|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-06-2008, 01:47 AM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Constant popups; Many labeled Zedo
For several days I have been experiencing nearly constant pop-ups, many labeled with Zedo in the header bar. The popups appear in IE popup windows, even when I'm using Firefox (even if I don't launch IE). Some of the popups can only be closed by using "End Task" in Windows Task Manager.
Sometimes, Firefox is impacted also, and spontaneously shuts itself down without warning. Additionally, when booting up, my desktop now displays a completely gray screen momentarily before showing my normal wallpaper and desktop icons (this never happened before during boot-up), and when all the desktop icons display, they all show with an odd gray highlighting effect over each one. My Deckard Main log is copied and pasted in below, and the Deckard Extra log is attached. My Panda log is copied and pasted into a separate post following this one on this same thread, as I ran over the character limit for this posting when I tried adding it to this one. I would greatly appreciate any assistance you can provide. Thank you so much!! Deckard's System Scanner v20071014.68 Run by Mike on 2008-02-06 00:48:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- System Restore is disabled; attempting to re-enable...success. -- Last 1 Restore Point(s) -- 1: 2008-02-06 06:48:32 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. Total Physical Memory: 503 MiB (512 MiB recommended). -- HijackThis (run as Mike.exe) ------------------------------------------------ logfile has no content; running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-06 00:53:31 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\Program Files\McAfee.com\Agent\Mcdetect.exe C:\Program Files\McAfee.com\VSO\McShield.exe C:\WINDOWS\system32\WLTRAY.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\McAfee\SpamKiller\MSKAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\SM1bg.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\McAfee.com\Agent\McTskshd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\McAfee.com\VSO\McVSEscn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\S?mantec\msiexec.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Dell\QuickSet\NicConfigSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\WINDOWS\system32\hphipm11.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe C:\WINDOWS\ehome\ehmsas.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Mike\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: {78bd0c19-0f6d-533a-9dd4-961457964c95} - {59c46975-4169-4dd9-a335-d6f091c0db87} - C:\WINDOWS\system32\gusgipqq.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\ljjifgf.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {B41D64A8-F3DB-416C-9CE7-BA9C88AB5B6C} - C:\WINDOWS\system32\geebc.dll O2 - BHO: (no name) - {e582e41e-bff4-49b3-b2f2-dd569e8e80f0} - C:\WINDOWS\system32\dlmdeft.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\Program Files\McAfee.com\VSO\mcvsshl.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [341a3913] rundll32.exe "C:\WINDOWS\system32\lrxdrobp.dll",b O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\SMANTE~1\msiexec.exe" -vt yazb O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - C:\Program Files\McAfee\SpamKiller\McApfBHO.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.amaena.com (HKLM) O15 - Trusted Zone: *.avsystemcare.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: https://online.musicmatch.com (HKLM) O15 - Trusted Zone: *.onerateld.com (HKLM) O15 - Trusted Zone: *.safetydownload.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) O15 - Trusted Zone: *.trustedantivirus.com (HKLM) O15 - Trusted Zone: *.virusschlacht.com (HKLM) O15 - Trusted Zone: *.amaena.com (HKCU) O15 - Trusted Zone: *.avsystemcare.com (HKCU) O15 - Trusted Zone: *.gomyhit.com (HKCU) O15 - Trusted Zone: *.imagesrvr.com (HKCU) O15 - Trusted Zone: *.onerateld.com (HKCU) O15 - Trusted Zone: *.safetydownload.com (HKCU) O15 - Trusted Zone: *.storageguardsoft.com (HKCU) O15 - Trusted Zone: *.trustedantivirus.com (HKCU) O15 - Trusted Zone: *.virusschlacht.com (HKCU) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc3.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O20 - Winlogon Notify: ljjifgf - C:\WINDOWS\system32\ljjifgf.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\Mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - C:\Program Files\McAfee.com\VSO\McShield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\McTskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\Program Files\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\Program Files\McAfee\SpamKiller\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\hphipm11.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\system32\WLTRYSVC.EXE O24 - Desktop Component 0: - C:\Program Files\MSN\dibortoka.html -- End of file - 14182 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver> R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver> R1 intelppmm - c:\windows\system32\drivers\intelppmm.sys R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall> R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver> R2 Packet (Auto Internet Protocol) - c:\windows\system32\drivers\packet.sys <Not Verified; SingleClick Systems; Auto IP Protocol Driver> R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt> S2 DellBIOS - c:\windows\dellbios.sys (file missing) S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc> S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-02-05 21  46 268 --a------ C:\WINDOWS\Tasks\HP Usg Login.job2008-02-05 21 40 268 --a------ C:\WINDOWS\Tasks\HP Usg Daily.job2008-02-05 21:04:42 348 --a------ C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DELL-INSPIRON-Mike).job 2008-02-05 01:46:22 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-01-30 10:26:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2008-01-06 and 2008-02-06 ----------------------------- 2008-02-06 00:11:05 0 d-------- C:\ie-spyad_zo 2008-02-05 23:52:57 0 d-------- C:\Program Files\SpywareBlaster 2008-02-05 22:11:36 8576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys <Not Verified; Panda Software International; RKPavProc Driver> 2008-02-05 21:57:10 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 21:57:06 0 d-------- C:\WINDOWS\LastGood 2008-02-05 18:28:04 94272 --a------ C:\WINDOWS\system32\gusgipqq.dll 2008-02-04 18:30:42 88128 --a------ C:\WINDOWS\system32\lrxdrobp.dll 2008-02-04 18:27:42 93248 --a------ C:\WINDOWS\system32\xvgwrpbn.dll 2008-02-04 13:18:19 0 d-------- C:\Program Files\Trend Micro 2008-02-03 18:27:02 88640 --a------ C:\WINDOWS\system32\lsuggubn.dll 2008-02-03 18:24:51 92736 --a------ C:\WINDOWS\system32\shvfknqb.dll 2008-02-02 18:28:44 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe 2008-02-02 03:36:11 92736 --a------ C:\WINDOWS\system32\hillvguk.dll 2008-02-02 01:27:13 0 d-------- C:\Documents and Settings\Mike\.housecall6.6 2008-02-01 21:08:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-01 21:05:15 0 d-------- C:\Documents and Settings\Mike\Application Data\Lavasoft 2008-02-01 15:16:57 38400 --a------ C:\WINDOWS\system32\gebcbax.dll 2008-02-01 15:16:48 339713 --ahs---- C:\WINDOWS\system32\cbeeg.ini2 2008-02-01 15:16:39 326656 -----n--- C:\WINDOWS\system32\geebc.dll 2008-02-01 15:12:12 171520 --a------ C:\WINDOWS\system32\dlmdeft.dll 2008-02-01 15:12:05 0 d-------- C:\Program Files\S?mantec 2008-02-01 15:11:47 86016 --a------ C:\WINDOWS\system32\drivers\intelppmm.sys 2008-02-01 15:11:39 0 d-------- C:\WINDOWS\system32\rom1 2008-02-01 15:11:39 0 d-------- C:\WINDOWS\system32\lis6 2008-02-01 15:11:39 0 d-------- C:\WINDOWS\system32\kps5 2008-02-01 15:11:39 0 d-------- C:\WINDOWS\system32\geb3 2008-02-01 15:11:38 0 d-------- C:\WINDOWS\system32\tip4 2008-02-01 15:11:28 0 d-------- C:\WINDOWS\system32\nGpxx01 2008-02-01 15:11:26 38400 --a------ C:\WINDOWS\system32\ljjifgf.dll 2008-01-27 16:28:24 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-01-27 16:27:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2008-01-26 15:04:44 0 d-------- C:\WINDOWS\NKCCDViewerSetting 2008-01-26 13:53:56 0 d-------- C:\Documents and Settings\Mike\Application Data\Snapfish 2008-01-25 00:09:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-01-23 21:30:15 0 d-------- C:\Program Files\iPod 2008-01-16 12:36:51 0 d-------- C:\Program Files\QuickTime 2008-01-15 15:52:24 140800 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe -- Find3M Report --------------------------------------------------------------- 2008-02-05 23:13:10 0 d-------- C:\Program Files\Windows Defender 2008-02-05 23:12:26 0 d-------- C:\Program Files\S?mantec 2008-02-05 23:04:40 0 d-------- C:\Program Files\iTunes 2008-02-05 23:02:11 0 d-------- C:\Program Files\Google 2008-02-05 23:01:26 0 d-------- C:\Program Files\DIGStream 2008-02-05 23:01:25 0 d-------- C:\Program Files\DellSupport 2008-02-05 23:01:09 0 d-------- C:\Program Files\Dell Network Assistant 2008-02-02 18:28:44 0 d-------- C:\Program Files\Common Files 2008-02-01 23:56:57 0 d-------- C:\Program Files\Messenger 2008-02-01 21:09:20 0 d-------- C:\Program Files\Lavasoft 2008-02-01 21:03:19 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-29 12:07:58 0 d-------- C:\Program Files\Graboid 2008-01-26 13:53:55 3533 --a----c- C:\WINDOWS\mozver.dat 2008-01-26 13:08:39 0 d-------- C:\Documents and Settings\Mike\Application Data\Adobe 2007-12-10 22:42:18 73496 --a------ C:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59c46975-4169-4dd9-a335-d6f091c0db87}] 02/05/2008 06:28 PM 94272 --a------ C:\WINDOWS\system32\gusgipqq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98663E21-9CCE-4CF6-863C-911A9523A66F}] 02/01/2008 03:11 PM 38400 --a------ C:\WINDOWS\system32\ljjifgf.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B41D64A8-F3DB-416C-9CE7-BA9C88AB5B6C}] 02/01/2008 03:16 PM 326656 --------- C:\WINDOWS\system32\geebc.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e582e41e-bff4-49b3-b2f2-dd569e8e80f0}] 02/01/2008 03:12 PM 171520 --a------ C:\WINDOWS\system32\dlmdeft.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 07:08 AM] "SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 01:35 PM C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 10:56 AM] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 09:44 AM] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 09:44 AM] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 05:18 PM] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/11/2005 09:02 PM] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 05:29 PM] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 11:05 AM] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 03:16 PM] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 09:26 AM] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [08/10/2005 11:49 AM] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 04:00 PM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/03/2006 05:12 PM] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [04/13/2004 04:36 PM] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [08/27/2003 01:20 PM] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [05/31/2005 04:33 AM] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 01:01 PM] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 03:41 PM] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 03:45 PM] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 03:44 PM] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [01/06/2006 01:07 PM] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [01/06/2006 01:07 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/13/2007 06:54 AM] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM] "341a3913"="C:\WINDOWS\system32\lrxdrobp.dll" [02/04/2008 06:30 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 01:24 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [03/29/2007 11:20 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [12/07/2007 01:33 AM] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [11/13/2007 03:46 PM] "WebBuying"="C:\Program Files\Web Buying\v1.8.8\webbuying.exe" [] "Uaol"="C:\PROGRA~1\SMANTE~1\msiexec.exe" [02/01/2008 03:12 PM] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [7/16/2006 9:25:14 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= C:\Program Files\MSN\dibortoka.html FriendlyName= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{98663E21-9CCE-4CF6-863C-911A9523A66F}"= C:\WINDOWS\system32\ljjifgf.dll [02/01/2008 03:11 PM 38400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjifgf] ljjifgf.dll 02/01/2008 03:11 PM 38400 C:\WINDOWS\system32\ljjifgf.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geebc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe *Newly Created Service* - RKPAVPROC -- End of Deckard's System Scanner: finished at 2008-02-06 00:56:35 ------- |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-06-2008, 01:49 AM
|
#2 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
Here is my Panda log:
Incident Status Location Adware:Adware/PurityScan Not disinfected c:\progra~1\smante~1\msiexec.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ljjifgf.dll Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@adrevolver[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@casalemedia[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@findwhat[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@questionmarket[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@searchportal.information[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@statcounter[2].txt Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@tickle[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@tribalfusion[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cathy\Cookies\cathy@zedo[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@ad.yieldmanager[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@atdmt[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@mediaplex[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@statse.webtrendslive[2].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Cathy\Local Settings\Temp\Cookies\cathy@zedo[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.overture.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.atdmt.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.maxserving.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.advertising.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Isabel\Application Data\Mozilla\Firefox\Profiles\jssin2rr.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Isabel\Cookies\isabel@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Isabel\Cookies\isabel@atdmt[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Isabel\Cookies\isabel@casalemedia[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Isabel\Cookies\isabel@doubleclick[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.atdmt.com/] Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.advancedcleaner.com/] Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[advancedcleaner.com/] Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.advancedcleaner.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.atwola.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.advertising.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.zedo.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.go.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.apmebf.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.statcounter.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.anm.co.uk/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[server.iad.liveperson.net/hc/19452074] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.com.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.overture.com/] Spyware:Cookie/Smartadserver Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\380wmjpo.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@247realmedia[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ads.addynamix[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adtech[2].txt Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Mike\Cookies\mike@advancedcleaner[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Mike\Cookies\mike@advertising[1].txt Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@anm.co[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Cookies\mike@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Cookies\mike@atdmt[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Mike\Cookies\mike@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Mike\Cookies\mike@azjmp[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bluestreak[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bravenet[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mike\Cookies\mike@burstnet[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@casalemedia[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Mike\Cookies\mike@cgi-bin[3].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Mike\Cookies\mike@citi.bridgetrack[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@doubleclick[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Mike\Cookies\mike@enhance[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@fastclick[2].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Mike\Cookies\mike@findwhat[2].txt Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@goclick[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Mike\Cookies\mike@go[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Mike\Cookies\mike@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@realmedia[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Cookies\mike@revenue[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mike\Cookies\mike@searchportal.information[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stat.onestat[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statcounter[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Mike\Cookies\mike@target[1].txt Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Mike\Cookies\mike@tickle[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.burstbeacon[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mike\Cookies\mike@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Cookies\mike@zedo[1].txt Adware:Adware/Trymedia Not disinfected C:\Documents and Settings\Mike\Desktop\MathBlast5-7-dm.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@ad.yieldmanager[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@atdmt[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@statcounter[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@tribalfusion[1].txt Adware:Adware/MalwareAlarm Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\p2na3cvp.exe Adware:Adware/MalwareAlarm Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\sj7g1dr3.exe Virus:Trj/Downloader.PLF Disinfected C:\Documents and Settings\Mike\Local Settings\Temp\snapsnet.exe Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\yazzsnet.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\TDZJYG2T\install_en[1].exe Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.advertising.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.advertising.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.atdmt.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\qy3pu3ck.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sam\Cookies\sam@adtech[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sam\Cookies\sam@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sam\Cookies\sam@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sam\Cookies\sam@doubleclick[1].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Sam\Cookies\sam@realmedia[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Sam\Cookies\sam@statse.webtrendslive[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sam\Cookies\sam@tribalfusion[2].txt Adware:Adware/Yazzle Not disinfected C:\Program Files\Common Files\Yazzle1281OinAdmin.exe Adware:Adware/DnsInsider Not disinfected C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe Virus:Generic Malware Disinfected C:\Program Files\DIGStream\digstream.exe Adware:Adware/PurityScan Not disinfected C:\Program Files\S?mantec\msiexec.exe Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.advertising.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.tribalfusion.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.trafficmp.com/] Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[ad.yieldmanager.com/] Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.apmebf.com/] Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.mediaplex.com/] Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.fastclick.net/] Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.zedo.com/] Spyware:Cookie/Go Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.go.com/] Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.ehg-dig.hitbox.com/] Spyware:Cookie/Overture Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.overture.com/] Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.statcounter.com/] Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.casalemedia.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.questionmarket.com/] Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.realmedia.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.maxserving.com/] Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.adrevolver.com/] Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.burstnet.com/] Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.maxserving.com/] Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.burstnet.com/] Spyware:Cookie/Adrevolver Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.adrevolver.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[www.burstbeacon.com/] Spyware:Cookie/Adtech Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.adtech.de/] Spyware:Cookie/Linksynergy Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.linksynergy.com/] Spyware:Cookie/Overture Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.perf.overture.com/] Spyware:Cookie/NewMedia Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.anm.co.uk/] Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.atwola.com/] Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.ads.pointroll.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[statse.webtrendslive.com/] Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.247realmedia.com/] Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.bravenet.com/] Spyware:Cookie/AdDynamix Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.ads.addynamix.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[citi.bridgetrack.com/] Spyware:Cookie/Adserver Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.z1.adserver.com/] Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.bluestreak.com/] Spyware:Cookie/onestat.com Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[stat.onestat.com/] Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[.serving-sys.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\S-1-5-21-3147586477-803280977-592945388-1006\Dc7.txt[statse.webtrendslive.com/S109821] Virus:Trj/Downloader.SJM Disinfected C:\WINDOWS\17PHolmes572.exe Virus:Trj/Downloader.SJM Disinfected C:\WINDOWS\mrofinu1000106.exe Virus:Trj/Downloader.SJM Disinfected C:\WINDOWS\mrofinu572.exe Virus:Trj/Downloader.SJM Disinfected C:\WINDOWS\mrofinu572.exe.tmp Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gebcbax.dll Virus:Trj/Downloader.PLF Disinfected C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe |
|
|
|
|
02-06-2008, 09:18 AM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,962
OS: WinXP and Vista
|
Re: Constant popups; Many labeled Zedo
Hello manner99 and welcome,
This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix Link 1 Link 2 Link 3 **Note: It is important that it is saved directly to your desktop** -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries: O15 - Trusted Zone: *.amaena.com (HKLM) O15 - Trusted Zone: *.avsystemcare.com (HKLM) O15 - Trusted Zone: *.gomyhit.com (HKLM) O15 - Trusted Zone: *.imageservr.com (HKLM) O15 - Trusted Zone: *.imagesrvr.com (HKLM) O15 - Trusted Zone: https://online.musicmatch.com (HKLM) O15 - Trusted Zone: *.onerateld.com (HKLM) O15 - Trusted Zone: *.safetydownload.com (HKLM) O15 - Trusted Zone: *.storageguardsoft.com (HKLM) O15 - Trusted Zone: *.trustedantivirus.com (HKLM) O15 - Trusted Zone: *.virusschlacht.com (HKLM) O15 - Trusted Zone: *.amaena.com (HKCU) O15 - Trusted Zone: *.avsystemcare.com (HKCU) O15 - Trusted Zone: *.gomyhit.com (HKCU) O15 - Trusted Zone: *.imagesrvr.com (HKCU) O15 - Trusted Zone: *.onerateld.com (HKCU) O15 - Trusted Zone: *.safetydownload.com (HKCU) O15 - Trusted Zone: *.storageguardsoft.com (HKCU) O15 - Trusted Zone: *.trustedantivirus.com (HKCU) O15 - Trusted Zone: *.virusschlacht.com (HKCU) Click 'Fix Checked' and close HijackThis. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts.
|
|
|
|
|
02-07-2008, 09:18 PM
|
#4 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
I have downloaded Combofix and am about to run it, but in case this is important, wanted to let you know about one other strange thing that's started about the same time as these popups...
When starting Windows now, I get a warning dialog box entitled "Windows - No Disk" in its title bar, with the following verbiage: "Exception Processing Message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c" (without the quotes). In the dialog box, below that message, there are three buttons to choose from, labeled: "Cancel," "Try Again," and "Continue." So far, I have only tried clicking "Continue" and then Windows startup appears to continue as normal. I've attached a screen shot of the message/dialog box, in case it's important. Thanks! |
|
|
|
|
02-07-2008, 09:47 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,962
OS: WinXP and Vista
|
Re: Constant popups; Many labeled Zedo
Thank you for the added info. Please go ahead and run ComboFix.exe. We'll address that error message if it still remains when we're through.
|
|
|
|
|
02-08-2008, 01:29 AM
|
#6 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
ComboFix log and new HJT log are pasted in below; however, there was a screw-up... After running ComboFix the first time, it of course generated its log. Then unbeknownst to me, before I had a chance to post its log, someone ran ComboFix again and it appears to have overwritten its first log with the results of the second one. At least, I cannot find the first one. The only one I could locate was the second one, so that's what I've pasted in below. I'm so sorry this happened -- I hope it doesn't mess things up too badly.
ComboFix 08-02.05.3 - Mike 2008-02-08 2:02:40.2 - NTFSx86 Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) . 2008-02-07 22:38 . 2004-08-10 04:00 388,608 --a------ C:\kmd.exe 2008-02-07 22:06 . 2004-08-04 06:00 260,272 -r-hs---- C:\cmldr 2008-02-06 00:48 . 2008-02-06 00:48 <DIR> d-------- C:\Deckard 2008-02-06 00:11 . 2008-02-06 00:11 <DIR> d-------- C:\ie-spyad_zo 2008-02-05 23:52 . 2008-02-05 23:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-05 22:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys 2008-02-05 21:57 . 2008-02-05 23:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 21:57 . 2008-02-05 21:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-05 21:57 . 2008-02-05 21:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-05 21:57 . 2008-02-05 21:57 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-04 13:18 . 2008-02-04 13:18 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-02 01:27 . 2008-02-02 01:27 <DIR> d-------- C:\Documents and Settings\Mike\.housecall6.6 2008-02-01 21:08 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-01 21:05 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Lavasoft 2008-02-01 15:11 . 2008-02-01 22:21 <DIR> d-------- C:\WINDOWS\system32\tip4 2008-02-01 15:11 . 2008-02-01 15:22 <DIR> d-------- C:\WINDOWS\system32\rom1 2008-02-01 15:11 . 2008-02-05 23:26 <DIR> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-01 15:11 . 2008-02-01 23:56 <DIR> d-------- C:\WINDOWS\system32\lis6 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\WINDOWS\system32\kps5 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\WINDOWS\system32\geb3 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\temp\gTiis19 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\temp\cXzz9 2008-01-27 16:27 . 2008-01-27 16:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2008-01-26 15:04 . 2008-01-26 15:04 <DIR> d-------- C:\WINDOWS\NKCCDViewerSetting 2008-01-26 13:53 . 2008-01-26 13:54 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Snapfish 2008-01-25 00:09 . 2008-01-25 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-01-23 21:30 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\iPod 2008-01-16 12:36 . 2008-01-16 12:39 <DIR> d-------- C:\Program Files\QuickTime 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-08 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-06 05:13 --------- d-----w C:\Program Files\Windows Defender 2008-02-06 05:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-06 05:04 --------- d-----w C:\Program Files\iTunes 2008-02-06 05:02 --------- d-----w C:\Program Files\Google 2008-02-06 05:01 --------- d-----w C:\Program Files\DIGStream 2008-02-06 05:01 --------- d-----w C:\Program Files\DellSupport 2008-02-06 05:01 --------- d-----w C:\Program Files\Dell Network Assistant 2008-02-04 19:15 --------- d-----w C:\Documents and Settings\Cathy\Application Data\Skype 2008-02-02 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-02 03:09 --------- d-----w C:\Program Files\Lavasoft 2008-02-02 03:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-29 18:07 --------- d-----w C:\Program Files\Graboid 2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 04:42 73,496 ----a-w C:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24 20480] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 23:20 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 15:46 135168] "Uaol"="C:\PROGRA~1\SMANTE~1\msiexec.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 07:08 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 13:35 397312 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 10:56 761947] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 15:16 1121792] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26 110592] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00 1005096] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 16:36 1470464] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20 94208] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45 118784] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44 98304] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 13:07 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 13:07 348160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 06:54 185632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 22:28 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-07-16 21:25:14 124912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL S2 DellBIOS;DellBIOS;C:\WINDOWS\DellBIOS.Sys [] S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 22:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - GOOGLEDESKTOPMANAGER-093007-112848 . Contents of the 'Scheduled Tasks' folder "2008-02-06 16:26:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-08 04:57:56 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-02-08 04:57:57 C:\WINDOWS\Tasks\HP Usg Login.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-02-08 04:58:17 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DELL-INSPIRON-Mike).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe "2008-02-08 07:46:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 02:08:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-08 2:10:15 ComboFix-quarantined-files.txt 2008-02-08 08:09:57 ComboFix2.txt 2008-02-08 05:07:24 . 2008-01-09 09:04:04 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:13:08 AM, on 2/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\McAfee.com\VSO\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\SMANTE~1\msiexec.exe" -vt yazb O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11169 bytes |
|
|
|
|
02-08-2008, 07:14 AM
|
#7 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,962
OS: WinXP and Vista
|
Re: Constant popups; Many labeled Zedo
Quote:
Click Start>Run and copy/paste the following into the Run box and click OK. C:\Qoobox\ComboFix2.txt The ComboFix2.txt should open right up for you. Please post the contents in your next reply. |
|
|
|
|
|
02-08-2008, 04:14 PM
|
#8 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
Thank you, Ried. Your help is worth more than gold!
Here is the first ComboFix log: ComboFix 08-02.05.3 - Mike 2008-02-07 22:41:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.213 [GMT -6:00] Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\intelppmm.sys C:\WINDOWS\system32\geebc.dll C:\WINDOWS\system32\ljjifgf.dll C:\Documents and Settings\Mike\g2mdlhlpx.exe C:\Program Files\Common Files\Yazzle1281OinAdmin.exe C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe C:\Program Files\MSN\dibortoka.html C:\Program Files\smante~1 C:\Program Files\smante~1\msiexec.exe C:\Program Files\smante~1\S?mantec\ C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\cookies.ini C:\WINDOWS\system32\cbeeg.ini C:\WINDOWS\system32\cbeeg.ini2 C:\WINDOWS\system32\dlmdeft.dll C:\WINDOWS\system32\drivers\core.cache(2).dsk C:\WINDOWS\system32\drivers\core.cache(3).dsk C:\WINDOWS\system32\drivers\core.cache(4).dsk C:\WINDOWS\system32\drivers\core.cache(5).dsk C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\intelppmm.sys C:\WINDOWS\system32\dtiijeaw.ini C:\WINDOWS\system32\gebcbax.dll C:\WINDOWS\system32\geebc.dll C:\WINDOWS\system32\guplbsiw.ini C:\WINDOWS\system32\gusgipqq.dll C:\WINDOWS\system32\hhhhoorv.dll C:\WINDOWS\system32\hillvguk.dll C:\WINDOWS\system32\ljjifgf.dll C:\WINDOWS\system32\lqwagmrr.dll C:\WINDOWS\system32\lsuggubn.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\nbuggusl.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pbordxrl.ini C:\WINDOWS\system32\shtnpkda.ini C:\WINDOWS\system32\shvfknqb.dll C:\WINDOWS\system32\wisblpug.dll C:\WINDOWS\system32\xvgwrpbn.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_INTELPPMM -------\intelppmm -------\nm ((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))) . 2008-02-07 22:06 . 2004-08-04 06:00 260,272 -r-hs---- C:\cmldr 2008-02-06 00:48 . 2008-02-06 00:48 <DIR> d-------- C:\Deckard 2008-02-06 00:11 . 2008-02-06 00:11 <DIR> d-------- C:\ie-spyad_zo 2008-02-05 23:52 . 2008-02-05 23:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-05 22:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys 2008-02-05 21:57 . 2008-02-05 23:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 21:57 . 2008-02-05 21:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-05 21:57 . 2008-02-05 21:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-05 21:57 . 2008-02-05 21:57 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-04 13:18 . 2008-02-04 13:18 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-02 01:27 . 2008-02-02 01:27 <DIR> d-------- C:\Documents and Settings\Mike\.housecall6.6 2008-02-01 21:08 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-01 21:05 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Lavasoft 2008-02-01 15:11 . 2008-02-01 22:21 <DIR> d-------- C:\WINDOWS\system32\tip4 2008-02-01 15:11 . 2008-02-01 15:22 <DIR> d-------- C:\WINDOWS\system32\rom1 2008-02-01 15:11 . 2008-02-05 23:26 <DIR> d-------- C:\WINDOWS\system32\nGpxx01 2008-02-01 15:11 . 2008-02-01 23:56 <DIR> d-------- C:\WINDOWS\system32\lis6 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\WINDOWS\system32\kps5 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\WINDOWS\system32\geb3 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\temp\gTiis19 2008-02-01 15:11 . 2008-02-01 15:11 <DIR> d-------- C:\temp\cXzz9 2008-01-27 16:27 . 2008-01-27 16:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2008-01-26 15:04 . 2008-01-26 15:04 <DIR> d-------- C:\WINDOWS\NKCCDViewerSetting 2008-01-26 13:53 . 2008-01-26 13:54 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Snapfish 2008-01-25 00:09 . 2008-01-25 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-01-23 21:30 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\iPod 2008-01-16 12:36 . 2008-01-16 12:39 <DIR> d-------- C:\Program Files\QuickTime 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-08 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-06 05:13 --------- d-----w C:\Program Files\Windows Defender 2008-02-06 05:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-06 05:04 --------- d-----w C:\Program Files\iTunes 2008-02-06 05:02 --------- d-----w C:\Program Files\Google 2008-02-06 05:01 --------- d-----w C:\Program Files\DIGStream 2008-02-06 05:01 --------- d-----w C:\Program Files\DellSupport 2008-02-06 05:01 --------- d-----w C:\Program Files\Dell Network Assistant 2008-02-04 19:15 --------- d-----w C:\Documents and Settings\Cathy\Application Data\Skype 2008-02-02 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-02 03:09 --------- d-----w C:\Program Files\Lavasoft 2008-02-02 03:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-29 18:07 --------- d-----w C:\Program Files\Graboid 2007-12-11 04:42 73,496 ----a-w C:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24 20480] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 23:20 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 15:46 135168] "Uaol"="C:\PROGRA~1\SMANTE~1\msiexec.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 07:08 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 13:35 397312 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 10:56 761947] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 15:16 1121792] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26 110592] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00 1005096] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 16:36 1470464] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20 94208] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45 118784] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44 98304] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 13:07 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 13:07 348160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 06:54 185632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 22:28 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-07-16 21:25:14 124912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL "LoadAppInit_DLLs"=1 (0x1) S2 DellBIOS;DellBIOS;C:\WINDOWS\DellBIOS.Sys [] S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 22:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe *Newly Created Service* - GOOGLEDESKTOPMANAGER-093007-112848 . Contents of the 'Scheduled Tasks' folder "2008-02-06 16:26:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-08 04:57:56 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-02-08 04:57:57 C:\WINDOWS\Tasks\HP Usg Login.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-02-08 04:58:17 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DELL-INSPIRON-Mike).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe "2008-02-07 07:46:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-07 22:58:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-02-07 23:07:23 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-08 05:07:11 . 2008-01-09 09:04:04 --- E O F --- |
|
|
|
|
02-08-2008, 04:29 PM
|
#9 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
Status update: All of the annoying popups have stopped. The weird gray highlighting effect of all of my desktop icons still remains.
One other thing -- probably doesn't matter, but I'll mention just in case... Before running ComboFix, I followed your instructions to have HijackThis run "Do a System Scan Only" and then fix the items listed in your instructions. However, the list generated at that time by HJT did not match the list of O15 items in your instructions. I checked all of the checkboxes next to all of the 015 items and clicked "Fix Checked." However, since all the items you specified weren't on the list, I took a screen shot so you could see what exactly was there. It's attached to this post. Thanks again! Manner99 |
|
|
|
|
02-08-2008, 06:08 PM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,962
OS: WinXP and Vista
|
Re: Constant popups; Many labeled Zedo
You're welcome manner99, and thank you for the thorough response.
 Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Code:
Folder:: C:\WINDOWS\system32\tip4 C:\WINDOWS\system32\rom1 C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\lis6 C:\WINDOWS\system32\kps5 C:\WINDOWS\system32\geb3 C:\temp Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uaol"=-  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------------- This step should fix the desktop icon problem: Next go to Control Panel click Display>Desktop>Customize Desktop>Web>
-------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component.
--------------------------------------------------------------- Run a new scan with HijackThis and save the log. --------------------------------------------------------------- Please include the following in your next reply: C:\ComboFix.txt Kaspersky results New HijackThis log Update on system behavior Last edited by Ried; 02-08-2008 at 06:10 PM. |
|
|
|
|
02-08-2008, 11:18 PM
|
#11 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
Ried,
Completed new ComboFix scan, Kaspersky scan, and HJT scan. The three logs are pasted in below, in that order. System status appears completely back to normal: Popups have stopped, "Windows No Disk" warning no longer appears upon boot-up, and the strange gray "highlighting" effect on all of my desktop icons has disappeared as well. What is our next step? Thanks again for taking the time to help, Manner99 ComboFix 08-02.05.3 - Mike 2008-02-08 20:42:37.3 - NTFSx86 Running from: C:\Documents and Settings\Mike\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Mike\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\temp C:\temp\bar.xml C:\temp\gTiis19\lTig.log C:\temp\PHOTOS.ini C:\temp\photosmart\autorun.inf C:\temp\photosmart\ccc\270615USAM.EXE C:\temp\photosmart\ccc\enu\240075.exe C:\temp\photosmart\ccc\enu\Q256858_W2K_SP1_x86.EXE C:\temp\photosmart\ccc\enu\Q283787_W2K_SP3_x86.EXE C:\temp\photosmart\ccc\hphc3204.dll C:\temp\photosmart\ccc\HPHmdl11.dat C:\temp\photosmart\ccc\hppatch.exe C:\temp\photosmart\ccc\Q283787_W2K_SP3_x86_en.EXE C:\temp\photosmart\ccc\SysReq.exe C:\temp\photosmart\ccc\usbready.exe C:\temp\photosmart\ccc\usbview.exe C:\temp\photosmart\compinfo.txt C:\temp\photosmart\enu\congrats\animate.jz C:\temp\photosmart\enu\congrats\CONGRA~1.HTZ C:\temp\photosmart\enu\congrats\images\ATTENT~1.GIZ C:\temp\photosmart\enu\congrats\images\buenos1.jpz C:\temp\photosmart\enu\congrats\images\buy_off.giz C:\temp\photosmart\enu\congrats\images\buy_on.giz C:\temp\photosmart\enu\congrats\images\CHIKLE~1.JPZ C:\temp\photosmart\enu\congrats\images\CLICK_~1.GIZ C:\temp\photosmart\enu\congrats\images\FOR_DO~1.GIZ C:\temp\photosmart\enu\congrats\images\FOR_PH~1.GIZ C:\temp\photosmart\enu\congrats\images\home_off.giz C:\temp\photosmart\enu\congrats\images\home_on.giz C:\temp\photosmart\enu\congrats\images\HP_CAN~1.GIZ C:\temp\photosmart\enu\congrats\images\logo.giz C:\temp\photosmart\enu\congrats\images\PRODSE~1.GIZ C:\temp\photosmart\enu\congrats\images\PRODSE~2.GIZ C:\temp\photosmart\enu\congrats\images\SOLUTI~1.GIZ C:\temp\photosmart\enu\congrats\images\SOLUTI~2.GIZ C:\temp\photosmart\enu\congrats\images\SUPPOR~1.GIZ C:\temp\photosmart\enu\congrats\images\SUPPOR~2.GIZ C:\temp\photosmart\enu\congrats\images\TINMAN~1.GIZ C:\temp\photosmart\enu\congrats\images\vssver.scz C:\temp\photosmart\enu\congrats\print.jz C:\temp\photosmart\enu\congrats\TEST_P~1.HTZ C:\temp\photosmart\enu\drivers\win2k_xp\hph130.dat C:\temp\photosmart\enu\drivers\win2k_xp\hph230.dat C:\temp\photosmart\enu\drivers\win2k_xp\hph7150.dat C:\temp\photosmart\enu\drivers\win2k_xp\hph7345.dat C:\temp\photosmart\enu\drivers\win2k_xp\hph7350.dat C:\temp\photosmart\enu\drivers\win2k_xp\hph7550.dat C:\temp\photosmart\enu\drivers\win2k_xp\hphp2k11.cat C:\temp\photosmart\enu\drivers\win2k_xp\hphp2k11.inf C:\temp\photosmart\enu\drivers\win2k_xp\Hphpht04.hlp C:\temp\photosmart\enu\drivers\win2k_xp\hpz2ku07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzcfg07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzcoi07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzcon07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzeng07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzflt07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzimb07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzimc07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzime07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzimp07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzjui07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzlnt07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzntp07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzpcl07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzpre07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzr3207.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzres07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzrp307.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzslk07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzsnt07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzstc07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzstw07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpztbi07.dl_ C:\temp\photosmart\enu\drivers\win2k_xp\hpztbu07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpztbx07.ex_ C:\temp\photosmart\enu\drivers\win2k_xp\hpzvip07.dl_ C:\temp\photosmart\enu\nt4\Disk1\congrat.bmz C:\temp\photosmart\enu\nt4\Disk1\hpfinsta.exz C:\temp\photosmart\enu\nt4\Disk1\hpfsched.exz C:\temp\photosmart\enu\nt4\Disk1\hpsetup.ini C:\temp\photosmart\enu\nt4\Disk1\inline.bmz C:\temp\photosmart\enu\nt4\Disk1\intro.bmz C:\temp\photosmart\enu\nt4\Disk1\license.bmz C:\temp\photosmart\enu\nt4\Disk1\makedisk.bmz C:\temp\photosmart\enu\nt4\Disk1\nt4\apps.hpz C:\temp\photosmart\enu\nt4\Disk1\nt4\autoload.hpi C:\temp\photosmart\enu\nt4\Disk1\nt4\congrats.hpz C:\temp\photosmart\enu\nt4\Disk1\nt4\driver.hpz C:\temp\photosmart\enu\nt4\Disk1\nt4\ereg.hpz C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfaicm.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfinst.dlz C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfiui.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfldr.exe C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfldr.ini C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfmicm.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfsplsh.exe C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfsplsh.ini C:\temp\photosmart\enu\nt4\Disk1\nt4\hpfxicm.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\Hphc3204.dlz C:\temp\photosmart\enu\nt4\Disk1\nt4\Hphghl04.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\hphmdl11.dat C:\temp\photosmart\enu\nt4\Disk1\nt4\hphmon04.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\hphsav04.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\Hphuni04.exe C:\temp\photosmart\enu\nt4\Disk1\nt4\Hphver04.exe C:\temp\photosmart\enu\nt4\Disk1\nt4\hpinfo.daz C:\temp\photosmart\enu\nt4\Disk1\nt4\Hpzglu07.exz C:\temp\photosmart\enu\nt4\Disk1\nt4\inc.hpz C:\temp\photosmart\enu\nt4\Disk1\nt4\install.hpz C:\temp\photosmart\enu\nt4\Disk1\nt4\license.txt C:\temp\photosmart\enu\nt4\Disk1\nt4\master.hpz C:\temp\photosmart\enu\nt4\Disk1\oval.bmp C:\temp\photosmart\enu\nt4\Disk1\pflic.txz C:\temp\photosmart\enu\nt4\Disk1\port.bmz C:\temp\photosmart\enu\nt4\Disk1\printer.bmp C:\temp\photosmart\enu\nt4\Disk1\printpcl.exz C:\temp\photosmart\enu\nt4\Disk1\prnmask.bmp C:\temp\photosmart\enu\nt4\Disk1\restart.bmz C:\temp\photosmart\enu\nt4\Disk1\runapps.bmz C:\temp\photosmart\enu\nt4\Disk1\setup.exe C:\temp\photosmart\enu\nt4\Disk1\status.bmz C:\temp\photosmart\enu\nt4\Disk1\unstall.bmz C:\temp\photosmart\enu\nt4\Disk1\usb.bmz C:\temp\photosmart\hohioins.ini C:\temp\photosmart\hpfpnp.dll C:\temp\photosmart\hpfpnp.ini C:\temp\photosmart\hphbrx11.pdr C:\temp\photosmart\hphc3204.dll C:\temp\photosmart\hphglu11.cat C:\temp\photosmart\hphglu11.inf C:\temp\photosmart\hphid411.cat C:\temp\photosmart\hphid411.inf C:\temp\photosmart\HPHid411.sys C:\temp\photosmart\hphidr11.dll C:\temp\photosmart\hphimn11.dll C:\temp\photosmart\HPHipa11.sys C:\temp\photosmart\hphipm11.exe C:\temp\photosmart\hphipr11.cat C:\temp\photosmart\hphipr11.dll C:\temp\photosmart\hphipr11.inf C:\temp\photosmart\HPHipr11.sys C:\temp\photosmart\hphius11.cat C:\temp\photosmart\hphius11.inf C:\temp\photosmart\HPHius11.sys C:\temp\photosmart\hphmdl11.dat C:\temp\photosmart\HphPar98.vxd C:\temp\photosmart\hphpsu11.cat C:\temp\photosmart\hphpsu11.inf C:\temp\photosmart\HPHs9X11.nms C:\temp\photosmart\HPHs9X11.sys C:\temp\photosmart\hphstr11.cat C:\temp\photosmart\hphstr11.inf C:\temp\photosmart\hphuci04.dll C:\temp\photosmart\hpsetup.ini C:\temp\photosmart\hpzglu07.exe C:\temp\photosmart\hpzjlog.dll C:\temp\photosmart\hpzjpp01.dll C:\temp\photosmart\hpzjut01.dll C:\temp\photosmart\hpzjvp01.dll C:\temp\photosmart\msvcirt.dll C:\temp\photosmart\msvcrt.dll C:\temp\photosmart\Patch\Uninst\enu\hphuni03.exz C:\temp\photosmart\readme\enu\Readme.txt C:\temp\photosmart\readme\enu\WebUpdat.txt C:\temp\photosmart\setup.exe C:\temp\photosmart\tls704d.dll C:\temp\photosmart\UsageApp\css\usg.css C:\temp\photosmart\UsageApp\enu\Usg-done.htm C:\temp\photosmart\UsageApp\enu\Usg-note.txt C:\temp\photosmart\UsageApp\enu\Usg-quit.htm C:\temp\photosmart\UsageApp\enu\Usg-stop.htm C:\temp\photosmart\UsageApp\enu\USG-WE~1.HTM C:\temp\photosmart\UsageApp\Hphpml.ini C:\temp\photosmart\UsageApp\Hphusg04.exe C:\temp\photosmart\UsageApp\htc\BUTTON~1.HTC C:\temp\photosmart\UsageApp\htc\DATASE~1.HTC C:\temp\photosmart\UsageApp\htc\IMAGE3~1.HTC C:\temp\photosmart\UsageApp\htc\rollover.htc C:\temp\photosmart\UsageApp\img\global\FILLET~1.BMP C:\temp\photosmart\UsageApp\img\global\FILLET~2.BMP C:\temp\photosmart\UsageApp\img\global\FILLET~3.BMP C:\temp\photosmart\UsageApp\img\global\FILLET~4.BMP C:\temp\photosmart\UsageApp\img\logo.bmp C:\temp\photosmart\util\Hid\hphghl04.exe C:\temp\photosmart\util\Hid\hphpdi04.exe C:\temp\photosmart\util\Hid\hphsus11.inz C:\temp\photosmart\verinfo.txt C:\temp\photosmart\w2kio\HPHid411.sys C:\temp\photosmart\w2kio\HPHidr11.dll C:\temp\photosmart\w2kio\HPHipm11.exe C:\temp\photosmart\w2kio\HPHipr11.dll C:\temp\photosmart\w2kio\HPHipr11.sys C:\temp\photosmart\w2kio\HPHius11.sys C:\temp\photosmart\w2kio\HPHs2k11.nms C:\temp\photosmart\w2kio\HPHs2k11.sys C:\temp\photosmart\WebUpdat\HP041B~1.DLL C:\temp\photosmart\WebUpdat\HP0645~1.DLL C:\temp\photosmart\WebUpdat\HP0647~1.DLL C:\temp\photosmart\WebUpdat\HP101B~1.DLL C:\temp\photosmart\WebUpdat\HPF349~1.DLL C:\temp\photosmart\WebUpdat\HPF933~1.DLL C:\temp\photosmart\WebUpdat\HPFD33~1.DLL C:\temp\photosmart\WebUpdat\hphwup04.exe C:\temp\photosmart\WebUpdat\HPODIN~1.DLL C:\temp\photosmart\WebUpdat\HPODIN~2.DLL C:\temp\photosmart\WebUpdat\HPODIN~3.DLL C:\temp\photosmart\WebUpdat\HPODIN~4.DLL C:\temp\photosmart\WebUpdat\hpodinet.dll C:\WINDOWS\system32\geb3 C:\WINDOWS\system32\geb3\pacomsdll33.exe C:\WINDOWS\system32\kps5 C:\WINDOWS\system32\kps5\covstadcom7.exe C:\WINDOWS\system32\lis6 C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\rom1 C:\WINDOWS\system32\rom1\pawedriver4.exe C:\WINDOWS\system32\tip4 . ((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))) . 2008-02-08 02:01 . 2004-08-10 04:00 388,608 --a------ C:\kmd.exe 2008-02-07 22:06 . 2004-08-04 06:00 260,272 -r-hs---- C:\cmldr 2008-02-06 00:48 . 2008-02-06 00:48 <DIR> d-------- C:\Deckard 2008-02-06 00:11 . 2008-02-06 00:11 <DIR> d-------- C:\ie-spyad_zo 2008-02-05 23:52 . 2008-02-05 23:56 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-02-05 22:11 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys 2008-02-05 21:57 . 2008-02-05 23:23 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-02-05 21:57 . 2008-02-05 21:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-02-05 21:57 . 2008-02-05 21:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-05 21:57 . 2008-02-05 21:57 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-02-04 13:18 . 2008-02-04 13:18 <DIR> d-------- C:\Program Files\Trend Micro 2008-02-02 01:27 . 2008-02-02 01:27 <DIR> d-------- C:\Documents and Settings\Mike\.housecall6.6 2008-02-01 21:08 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-01 21:05 . 2008-02-01 21:09 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Lavasoft 2008-01-27 16:27 . 2008-01-27 16:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback 2008-01-26 15:04 . 2008-01-26 15:04 <DIR> d-------- C:\WINDOWS\NKCCDViewerSetting 2008-01-26 13:53 . 2008-01-26 13:54 <DIR> d-------- C:\Documents and Settings\Mike\Application Data\Snapfish 2008-01-25 00:09 . 2008-01-25 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell 2008-01-23 21:30 . 2008-01-23 21:30 <DIR> d-------- C:\Program Files\iPod 2008-01-16 12:36 . 2008-01-16 12:39 <DIR> d-------- C:\Program Files\QuickTime 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-08 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-02-06 05:13 --------- d-----w C:\Program Files\Windows Defender 2008-02-06 05:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-06 05:04 --------- d-----w C:\Program Files\iTunes 2008-02-06 05:02 --------- d-----w C:\Program Files\Google 2008-02-06 05:01 --------- d-----w C:\Program Files\DIGStream 2008-02-06 05:01 --------- d-----w C:\Program Files\DellSupport 2008-02-06 05:01 --------- d-----w C:\Program Files\Dell Network Assistant 2008-02-04 19:15 --------- d-----w C:\Documents and Settings\Cathy\Application Data\Skype 2008-02-02 06:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-02 03:09 --------- d-----w C:\Program Files\Lavasoft 2008-02-02 03:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-29 18:07 --------- d-----w C:\Program Files\Graboid 2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-12-11 04:42 73,496 ----a-w C:\Documents and Settings\Mike\Application Data\GDIPFONTCACHEV1.DAT 2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2003-08-27 19:19 36,963 ----a-r C:\Program Files\Common Files\SM1updtr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24 20480] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-29 23:20 68856] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784] "DellTransferAgent"="C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 15:46 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 07:08 1347584] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 13:35 397312 C:\WINDOWS\stsystra.exe] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 10:56 761947] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18 151552] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29 303104] "MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 11:05 212992] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 15:16 1121792] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 09:26 110592] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00 1005096] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-04-03 17:12 777424] "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-04-13 16:36 1470464] "SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 13:20 94208] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 04:33 122941] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45 118784] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44 98304] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 13:07 188416] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 13:07 348160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 06:54 185632] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 22:28 29744] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 01:33 8720384] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-07-16 21:25:14 124912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL S2 DellBIOS;DellBIOS;C:\WINDOWS\DellBIOS.Sys [] S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-07 22:28] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] \Shell\AutoRun\command - E:\setup.exe . Contents of the 'Scheduled Tasks' folder "2008-02-06 16:26:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-02-09 00:19:02 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-02-09 00:19:02 C:\WINDOWS\Tasks\HP Usg Login.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-02-09 02:14:02 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (DELL-INSPIRON-Mike).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe "2008-02-08 07:46:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-08 20:47:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-08 20:47:46 ComboFix-quarantined-files.txt 2008-02-09 02:47:37 ComboFix2.txt 2008-02-08 08:10:16 ComboFix3.txt 2008-02-08 05:07:24 . 2008-01-09 09:04:04 --- E O F --- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Saturday, February 09, 2008 12:01:51 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 9/02/2008 Kaspersky Anti-Virus database records: 555731 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ H:\ Scan Statistics: Total number of scanned objects: 71742 Number of viruses found: 13 Number of infected objects: 46 Number of suspicious objects: 2 Duration of the scan process: 00:59:06 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20080206021437\backup\DOCUME~1\Mike\LOCALS~1\Temp\p2na3cvp.exe Infected: Trojan.Win32.Agent.ept skipped C:\Deckard\System Scanner\20080206021437\backup\DOCUME~1\Mike\LOCALS~1\Temp\sj7g1dr3.exe Infected: Trojan.Win32.Agent.ept skipped C:\Deckard\System Scanner\20080206021437\backup\DOCUME~1\Mike\LOCALS~1\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped C:\Deckard\System Scanner\20080206021437\backup\DOCUME~1\Mike\LOCALS~1\Temp\yazzsnet.exe NSIS: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.8/wbuninst.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Mike\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped C:\Documents and Settings\Mike\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped C:\Documents and Settings\Mike\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped C:\Documents and Settings\Mike\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped C:\Documents and Settings\Mike\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Mike\Desktop\MathBlast5-7-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\Documents and Settings\Mike\Local Settings\Application Data\ApplicationHistory\ENCWCSVR.EXE.c73ad2c2.ini.inuse Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbc2e.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbdam Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbdao Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbeam Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbeao Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbm Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbu2d.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbvm.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\dbvmh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\fii.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\fiih.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\hp Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\hpt2i.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\rpm.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\rpm1m.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\rpm1mh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\rpmh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-black-enchashm.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-black-enchashmh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-black-urlm.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-black-urlmh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-malware-domainm.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-malware-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-white-domainm.cf1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Google Desktop\ec291134d640\safeweb\goog-white-domainmh.ht1 Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Mike\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012008020820080209\index.dat Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Temp\~DF67AC.tmp Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Temp\~DF6B44.tmp Object is locked skipped C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinAdmin.exe.vir Infected: Trojan.Win32.Scapur.k skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1281OinUninstaller.exe.vir NSIS: infected - 1 skipped C:\QooBox\Quarantine\C\Program Files\MSN\dibortoka.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\QooBox\Quarantine\C\Program Files\SMANTE~1\msiexec.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped C:\QooBox\Quarantine\C\WINDOWS\system32\dlmdeft.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.acn skipped C:\QooBox\Quarantine\C\WINDOWS\system32\geb3\pacomsdll33.exe.vir Infected: Trojan-Downloader.Win32.Small.iaw skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gebcbax.dll.vir Infected: Trojan.Win32.BHO.auf skipped C:\QooBox\Quarantine\C\WINDOWS\system32\gusgipqq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hhhhoorv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\hillvguk.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\lqwagmrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\lsuggubn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\rom1\pawedriver4.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\QooBox\Quarantine\C\WINDOWS\system32\shvfknqb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\wisblpug.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\C\WINDOWS\system32\xvgwrpbn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-07_225806.40.zip/intelppmm.sys Infected: Rootkit.Win32.Agent.to skipped C:\QooBox\Quarantine\catchme2008-02-07_225806.40.zip/geebc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\QooBox\Quarantine\catchme2008-02-07_225806.40.zip/ljjifgf.dll Infected: Trojan.Win32.BHO.auf skipped C:\QooBox\Quarantine\catchme2008-02-07_225806.40.zip ZIP: infected - 3 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0000028.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP2\A0000064.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000092.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000095.exe Infected: Trojan.Win32.Scapur.k skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000096.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000096.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000101.dll Infected: not-a-virus:AdWare.Win32.Agent.acn skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000102.dll Infected: Trojan.Win32.BHO.auf skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000103.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000104.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000105.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000106.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000107.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000108.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000109.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000110.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP3\A0000120.dll Infected: Trojan.Win32.BHO.auf skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000338.exe Infected: Trojan-Downloader.Win32.Small.iaw skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\A0000340.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP4\change.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{874DA6FE-4057-4C78-9410-FECA20F4931D}.crmlog Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{891C2FA5-E4B3-4E45-8FEB-1A4B84AC0C16}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:04:11 AM, on 2/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\stsystra.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe C:\WINDOWS\SM1BG.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\NetWaiting\netWaiting.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/6...l/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11168 bytes |
|
|
|
|
02-08-2008, 11:31 PM
|
#12 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
One further note:
Your last instructions included the following: This step should fix the desktop icon problem:Although I followed these steps exactly, there was nothing listed to uncheck and/or delete when I reached the destination specified above, and the "Lock desktop items" box was already unticked. Thus, I could not click Apply, as no changes had been made, so I just clicked OK and then OK again. However, after going through these steps, the gray highlighting of the desktop icons did indeed disappear. |
|
|
|
|
02-09-2008, 08:07 PM
|
#13 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,962
OS: WinXP and Vista
|
Re: Constant popups; Many labeled Zedo
You're welcome, manner99.
Your logs are clean. We just have some finaly tidying up to do. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu. ------------------------------------------------------ Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update. Updating Java:
------------------------------------------------------------- After you've completed the above... The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. **Kindly respond one more time and let me know if we may consider this thread resolved. |
|
|
|
|
02-09-2008, 08:37 PM
|
#14 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 15
OS: xp media center edition
|
Re: Constant popups; Many labeled Zedo
Ried,
I received your all-clear and advice regarding how to better protect my system from now on, and will take your advice and download/install the free apps you recommended. All evidence of any malware on my computer has disappeared. My system is performing completely normally. Thank you so much for your help with cleaning this up -- you provided great relief! Best regards, Manner99 |
|
|
|
| Thread Tools | |
|
|
