Tech Support Forum banner
Cancel

can't remove all popup problems [moved from XP support]

Jump to Latest Follow
Status
Not open for further replies.
1 - 5 of 5 Posts
W

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
hi! the first time user.

I installed many different popup blocker software but still having some popups though as I browse the web. Below is my current HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:06 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.bccard.com/service/individual/security/images/IniMasPlugin.cab
O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/databases/actimage40803.cab
O16 - DPF: {BE1176A6-401F-465F-9260-95DA014525FD} - http://myhome.naver.com/thebank9/icon/icon7025.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{037FF42B-F16E-4DD9-9CC6-83796C1D474C}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E7BBA1-4E36-4460-904C-2BE32CF37F03}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD1AC68-C22E-4F7D-856A-67133B84C33D}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{31F5EC5E-195B-4875-BB8E-F82D5513F147}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{65DE9386-FB38-4D74-9CEC-1053761BCBE3}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2E8755-0E26-48F1-84DB-AF2775418303}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BE33D45-89C2-443E-98CD-E4EF109E0507}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3650F25-DA30-41A5-9075-99E7C61BF7DA}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.140 85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{037FF42B-F16E-4DD9-9CC6-83796C1D474C}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.140 85.255.112.11
O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ibysjlgw.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\rtemehdofsec.html

--
End of file - 6514 bytes

Many thanks.
 
W

· Registered
Joined
·
2 Posts
Discussion Starter · #2 ·
constant popups-slowing and killing my computer.

Here is "main.txt" XP-SP2.

Deckard's System Scanner v20071014.68
Run by RIMC Tech on 2007-11-08 14:57:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-11-08 19:57:30 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-11-08 00:29:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 255 MiB (512 MiB recommended).


-- HijackThis (run as RIMC Tech.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:16 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\RIMC Tech\Local Settings\Temporary Internet Files\Content.IE5\09GHYZSH\dss[1].exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\RIMC Tech.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {510bbbf4-6733-4569-9d16-90e2d74c9f8b} - C:\WINDOWS\System32\edtqjwu.dll
O2 - BHO: 0 - {54228A01-F888-4058-D4A7-73C16D48366F} - C:\Program Files\Windows Media Player\qudasulud457.dll (file missing)
O2 - BHO: (no name) - {5F69F974-5315-44AA-91DA-EBA2D6F37F71} - C:\Program Files\ComPlus Applications\merozek83122.dll
O2 - BHO: (no name) - {AB7B9640-4875-4D2C-A333-96B89357D605} - C:\WINDOWS\System32\ddcbc.dll
O2 - BHO: (no name) - {F80000FD-36E6-4DDA-84CC-A50CC33A912F} - C:\Program Files\ComPlus Applications\merozek4444.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [WG511WLU] C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {6FE760D3-7851-4879-8838-62D9881D7177} (IniMasHandler Class) - http://www.bccard.com/service/individual/security/images/IniMasPlugin.cab
O16 - DPF: {84F7A3A9-B92A-41F4-890F-83F2DC0ADB7E} (ToolBarInstall Control) - http://toolbar.imbc.com/toolbar/MBCToolBar.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://hutchence.armstrong.com/ib/databases/actimage40803.cab
O16 - DPF: {BE1176A6-401F-465F-9260-95DA014525FD} - http://myhome.naver.com/thebank9/icon/icon7025.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{037FF42B-F16E-4DD9-9CC6-83796C1D474C}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{12E7BBA1-4E36-4460-904C-2BE32CF37F03}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CD1AC68-C22E-4F7D-856A-67133B84C33D}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{31F5EC5E-195B-4875-BB8E-F82D5513F147}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{65DE9386-FB38-4D74-9CEC-1053761BCBE3}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C2E8755-0E26-48F1-84DB-AF2775418303}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BE33D45-89C2-443E-98CD-E4EF109E0507}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3650F25-DA30-41A5-9075-99E7C61BF7DA}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.140 85.255.112.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{037FF42B-F16E-4DD9-9CC6-83796C1D474C}: NameServer = 85.255.116.140,85.255.112.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.140 85.255.112.11
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ddcbc - C:\WINDOWS\System32\ddcbc.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\rtemehdofsec.html

--
End of file - 7140 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071107-104842-335 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20071107-200550-304 O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
backup-20071107-200550-752 O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ibysjlgw.exe (file missing)
backup-20071107-201120-161 O15 - Trusted Zone: *.systemdoctor.com (HKLM)
backup-20071107-201120-204 O15 - Trusted Zone: *.drivecleaner.com (HKLM)
backup-20071107-201120-214 O15 - Trusted Zone: *.errorprotector.com
backup-20071107-201120-293 O15 - Trusted Zone: *.errorprotector.com (HKLM)
backup-20071107-201120-389 O15 - Trusted Zone: *.systemdoctor.com
backup-20071107-201120-492 O15 - Trusted Zone: *.imageservr.com (HKLM)
backup-20071107-201120-658 O15 - Trusted Zone: *.drivecleaner.com
backup-20071107-201120-994 O15 - Trusted Zone: *.imageservr.com

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R3 AWINDIS5 (AWINDIS5 Protocol Driver) - c:\windows\system32\awindis5.sys <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
R3 PRISM_ICB (NETGEAR WG511 Wireless LAN Driver) - c:\windows\system32\drivers\wg511icb.sys <Not Verified; Conexant Systems, Inc.; PRISM 802.11 Wireless LAN>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 TnIDriver - c:\docume~1\rimcte~1\locals~1\temp\tni12.tmp (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S4 DomainService - c:\windows\system32\ibysjlgw.exe /service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_1002&DEV_4C59&SUBSYS_0400107B&REV_00\4&34C0AFA1&0&0008
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_1002&DEV_4C59&SUBSYS_0400107B&REV_00\4&34C0AFA1&0&0008
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_2486&SUBSYS_1050144F&REV_02\3&61AAA01&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_2486&SUBSYS_1050144F&REV_02\3&61AAA01&0&FE
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-10-30 18:21:53 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-08 and 2007-11-08 -----------------------------

2007-11-08 14:34:09 0 d-------- C:\ie-spyad_zo
2007-11-08 14:31:01 0 d-------- C:\Program Files\SpywareBlaster
2007-11-08 12:57:06 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2007-11-08 12:57:05 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe <Not Verified; Panda Software International; Panda Anti-malware>
2007-11-08 12:31:15 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-08 12:31:06 0 d-------- C:\WINDOWS\LastGood
2007-11-08 12:19:46 71188 --a------ C:\WINDOWS\system32\jfbohwht.exe <Not Verified; ; DDC>
2007-11-07 14:30:44 71188 --a------ C:\WINDOWS\system32\tumdfdgg.exe <Not Verified; ; DDC>
2007-11-07 12:44:28 0 d-------- C:\Program Files\CleanMyPC Popup Blocker
2007-11-07 12:33:53 71188 --a------ C:\WINDOWS\system32\lpuodkrq.exe <Not Verified; ; DDC>
2007-11-07 11:50:49 0 d-------- C:\WINDOWS\pss
2007-11-07 10:59:48 71188 --a------ C:\WINDOWS\system32\cslrqhbm.exe <Not Verified; ; DDC>
2007-11-07 10:02:37 71188 --a------ C:\WINDOWS\system32\exjcuryu.exe <Not Verified; ; DDC>
2007-11-07 10:01:38 135168 --a------ C:\WINDOWS\tk58.exe
2007-11-03 17:22:25 438672 ---hs---- C:\WINDOWS\system32\cbcdd.ini2
2007-11-02 15:19:03 0 d-------- C:\Program Files\RegistryFix
2007-11-01 19:03:52 0 d-------- C:\Documents and Settings\RIMC Tech\Citrix
2007-10-30 22:55:35 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-30 18:37:09 0 d-------- C:\Program Files\iPod
2007-10-30 18:21:03 0 d-------- C:\Program Files\Apple Software Update
2007-10-30 18:20:04 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-10-30 18:18:48 0 d-------- C:\Program Files\Common Files\Apple
2007-10-30 18:18:43 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2007-10-30 09:36:24 0 d-------- C:\Program Files\Panicware
2007-10-30 08:30:31 426572 ---hs---- C:\WINDOWS\system32\cbcdd.bak2
2007-10-29 23:59:44 0 d-------- C:\Documents and Settings\RIMC Tech\Application Data\Yahoo!
2007-10-29 23:59:37 0 dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo!
2007-10-29 23:59:11 0 d-------- C:\Program Files\Yahoo!
2007-10-29 23:58:23 0 d-------- C:\WINDOWS\cache
2007-10-29 23:25:45 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Start Menu
2007-10-29 23:24:08 0 d-------- C:\WINDOWS\Prefetch
2007-10-29 15:15:12 0 d-------- C:\WINDOWS\peernet
2007-10-29 15:15:09 0 d-------- C:\WINDOWS\provisioning
2007-10-29 15:09:20 0 d-------- C:\WINDOWS\ServicePackFiles
2007-10-29 14:56:26 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-10-29 14:49:23 0 d-------- C:\WINDOWS\EHome
2007-10-29 13:40:55 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-29 13:16:13 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:16:12 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:16:12 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:16:12 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-10-29 13:16:11 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-10-29 13:15:59 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-10-29 13:15:58 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-10-29 13:15:58 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:57 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:57 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:56 947472 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:56 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:55 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:55 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:54 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:53 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:53 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 13:15:52 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-10-29 00:33:26 431708 ---hs---- C:\WINDOWS\system32\cbcdd.bak1
2007-10-29 00:32:51 263220 ---hs---- C:\WINDOWS\system32\ddcbc.dll
2007-10-29 00:26:55 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-10-29 00:24:34 171520 -----n--- C:\WINDOWS\system32\edtqjwu.dll
2007-10-29 00:24:26 0 d-------- C:\WINDOWS\system32\x22
2007-10-29 00:24:26 0 d-------- C:\WINDOWS\system32\i8
2007-10-29 00:24:26 0 d-------- C:\WINDOWS\system32\g1
2007-10-29 00:24:26 0 d-------- C:\WINDOWS\system32\e2
2007-10-29 00:24:26 0 d-------- C:\WINDOWS\system32\a13
2007-10-29 00:24:21 0 d-------- C:\WINDOWS\system32\Mz17r
2007-10-11 22:11:08 0 d-------- C:\Program Files\Universal
2007-10-11 20:57:18 262144 --a------ C:\Documents and Settings\All Users.WINDOWS\NTUSER.DAT
2007-10-11 20:08:08 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2007-10-11 20:07:25 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-11 20:07:24 0 d-------- C:\Documents and Settings\RIMC Tech\Application Data\SUPERAntiSpyware.com
2007-10-11 20:06:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-11 19:32:09 2368 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-11 19:15:01 0 d-------- C:\Program Files\Trend Micro
2007-10-10 21:32:45 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-10 21:14:11 0 d-------- C:\WINDOWS\ERUNT
2007-10-10 20:30:46 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-10-10 19:20:43 0 d-------- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Application Data\Identities
2007-10-10 19:17:54 0 dr-h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\SendTo
2007-10-10 19:17:54 0 dr-h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Recent
2007-10-10 19:17:54 0 d--h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\PrintHood
2007-10-10 19:17:54 0 d--h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\NetHood
2007-10-10 19:17:54 0 dr------- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\My Documents
2007-10-10 19:17:54 0 d--h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Local Settings
2007-10-10 19:17:54 0 dr------- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Favorites
2007-10-10 19:17:54 0 d-------- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Desktop
2007-10-10 19:17:54 0 d---s---- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Cookies
2007-10-10 19:17:54 0 dr-h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Application Data
2007-10-10 19:17:54 0 d---s---- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Application Data\Microsoft
2007-10-10 19:17:53 0 d--h----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Templates
2007-10-10 19:17:53 0 dr------- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\Start Menu
2007-10-10 19:17:53 524288 --ah----- C:\Documents and Settings\Administrator.DOS-1FM9GYORKFM\NTUSER.DAT
2007-10-09 23:53:48 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Desktop
2007-10-09 23:41:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee


-- Find3M Report ---------------------------------------------------------------

2007-11-08 13:19:51 0 d-------- C:\Program Files\iTunes
2007-11-08 13:19:17 0 d-------- C:\Program Files\Google
2007-10-30 18:28:26 0 d-------- C:\Program Files\QuickTime
2007-10-30 18:18:48 0 d-------- C:\Program Files\Common Files
2007-10-30 09:46:39 0 d-------- C:\Program Files\Common Files\scanner
2007-10-30 00:19:12 0 d-------- C:\Program Files\Messenger
2007-10-29 15:15:14 0 d-------- C:\Program Files\Movie Maker
2007-10-29 15:07:50 0 d-------- C:\Program Files\Windows NT
2007-10-11 19:55:34 0 d-------- C:\Program Files\Temporary
2007-10-07 19:41:51 12288 --a------ C:\WINDOWS\mraerea.exe
2007-10-03 22:44:11 0 d-------- C:\Program Files\Lavasoft
2007-09-08 22:07:10 0 d-------- C:\Program Files\ACTIMAGE
2007-09-06 10:19:23 81 --a------ C:\CTX.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{510bbbf4-6733-4569-9d16-90e2d74c9f8b}]
10/29/2007 12:24 AM 171520 --------- C:\WINDOWS\System32\edtqjwu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54228A01-F888-4058-D4A7-73C16D48366F}]
C:\Program Files\Windows Media Player\qudasulud457.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F69F974-5315-44AA-91DA-EBA2D6F37F71}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\ComPlus Applications\merozek83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB7B9640-4875-4D2C-A333-96B89357D605}]
10/29/2007 12:32 AM 263220 ---hs---- C:\WINDOWS\System32\ddcbc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F80000FD-36E6-4DDA-84CC-A50CC33A912F}]
08/02/2007 08:43 AM 282624 --a------ C:\Program Files\ComPlus Applications\merozek4444.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [11/09/2004 02:55 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 01:06 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/1/2007 8:30:22 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Windows Media Player\rtemehdofsec.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbc]
C:\WINDOWS\System32\ddcbc.dll 10/29/2007 12:32 AM 263220 C:\WINDOWS\system32\ddcbc.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2007-11-08 15:03:59 ------------
 

Attachments

Go The Power

· TSF Emeritus
Joined
·
15,171 Posts
#3 · (Edited by Moderator)
Hello and welcome to TSF :wave:.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.


Please be patient with me during this time.

===============================

Mod's Note:

Request for DSS logs removed, as threads have been merged after the fact.
 
tetonbob

· TSF Security Manager, Emeritus
Joined
·
51,795 Posts
#4 ·
Hello, wsshim -

It appears as though you've created two threads for what seems to be the same topic.

I've merged the two, after finding this.

Please stay in this topic for assistance with your issue. Go The Power will be back with instructions after we've had time to review.
 
Go The Power

· TSF Emeritus
Joined
·
15,171 Posts
#5 ·
Hello again,

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

=====================

Download's

**Please do not run any of these tools yet, we will shortly.**

----------------------------

Click Here or Here to download Fixwareout.exe

**Save it to your desktop**

----------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

=====================

Run FixWareout.exe

  • Please go to your desktop and run FixWareout.exe.
  • Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer; please do so.
  • Your system may take longer than usual to load; this is normal.
  • Once the desktop loads post the text that will open (report.txt) in the forum please.
=====================

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

----------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

**Please Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall**

=====================

Please produce a new HijackThis log

=====================

Required Logs

In your next reply please include:
  • A fresh Hijackthis log
  • Combofix.txt
  • report.txt
Also how is your system behaving now?
 
1 - 5 of 5 Posts
Status
Not open for further replies.
About this Discussion
4 Replies
3 Participants
Last post:
Go The Power
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top