C:\Program Files\ MyWebSearch C:\Program Files\ FunWebProducts C:\ VundoFix Backups -------------------------------------------------------------------- Reboot your system. -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------------- Run a new scan with dss.exe. -------------------------------------------------------------------- Please include the following in your next reply: Panda results main.txt Update on system behavior I'm seeing remnants of Symantec on your system. What version did you have installed? |
|
|
|
|
06-29-2007, 07:21 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
I had Symantec Professional Edition, I would also like to note that before I have started to follow the steps, all of my pop-ups stopped the day before. Its still running slow, but no pop-ups :D I will follow the steps and get back to you.
|
|
|
|
|
06-29-2007, 07:30 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
Error Code when uploading the file:
Error 1: The filesize of your file exceeds our allowed maximum of 3MB. ERROR WHILE DELETING "mlljgee.dll" Last edited by Alec22; 06-29-2007 at 07:37 AM. |
|
|
|
|
06-29-2007, 12:13 PM
|
#8 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
I attached the two scans, overall my system feels way better, I am not sure If I have anything else running on it.
Incident Status Location Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products Potentially unwanted tool:application/mywebsearch Not disinfected hkey_current_user\software\MyWebSearch Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alec\Cookies\alec@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alec\Cookies\alec@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alec\Cookies\alec@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alec\Cookies\alec@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alec\Cookies\alec@atwola[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alec\Cookies\alec@casalemedia[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alec\Cookies\alec@com[1].txt Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Alec\Cookies\alec@date[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alec\Cookies\alec@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Alec\Cookies\alec@drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alec\Cookies\alec@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Alec\Cookies\alec@findwhat[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alec\Cookies\alec@mediaplex[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alec\Cookies\alec@searchportal.information[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alec\Cookies\alec@statcounter[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Alec\Cookies\alec@stats1.reliablestats[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Alec\Cookies\alec@systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Alec\Cookies\alec@winantivirus[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@www.errorsafe[1].txt Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[geedeb.dll] Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[mlkklm.dll] Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[pmnkih.dll] Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[tuvtqo.dll] Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[vttqpo.dll] Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[vttssp.dll] Spyware:Spyware/Vundo Not disinfected C:\Documents and Settings\Alec\Desktop\catchme.zip[xxxuvs.dll] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Alec\Desktop\ComboFix.exe[nircmd.exe] Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tmp10C.tmp.dll.vir Adware:Adware/eZula Not disinfected C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe[²ÑÇ] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Deckard's System Scanner v20070611.50 Run by Alec on 2007-06-29 at 13:19:47 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Alec.exe) ------------------------------------------------ Logfile of HijackThis v1.99.1 Scan saved at 1:20:28 PM, on 6/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\OpenSA\Apache2\bin\Apache.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\OpenSA\Apache2\bin\Apache.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\DellSupport\DSAgnt.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\MSN Messenger\livecall.exe C:\WINDOWS\system32\wisptis.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Alec\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\Alec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173546185312 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.webex.com/client/...ex/ieatgpc.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe -- Files created between 2007-05-29 and 2007-06-29 ----------------------------- 2007-06-27 21:38:04 134917 --a------ C:\WINDOWS\awtqqq.dll 2007-06-27 19:48:58 0 d-------- C:\ie-spyad 2007-06-27 19:21:41 0 d-------- C:\Program Files\SpywareBlaster 2007-06-27 16:21:02 134917 --a------ C:\WINDOWS\xxywur.dll 2007-06-27 15:52:50 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 15:37:23 134917 --a------ C:\WINDOWS\gebbxx.dll 2007-06-27 11:12:46 49252 --a------ C:\WINDOWS\system32\ddccy.exe 2007-06-27 10:51:19 49252 --a------ C:\WINDOWS\system32\gebcy.exe 2007-06-27 09:19:41 49252 --a------ C:\WINDOWS\system32\gebyw.exe 2007-06-26 22:33:01 135052 --a------ C:\WINDOWS\pmnkih.dll 2007-06-26 20:42:03 49252 --a------ C:\WINDOWS\system32\mljjk.exe 2007-06-26 20:19:18 135052 --a------ C:\WINDOWS\vttssp.dll 2007-06-26 10:48:58 0 d-------- C:\Documents and Settings\Alec\Application Data\SuperAdBlocker.com 2007-06-26 10:48:23 0 d-------- C:\Program Files\SuperAdBlocker.com 2007-06-26 10:41:18 0 d-------- C:\Program Files\NoAdware5.0 2007-06-26 09:34:19 49252 --a------ C:\WINDOWS\system32\pmkhi.exe 2007-06-25 23:07:12 49252 --a------ C:\WINDOWS\system32\jkhhi.exe 2007-06-25 22:40:07 49252 --a------ C:\WINDOWS\system32\vturs.exe 2007-06-25 21:44:34 135052 --a------ C:\WINDOWS\geedeb.dll 2007-06-25 21:07:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 18:15:46 135052 --a------ C:\WINDOWS\tuvtqo.dll 2007-06-25 17:38:19 135052 --a------ C:\WINDOWS\vttqpo.dll 2007-06-25 17:38:16 135052 --a------ C:\WINDOWS\xxxuvs.dll 2007-06-25 16:23:34 0 d-------- C:\WINDOWS\McAfee.com 2007-06-25 15:40:44 0 d-------- C:\WINDOWS\system32\LogFiles 2007-06-25 13:44:34 0 d-------- C:\WINDOWS\pss 2007-06-25 12:45:41 0 d-------- C:\Program Files\Roguescanfix 2007-06-25 12:05:21 135052 --a------ C:\WINDOWS\mlkklm.dll 2007-06-25 12:00:06 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Program Files\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-06-25 11:59:55 0 d-------- C:\Documents and Settings\Alec\Application Data\SiteAdvisor 2007-06-25 11:58:40 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL> 2007-06-25 11:55:02 0 d-------- C:\Program Files\McAfee.com 2007-06-25 11:54:47 0 d-------- C:\Program Files\Common Files\McAfee 2007-06-25 11:54:35 0 d-------- C:\Program Files\McAfee 2007-06-24 22:49:21 0 d-------- C:\SDAT 2007-06-24 22:45:22 18658085 --a------ C:\sdat5059.exe <Not Verified; McAfee, Inc.; McAfee Core Components> 2007-06-24 22:37:01 4020 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 22:25:15 557056 --a------ C:\Documents and Settings\Alec\GoToAssist_phone__320_en.exe <Not Verified; Citrix Online; GoToAssist> 2007-06-13 16:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\acccore 2007-06-13 16:09:42 0 d-------- C:\Documents and Settings\Administrator\Contacts 2007-06-11 21:51:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia 2007-06-11 21:13:27 0 d--hs---- C:\WINDOWS\CSC 2007-06-02 22:09:38 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-02 17:58:54 0 d-------- C:\Program Files\Symantec 2007-06-02 17:58:42 0 d-------- C:\Program Files\Symantec AntiVirus 2007-06-02 17:58:42 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-02 17:58:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-05-30 20:24:22 0 d-------- C:\Documents and Settings\Alec\Application Data\McAfee 2007-05-30 19:40:22 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2007-05-30 16:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-05-30 16:41:26 0 d-------- C:\Program Files\SUPERAntiSpyware 2007-05-30 16:41:24 0 d-------- C:\Documents and Settings\Alec\Application Data\SUPERAntiSpyware.com -- Find3M Report --------------------------------------------------------------- 2007-06-29 12:14:46 0 d-------- C:\Program Files\MSN Messenger 2007-06-29 11:42:40 0 d-------- C:\Program Files\Google 2007-06-29 11:40:00 0 d-------- C:\Program Files\Digital Line Detect 2007-06-29 11:40:00 0 d-------- C:\Program Files\DellSupport 2007-06-29 11:22:00 0 d-------- C:\Program Files\Dell 2007-06-29 11:21:21 0 d-------- C:\Program Files\AIM 2007-06-29 11:21:05 0 d-------- C:\Documents and Settings\Alec\Application Data\Aim 2007-06-29 10:50:10 81162 --a------ C:\logfile 2007-06-28 17:19:47 115200 --a------ C:\outsound.bin 2007-06-27 22:11:44 4548 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-27 22:11:42 56 -r-hs---- C:\WINDOWS\system32\F3C9371233.sys 2007-06-27 17:23:54 0 d-------- C:\Program Files\AIM6 2007-06-25 17:33:06 0 d-------- C:\Program Files\Stardock 2007-06-25 17:28:21 0 d-------- C:\Program Files\GhostSurf 2005 2007-06-25 17:18:21 0 d-------- C:\Program Files\Common Files\Real 2007-06-24 23:42:15 0 d-------- C:\Program Files\mIRC 2007-06-24 23:18:29 0 d-------- C:\Program Files\GameSpy Arcade 2007-05-30 17:56:08 0 d-------- C:\Program Files\LimeWire 2007-05-30 17:08:26 384 --a------ C:\Documents and Settings\Alec\Application Data\internaldb6334.dat 2007-05-30 16:36:44 194 --a------ C:\Documents and Settings\Alec\Application Data\internaldb8467.dat 2007-05-30 16:36:44 18432 --a------ C:\Documents and Settings\Alec\Application Data\internaldb41.dat 2007-05-29 17:43:46 0 d-------- C:\Program Files\VstPlugins 2007-05-29 17:42:28 0 d-------- C:\Program Files\Image-Line 2007-05-29 17:18:15 0 d-------- C:\Program Files\Common Files\Download Manager 2007-05-24 21:45:05 0 d-------- C:\Program Files\MUSICMATCH 2007-05-18 21:01:20 0 d-------- C:\Documents and Settings\Alec\Application Data\Lavasoft 2007-05-17 21:45:36 0 d-------- C:\Program Files\Microsoft Games 2007-05-12 11:51:21 0 d-------- C:\Program Files\Microsoft Easy Assist 2007-04-25 20:15:44 182745 --a------ C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe 2007-04-19 20:57:22 4 --a------ C:\WINDOWS\system32\5E6453 2007-04-03 15:12:42 513152 --a------ C:\WINDOWS\system32\WmaCDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver> -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000000-6C30-11D8-9363-000AE6309654} C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SigmatelSysTrayApp"="stsystra.exe" "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "Corel Photo Downloader"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe" "nwiz"="nwiz.exe /install" "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" "MskAgentexe"="C:\\Program Files\\McAfee\\MSK\\MskAgent.exe" "SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "Aim6"="" "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup" "Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet" "SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe" "SuperAdBlocker"="C:\\Program Files\\SuperAdBlocker.com\\Super Ad Blocker\\SAdBlock.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"="Narrator.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=dword:00000000 "NoColorChoice"=dword:00000000 "NoSizeChoice"=dword:00000000 "NoDispBackgroundPage"=dword:00000000 "NoDispScrSavPage"=dword:00000000 "NoDispCPL"=dword:00000000 "NoVisualStyleChoice"=dword:00000000 "NoDispSettingsPage"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=dword:00000000 "NoThemesTab"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"="" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D] Shell\AutoRun\command D:\launcher\autorun.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] Shell\AutoRun\command E:\setup.exe -- End of Deckard's System Scanner: finished at 2007-06-29 at 13:20:54 --------- Last edited by Ried; 06-29-2007 at 07:29 PM. |
|
|
|
|
06-29-2007, 07:45 PM
|
#9 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Hi Alec,
Your system is still sluggish because we have a bit more to do--we're almost there.  Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. *************************************************** Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry: O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk772MFUS Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Reboot your system. -------------------------------------------------------------------- Please run another online scan at Panda and save the results. -------------------------------------------------------------------- Run a scan with HijackThis and save the log. -------------------------------------------------------------------- Include the following in your next reply: C:\ComboFix.txt Panda results New HijackThis log What year was your Symantec Professional Edition? The reason I'm asking is so I can direct you to the proper uninstaller. |
|
|
|
|
|
06-30-2007, 04:56 AM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Alec, go here to upload the catchme.zip file as an attachment
http://www.thespykiller.co.uk/forum/index.php?board=1.0 Just press new topic (Make the subject: Files for sUBs from TSF ), fill in a short message & then press the browse button and then navigate to & select that file on your computer, then press the *Post* button to upload the file You DO NOT need to be a member to upload, anybody can upload the files You will not see the files that have been uploaded as they only show to the authorized users who can download them. He will be able to collect the file from there. |
|
|
|
|
07-01-2007, 02:48 PM
|
#12 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
Ok, I am back. The following logs are here
Combofix Panda Hijack "Alec" - 2007-06-29 23:26:52 - ComboFix 07-06-28.4 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Alec\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 ))))))))))))))))))))))))))))))) 2007-06-29 17:31 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2007-06-29 17:28 <DIR> d-------- C:\Program Files\RADVideo 2007-06-29 15:57 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-29 15:56 <DIR> d-------- C:\Program Files\Windows Live 2007-06-29 15:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller 2007-06-29 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-06-28 11:08 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-28 00:10 59,427 --a------ C:\WINDOWS\system32\tmp1390.tmp.dll 2007-06-27 21:38 134,917 --a------ C:\WINDOWS\awtqqq.dll 2007-06-27 21:06 <DIR> d-------- C:\Deckard 2007-06-27 21:01 59,427 --a------ C:\WINDOWS\system32\tmp12FE.tmp.dll 2007-06-27 19:48 <DIR> d-------- C:\ie-spyad 2007-06-27 19:21 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-27 16:25 59,427 --a------ C:\WINDOWS\system32\tmp415.tmp.dll 2007-06-27 16:21 134,917 --a------ C:\WINDOWS\xxywur.dll 2007-06-27 15:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 15:37 134,917 --a------ C:\WINDOWS\gebbxx.dll 2007-06-27 12:20 59,427 --a------ C:\WINDOWS\system32\tmp3B.tmp.dll 2007-06-27 11:56 59,427 --a------ C:\WINDOWS\system32\tmp25.tmp.dll 2007-06-27 11:37 59,427 --a------ C:\WINDOWS\system32\tmp1E.tmp.dll 2007-06-27 11:12 49,252 --a------ C:\WINDOWS\system32\ddccy.exe 2007-06-27 10:51 49,252 --a------ C:\WINDOWS\system32\gebcy.exe 2007-06-27 10:44 59,427 --a------ C:\WINDOWS\system32\tmp7D.tmp.dll 2007-06-27 09:37 59,427 --a------ C:\WINDOWS\system32\tmp61.tmp.dll 2007-06-27 09:24 59,427 --a------ C:\WINDOWS\system32\tmp49.tmp.dll 2007-06-27 09:19 49,252 --a------ C:\WINDOWS\system32\gebyw.exe 2007-06-26 22:33 135,052 --a------ C:\WINDOWS\pmnkih.dll 2007-06-26 21:57 59,480 --a------ C:\WINDOWS\system32\tmp30F.tmp.dll 2007-06-26 21:25 59,480 --a------ C:\WINDOWS\system32\tmp306.tmp.dll 2007-06-26 20:48 59,480 --a------ C:\WINDOWS\system32\tmp2EE.tmp.dll 2007-06-26 20:42 49,252 --a------ C:\WINDOWS\system32\mljjk.exe 2007-06-26 20:19 135,052 --a------ C:\WINDOWS\vttssp.dll 2007-06-26 19:31 59,480 --a------ C:\WINDOWS\system32\tmp23A.tmp.dll 2007-06-26 18:33 59,480 --a------ C:\WINDOWS\system32\tmp1A2.tmp.dll 2007-06-26 17:13 59,480 --a------ C:\WINDOWS\system32\tmp15A.tmp.dll 2007-06-26 15:44 59,480 --a------ C:\WINDOWS\system32\tmp132.tmp.dll 2007-06-26 11:49 59,480 --a------ C:\WINDOWS\system32\tmpB0.tmp.dll 2007-06-26 11:24 59,480 --a------ C:\WINDOWS\system32\tmpA4.tmp.dll 2007-06-26 10:48 <DIR> d-------- C:\Program Files\SuperAdBlocker.com 2007-06-26 10:48 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SuperAdBlocker.com 2007-06-26 10:41 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-06-26 10:34 59,480 --a------ C:\WINDOWS\system32\tmp34.tmp.dll 2007-06-26 09:39 59,480 --a------ C:\WINDOWS\system32\tmp21.tmp.dll 2007-06-26 09:34 49,252 --a------ C:\WINDOWS\system32\pmkhi.exe 2007-06-25 23:07 49,252 --a------ C:\WINDOWS\system32\jkhhi.exe 2007-06-25 22:40 49,252 --a------ C:\WINDOWS\system32\vturs.exe 2007-06-25 21:44 135,052 --a------ C:\WINDOWS\geedeb.dll 2007-06-25 21:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 18:15 135,052 --a------ C:\WINDOWS\tuvtqo.dll 2007-06-25 17:38 135,052 --a------ C:\WINDOWS\xxxuvs.dll 2007-06-25 17:38 135,052 --a------ C:\WINDOWS\vttqpo.dll 2007-06-25 16:23 <DIR> d-------- C:\WINDOWS\McAfee.com 2007-06-25 15:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-06-25 13:44 <DIR> d-------- C:\WINDOWS\pss 2007-06-25 12:45 <DIR> d-------- C:\Program Files\Roguescanfix 2007-06-25 12:05 135,052 --a------ C:\WINDOWS\mlkklm.dll 2007-06-25 12:00 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\Program Files\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SiteAdvisor 2007-06-25 11:58 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-06-25 11:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-06-25 11:56 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-06-25 11:56 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-06-25 11:56 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-06-25 11:56 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-06-25 11:55 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-06-25 11:55 <DIR> d-------- C:\Program Files\McAfee.com 2007-06-25 11:54 <DIR> d-------- C:\Program Files\McAfee 2007-06-25 11:54 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-06-24 22:49 <DIR> d-------- C:\SDAT 2007-06-24 22:45 18,658,085 --a------ C:\sdat5059.exe 2007-06-24 22:37 4,020 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 22:25 557,056 --a------ C:\DOCUME~1\Alec\GoToAssist_phone__320_en.exe 2007-06-13 16:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\acccore 2007-06-13 16:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts 2007-06-11 21:13 <DIR> d--hs---- C:\WINDOWS\CSC 2007-06-02 22:09 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-02 17:58 <DIR> d-------- C:\Program Files\Symantec AntiVirus 2007-06-02 17:58 <DIR> d-------- C:\Program Files\Symantec 2007-06-02 17:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-06-02 17:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-05-30 20:24 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\McAfee 2007-05-30 19:40 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-30 18:19 59,480 --a------ C:\WINDOWS\system32\tmp97.tmp.dll 2007-05-30 16:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-05-30 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-05-30 16:41 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SUPERAntiSpyware.com (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-29 15:42:40 -------- d-----w C:\Program Files\Google 2007-06-29 15:40:00 -------- d-----w C:\Program Files\Digital Line Detect 2007-06-29 15:40:00 -------- d-----w C:\Program Files\DellSupport 2007-06-29 15:29:13 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-29 15:22:00 -------- d-----w C:\Program Files\Dell 2007-06-29 15:21:21 -------- d-----w C:\Program Files\AIM 2007-06-29 15:21:05 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\Aim 2007-06-28 21:19:47 115,200 ----a-w C:\outsound.bin 2007-06-28 02:11:44 4,548 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-28 02:11:42 56 --sh--r C:\WINDOWS\system32\F3C9371233.sys 2007-06-27 21:23:54 -------- d-----w C:\Program Files\AIM6 2007-06-25 21:33:06 -------- d-----w C:\Program Files\Stardock 2007-06-25 21:28:21 -------- d-----w C:\Program Files\GhostSurf 2005 2007-06-25 21:18:21 -------- d-----w C:\Program Files\Common Files\Real 2007-06-25 03:42:15 -------- d-----w C:\Program Files\mIRC 2007-06-25 03:18:29 -------- d-----w C:\Program Files\GameSpy Arcade 2007-05-30 21:56:08 -------- d-----w C:\Program Files\LimeWire 2007-05-30 21:08:26 384 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb6334.dat 2007-05-30 20:36:44 194 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb8467.dat 2007-05-30 20:36:44 18,432 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb41.dat 2007-05-29 21:43:46 -------- d-----w C:\Program Files\VstPlugins 2007-05-29 21:42:28 -------- d-----w C:\Program Files\Image-Line 2007-05-29 21:18:15 -------- d-----w C:\Program Files\Common Files\Download Manager 2007-05-25 01:45:05 -------- d-----w C:\Program Files\MUSICMATCH 2007-05-19 01:01:20 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\Lavasoft 2007-05-18 01:45:36 -------- d-----w C:\Program Files\Microsoft Games 2007-05-17 17:09:54 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-12 15:51:21 -------- d-----w C:\Program Files\Microsoft Easy Assist 2007-04-26 00:15:44 182,745 ----a-w C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-03 19:12:42 513,152 ----a-w C:\WINDOWS\system32\WmaCDriverV32.sys 2007-03-17 14:30:56 56 --sh--r C:\WINDOWS\system32\5CF562FE09.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000000-6C30-11D8-9363-000AE6309654}=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll [2007-06-05 09:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 C:\WINDOWS\stsystra.exe] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-14 16:41] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 11:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-06 21:54] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11] "Aim6"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-06-05 09:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 12:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\launcher\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - USNJSVC *Newly Created Service* - WLSETUPSVC HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf Contents of the 'Scheduled Tasks' folder 2007-06-25 15:55:31 C:\WINDOWS\tasks\McDefragTask.job 2007-06-25 15:55:28 C:\WINDOWS\tasks\McQcTask.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-29 23:31:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-29 23:32:43 C:\ComboFix-quarantined-files.txt ... 2007-06-29 23:32 C:\ComboFix2.txt ... 2007-06-28 11:36 --- E O F --- Incident Status Location Potentially unwanted tool:application/funweb Not disinfected hkey_local_machine\software\Fun Web Products Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{A4730EBE-43A6-443e-9776-36915D323AD3} Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alec\Cookies\alec@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alec\Cookies\alec@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alec\Cookies\alec@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alec\Cookies\alec@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Alec\Cookies\alec@atwola[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Alec\Cookies\alec@casalemedia[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alec\Cookies\alec@com[1].txt Spyware:Cookie/Date Not disinfected C:\Documents and Settings\Alec\Cookies\alec@date[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alec\Cookies\alec@doubleclick[1].txt Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Alec\Cookies\alec@drivecleaner[2].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@errorsafe[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alec\Cookies\alec@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Alec\Cookies\alec@findwhat[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alec\Cookies\alec@mediaplex[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Alec\Cookies\alec@searchportal.information[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alec\Cookies\alec@statcounter[1].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Alec\Cookies\alec@stats1.reliablestats[1].txt Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Alec\Cookies\alec@systemdoctor[1].txt Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Alec\Cookies\alec@winantivirus[1].txt Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Alec\Cookies\alec@www.errorsafe[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Alec\Desktop\ComboFix.exe[nircmd.exe] Adware:Adware/WebSearch Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tmp10C.tmp.dll.vir Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[geedeb.dll] Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[mlkklm.dll] Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[pmnkih.dll] Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[tuvtqo.dll] Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[vttqpo.dll] Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[vttssp.dll] Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\catchme2007-06-29_233117.79.zip[xxxuvs.dll] Adware:Adware/eZula Not disinfected C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe[²ÑÇ] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe Logfile of HijackThis v1.99.1 Scan saved at 5:37:39 PM, on 7/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\OpenSA\Apache2\bin\Apache.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\OpenSA\Apache2\bin\Apache.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\PROGRA~1\McAfee\MPS\mps.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SiteAdvisor\6066\SAService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\Program Files\SiteAdvisor\6066\SiteAdv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\MPS\mpsevh.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aim6\anotify.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173546185312 O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microso.../TLIEFlash.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://aimprods01.webex.com/client/...ex/ieatgpc.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...59/mcfscan.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: McAfee Application Installer Cleanup (0053331183323682) (0053331183323682mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\005333~1.EXE (file missing) O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing) O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Last edited by Ried; 07-03-2007 at 09:58 AM. |
|
|
|
|
07-03-2007, 10:17 AM
|
#14 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Hi Alec, my apologies for the delay but I was busy this past weekend.
One more time ought to do it--my fault on that last run as I had typed Files:: instead of File::  Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Clear your Internet Explorer7 cookies. * Click on the Start button, then >Control Panel>Internet Options>General tab * Under Browsing History, click on Delete. * In the Delete Browsing History box that opens, click on Delete cookies -------------------------------------------------------------------- Please post the C:\ComboFix.txt in your next reply. |
|
|
|
|
|
07-03-2007, 05:57 PM
|
#15 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
Ok, here you go...
"Alec" - 2007-07-03 16:04:20 - ComboFix 07-06-28.4 - Service Pack 2 NTFS Command switches used :: C:\Documents and Settings\Alec\Desktop\ComboFix-Do.txt ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\4-efb7bab6499fc415ee93f4097033deae.exe C:\WINDOWS\awtqqq.dll C:\WINDOWS\gebbxx.dll C:\WINDOWS\geedeb.dll C:\WINDOWS\mlkklm.dll C:\WINDOWS\pmnkih.dll C:\WINDOWS\system32\ddccy.exe C:\WINDOWS\system32\gebcy.exe C:\WINDOWS\system32\gebyw.exe C:\WINDOWS\system32\jkhhi.exe C:\WINDOWS\system32\mljjk.exe C:\WINDOWS\system32\pmkhi.exe C:\WINDOWS\system32\tmp12FE.tmp.dll C:\WINDOWS\system32\tmp132.tmp.dll C:\WINDOWS\system32\tmp1390.tmp.dll C:\WINDOWS\system32\tmp15A.tmp.dll C:\WINDOWS\system32\tmp1A2.tmp.dll C:\WINDOWS\system32\tmp1E.tmp.dll C:\WINDOWS\system32\tmp21.tmp.dll C:\WINDOWS\system32\tmp23A.tmp.dll C:\WINDOWS\system32\tmp25.tmp.dll C:\WINDOWS\system32\tmp2EE.tmp.dll C:\WINDOWS\system32\tmp306.tmp.dll C:\WINDOWS\system32\tmp30F.tmp.dll C:\WINDOWS\system32\tmp34.tmp.dll C:\WINDOWS\system32\tmp3B.tmp.dll C:\WINDOWS\system32\tmp415.tmp.dll C:\WINDOWS\system32\tmp49.tmp.dll C:\WINDOWS\system32\tmp61.tmp.dll C:\WINDOWS\system32\tmp7D.tmp.dll C:\WINDOWS\system32\tmp97.tmp.dll C:\WINDOWS\system32\tmpA4.tmp.dll C:\WINDOWS\system32\tmpB0.tmp.dll C:\WINDOWS\system32\vturs.exe C:\WINDOWS\tuvtqo.dll C:\WINDOWS\vttqpo.dll C:\WINDOWS\vttssp.dll C:\WINDOWS\xxxuvs.dll C:\WINDOWS\xxywur.dll ((((((((((((((((((((((((( Files Created from 2007-06-03 to 2007-07-03 ))))))))))))))))))))))))))))))) 2007-07-03 00:01 92,160 --a------ C:\WINDOWS\rsver.dll 2007-07-02 16:15 69,632 --a------ C:\WINDOWS\winup32.exe 2007-07-02 16:15 69,120 --a------ C:\WINDOWS\hpeg.dll 2007-07-02 16:15 36,864 --a------ C:\WINDOWS\winusers.exe 2007-07-02 16:15 26 --a------ C:\WINDOWS\refsdm.dll 2007-07-02 16:15 106,496 --a------ C:\WINDOWS\msn64.exe 2007-07-02 16:15 <DIR> d-------- C:\WINDOWS\isas 2007-07-02 16:15 <DIR> d-------- C:\Program Files\Accessories 2007-06-29 17:31 <DIR> d-------- C:\Program Files\WinAVI Video Converter 2007-06-29 17:28 <DIR> d-------- C:\Program Files\RADVideo 2007-06-29 15:56 <DIR> d-------- C:\Program Files\Windows Live 2007-06-29 15:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller 2007-06-29 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller 2007-06-28 11:08 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-27 21:06 <DIR> d-------- C:\Deckard 2007-06-27 19:48 <DIR> d-------- C:\ie-spyad 2007-06-27 19:21 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-27 15:52 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-26 10:48 <DIR> d-------- C:\Program Files\SuperAdBlocker.com 2007-06-26 10:48 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SuperAdBlocker.com 2007-06-26 10:41 <DIR> d-------- C:\Program Files\NoAdware5.0 2007-06-25 21:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-25 16:23 <DIR> d-------- C:\WINDOWS\McAfee.com 2007-06-25 15:40 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-06-25 13:44 <DIR> d-------- C:\WINDOWS\pss 2007-06-25 12:45 <DIR> d-------- C:\Program Files\Roguescanfix 2007-06-25 12:00 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\Program Files\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor 2007-06-25 11:59 <DIR> d-------- C:\DOCUME~1\Alec\APPLIC~1\SiteAdvisor 2007-06-25 11:58 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll 2007-06-25 11:56 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2007-06-25 11:56 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys 2007-06-25 11:56 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2007-06-25 11:56 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys 2007-06-25 11:56 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2007-06-25 11:55 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys 2007-06-25 11:55 <DIR> d-------- C:\Program Files\McAfee.com 2007-06-25 11:54 <DIR> d-------- C:\Program Files\McAfee 2007-06-25 11:54 <DIR> d-------- C:\Program Files\Common Files\McAfee 2007-06-24 22:49 <DIR> d-------- C:\SDAT 2007-06-24 22:45 18,658,085 --a------ C:\sdat5059.exe 2007-06-24 22:37 4,020 --a------ C:\WINDOWS\system32\tmp.reg 2007-06-24 22:25 557,056 --a------ C:\DOCUME~1\Alec\GoToAssist_phone__320_en.exe 2007-06-13 16:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\acccore 2007-06-13 16:09 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts 2007-06-11 21:13 <DIR> d--hs---- C:\WINDOWS\CSC (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-30 05:09:01 -------- d-----w C:\Program Files\SUPERAntiSpyware 2007-06-30 04:39:44 -------- d-----w C:\Program Files\Google 2007-06-30 04:37:28 -------- d-----w C:\Program Files\Digital Line Detect 2007-06-29 15:40:00 -------- d-----w C:\Program Files\DellSupport 2007-06-29 15:29:13 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-29 15:22:00 -------- d-----w C:\Program Files\Dell 2007-06-29 15:21:21 -------- d-----w C:\Program Files\AIM 2007-06-29 15:21:05 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\Aim 2007-06-28 21:19:47 115,200 ----a-w C:\outsound.bin 2007-06-28 02:11:44 4,548 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-06-28 02:11:42 56 --sh--r C:\WINDOWS\system32\F3C9371233.sys 2007-06-27 21:23:54 -------- d-----w C:\Program Files\AIM6 2007-06-26 01:07:32 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\SUPERAntiSpyware.com 2007-06-25 21:33:06 -------- d-----w C:\Program Files\Stardock 2007-06-25 21:28:21 -------- d-----w C:\Program Files\GhostSurf 2005 2007-06-25 21:18:21 -------- d-----w C:\Program Files\Common Files\Real 2007-06-25 15:40:58 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-25 15:40:55 -------- d-----w C:\Program Files\Symantec 2007-06-25 15:40:53 -------- d-----w C:\Program Files\Symantec AntiVirus 2007-06-25 03:42:15 -------- d-----w C:\Program Files\mIRC 2007-06-25 03:18:29 -------- d-----w C:\Program Files\GameSpy Arcade 2007-06-03 02:09:38 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-06-01 12:20:30 51,568 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-05-31 00:24:22 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\McAfee 2007-05-30 21:56:08 -------- d-----w C:\Program Files\LimeWire 2007-05-30 21:08:26 384 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb6334.dat 2007-05-30 20:36:44 194 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb8467.dat 2007-05-30 20:36:44 18,432 ----a-w C:\DOCUME~1\Alec\APPLIC~1\internaldb41.dat 2007-05-29 21:43:46 -------- d-----w C:\Program Files\VstPlugins 2007-05-29 21:42:28 -------- d-----w C:\Program Files\Image-Line 2007-05-29 21:18:15 -------- d-----w C:\Program Files\Common Files\Download Manager 2007-05-25 01:45:05 -------- d-----w C:\Program Files\MUSICMATCH 2007-05-19 01:01:20 -------- d-----w C:\DOCUME~1\Alec\APPLIC~1\Lavasoft 2007-05-18 01:45:36 -------- d-----w C:\Program Files\Microsoft Games 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-12 15:51:21 -------- d-----w C:\Program Files\Microsoft Easy Assist 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 02:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 02:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-03 19:12:42 513,152 ----a-w C:\WINDOWS\system32\WmaCDriverV32.sys 2007-03-17 14:30:56 56 --sh--r C:\WINDOWS\system32\5CF562FE09.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {00000000-6C30-11D8-9363-000AE6309654}=C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll [2007-06-05 09:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 C:\WINDOWS\stsystra.exe] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44] "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 13:06] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-14 16:41] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2007-01-17 16:30] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [2007-03-30 11:42] "LiveUpdate"="C:\WINDOWS\isas\smss.exe" [2007-07-03 00:01] "LiveUpdate32"="C:\WINDOWS\isas\services.exe" [2007-07-03 00:01] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-06 21:54] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-06-01 08:21] "Aim6"="" [] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06] "SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-06-05 09:41] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoDispAppearancePage"=0 (0x0) "NoColorChoice"=0 (0x0) "NoSizeChoice"=0 (0x0) "NoDispBackgroundPage"=0 (0x0) "NoDispScrSavPage"=0 (0x0) "NoDispCPL"=0 (0x0) "NoVisualStyleChoice"=0 (0x0) "NoDispSettingsPage"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSaveSettings"=0 (0x0) "NoThemesTab"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL" [2006-11-07 12:58] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] AutoRun\command- D:\launcher\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - SJYPKT HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393 rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee} %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf Contents of the 'Scheduled Tasks' folder 2007-06-25 15:55:31 C:\WINDOWS\tasks\McDefragTask.job 2007-06-25 15:55:28 C:\WINDOWS\tasks\McQcTask.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-03 16:09:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-03 16:10:12 C:\ComboFix-quarantined-files.txt ... 2007-07-03 16:10 C:\ComboFix2.txt ... 2007-07-01 17:24 C:\ComboFix3.txt ... 2007-06-29 23:32 --- E O F --- |
|
|
|
|
07-03-2007, 08:38 PM
|
#16 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Hiya,
We have some new files and a folder than snuck onto your system yesterday. This infection is a backdoor trojan which may also attempt to log keystrokes. Until these logs come up clean, please do not use this computer to access any online banking, or other sites that would require your personal info. Once this is cleaned out, I highly recommend changing any login and password info. Open notepad and copy/paste the text in the quotebox below into it: Quote:
Refering to the picture above, drag ComboFix-Do.txt into ComboFix.exe Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- Due to this most recent infection, I'd like to use a different online scanner in this round. Perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
**Note for Internet Explorer 7 users** If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%. |
|
|
|
|
|
07-04-2007, 08:39 AM
|
#17 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
Ok, I haven't noticed any problems, except problems with Adobe Flash crashing, but I doubt that is related. No pop-ups anymore. Here is the log you requested.
|
|
|
|
|
07-04-2007, 09:25 PM
|
#18 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista
|
Re: Pop-ups, Slowness, Oh My!
Hi Alec,
Kaspersky is only reporting items that have been quarantined by ComboFix and in your System Restore. We'll take care of that now. Delete this folder: C:\QooBox ---------------------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: Reset hidden/system files and folders =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Ensure Windows Auto Update is Enabled *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Spyware Guard to catch and block spyware before it can execute. IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically.
|
|
|
|
|
07-05-2007, 06:13 AM
|
#19 (permalink) |
|
Registered User
Join Date: Jun 2007
Posts: 33
OS: Windows XP Media Center 2005
|
Re: Pop-ups, Slowness, Oh My!
Thanks! My computer is fine now!! :D I have 3 out of 4 of the following programs. I am going to remove SuperantiAd blocker. I will clear all logs off of my desktop into a special folder for future reference...Thanks again!!
|
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
