1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Constant popups will not go away!!!

Discussion in 'Virus & Other Malware Removal' started by hiyas2u, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. hiyas2u

    hiyas2u Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    4
    I have been getting constant popups that will not go away, I have tried all the usual programs: mcafee, panda, spybot, defender, xosftspy, super snti-spyware, spywareguard, spywarescrapper & ad-aware. The pop-ups seem mainly to be advertising "drive cleaner". HJT log as follows:
    ogfile of HijackThis v1.99.1
    Scan saved at 8:35:39 AM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Call Trace\ctrace.exe
    C:\Spam Inspector\siService.exe
    C:\Windows Defender\MSASCui.exe
    C:\PaperPort\pptd40nt.exe
    C:\Diskeeper\DkService.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\Spam Inspector\siMailProxyServer.exe
    C:\Spam Inspector\siSpamFilterEngine.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\AnyDVD\AnyDVD.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\dss\DSS4DRU.exe
    C:\SpywareGuard\sgmain.exe
    C:\SpywareGuard\sgbhp.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    D:\ghost\Agent\PQV2iSvc.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\SlimBrowser\sbrowser.exe
    C:\WINDOWS\system32\qwerty12.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Spam Inspector\siClientUI.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\Spam Inspector\siMain.exe
    C:\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINZIP\winzip32.exe
    C:\Documents and Settings\nada\Local Settings\Temp\wz2869\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\nada\Application Data\Mozilla\Profiles\default\c4pbtw07.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nada\Application Data\Mozilla\Profiles\default\c4pbtw07.slt\prefs.js)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8 - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll
    O2 - BHO: IECatcher Class - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\InstantGet\IEBar\IGCatcher.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Palm\FireConverterBrowserHelperObject.dll
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {d2f7adc2-35d5-4f91-833c-c3c24f78ef79} - C:\WINDOWS\system32\hnetspl.dll
    O2 - BHO: (no name) - {D36B965A-6A75-4AFD-A2CB-1D6F9B01A633} - C:\DOCUME~1\nada\LOCALS~1\Temp\~DP42.dll (file missing)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\NetZero\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: InstantGet Bar - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\InstantGet\IEBar\IGIEBar.dll
    O4 - HKLM\..\Run: [CallTrace] C:\Call Trace\ctrace.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: DSS4DRU.lnk = C:\dss\DSS4DRU.exe
    O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Clean Traces - C:\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm
    O8 - Extra context menu item: &Download with InstantGet - res://C:\InstantGet\IEBar\IGCatcher.dll/IGLink.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Acoo Search(&A) - res://C:\InstantGet\IEBar\IGIEBar.dll/SEARCH.HTM
    O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm
    O8 - Extra context menu item: Download &all with InstantGet - res://C:\InstantGet\IEBar\IGCatcher.dll/IGAll.htm
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Copernic\Web\SearchExt.htm
    O8 - Extra context menu item: Search with Torrent Buster - res://C:\Torrent Buster\IEext.dll/ieExt.HTM
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra button: Run InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\InstantGet\InstantGet.exe
    O9 - Extra 'Tools' menuitem: &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\InstantGet\InstantGet.exe
    O9 - Extra button: SnipeMonkey - {73B41442-4735-4FF2-9C19-CEA30AE6D7B7} - C:\SnipeMonkey\SnipeMonkey.lnk
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O18 - Protocol: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - (no file)
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\windows\system32\pmnllkh.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: hnetspl - C:\WINDOWS\SYSTEM32\hnetspl.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: McAfee Application Installer Cleanup (0037231175004704) (0037231175004704mcinstcleanup) - Unknown owner - C:\DOCUME~1\nada\LOCALS~1\Temp\003723~1.EXE (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Diskeeper\DkService.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Sandra Lite\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Sandra Lite\RpcSandraSrv.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Spyware Doctor\swdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This can take a while!
     
  3. hiyas2u

    hiyas2u Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    4
    Vundofix found nothing, popups still occurring, superantispyware log as follows:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/17/2007 at 11:14 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3270
    Trace Rules Database Version: 1281

    Scan type : Complete Scan
    Total Scan Time : 00:54:59

    Memory items scanned : 548
    Memory threats detected : 2
    Registry items scanned : 8071
    Registry threats detected : 5
    File items scanned : 42664
    File threats detected : 6

    Trojan.Duncan
    C:\WINDOWS\SYSTEM32\HNETSPL.DLL
    C:\WINDOWS\SYSTEM32\HNETSPL.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2f7adc2-35d5-4f91-833c-c3c24f78ef79}
    HKCR\CLSID\{D2F7ADC2-35D5-4F91-833C-C3C24F78EF79}
    HKCR\CLSID\{D2F7ADC2-35D5-4F91-833C-C3C24F78EF79}\InprocServer32
    HKCR\CLSID\{D2F7ADC2-35D5-4F91-833C-C3C24F78EF79}\InprocServer32#ThreadingModel
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\hnetspl
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{148A864F-02A0-4DA8-87D8-1466544692F0}\RP1490\A0300830.DLL

    Adware.eZula
    C:\WINDOWS\SYSTEM32\QWERTY12.EXE
    C:\WINDOWS\SYSTEM32\QWERTY12.EXE
    C:\WINDOWS\Prefetch\QWERTY12.EXE-004CE5AE.pf

    Adware.Vundo/Traff-2
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{148A864F-02A0-4DA8-87D8-1466544692F0}\RP1490\A0300827.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{148A864F-02A0-4DA8-87D8-1466544692F0}\RP1490\A0300828.EXE

    HJT new log:
    Logfile of HijackThis v1.99.1
    Scan saved at 11:29:55 AM, on 7/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Call Trace\ctrace.exe
    C:\Spam Inspector\siService.exe
    C:\Windows Defender\MSASCui.exe
    C:\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\AnyDVD\AnyDVD.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\dss\DSS4DRU.exe
    C:\Spam Inspector\siMailProxyServer.exe
    C:\Spam Inspector\siSpamFilterEngine.exe
    C:\Diskeeper\DkService.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    D:\ghost\Agent\PQV2iSvc.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\SlimBrowser\sbrowser.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINZIP\winzip32.exe
    C:\Documents and Settings\nada\Local Settings\Temp\wzd90d\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and

    Settings\nada\Application Data\Mozilla\Profiles\default\c4pbtw07.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src");

    (C:\Documents and Settings\nada\Application Data\Mozilla\Profiles\default\c4pbtw07.slt\prefs.js)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8 - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll
    O2 - BHO: IECatcher Class - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\InstantGet\IEBar\IGCatcher.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Palm\FireConverterBrowserHelperObject.dll
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {d2f7adc2-35d5-4f91-833c-c3c24f78ef79} - C:\WINDOWS\system32\msrv32.dll
    O2 - BHO: (no name) - {D36B965A-6A75-4AFD-A2CB-1D6F9B01A633} - C:\DOCUME~1\nada\LOCALS~1\Temp\~DP42.dll (file missing)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\NetZero\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: InstantGet Bar - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\InstantGet\IEBar\IGIEBar.dll
    O4 - HKLM\..\Run: [CallTrace] C:\Call Trace\ctrace.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "C:\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding

    -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: DSS4DRU.lnk = C:\dss\DSS4DRU.exe
    O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Clean Traces - C:\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm
    O8 - Extra context menu item: &Download with InstantGet - res://C:\InstantGet\IEBar\IGCatcher.dll/IGLink.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Acoo Search(&A) - res://C:\InstantGet\IEBar\IGIEBar.dll/SEARCH.HTM
    O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm
    O8 - Extra context menu item: Download &all with InstantGet - res://C:\InstantGet\IEBar\IGCatcher.dll/IGAll.htm
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Copernic\Web\SearchExt.htm
    O8 - Extra context menu item: Search with Torrent Buster - res://C:\Torrent Buster\IEext.dll/ieExt.HTM
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra button: Run InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\InstantGet\InstantGet.exe
    O9 - Extra 'Tools' menuitem: &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\InstantGet\InstantGet.exe
    O9 - Extra button: SnipeMonkey - {73B41442-4735-4FF2-9C19-CEA30AE6D7B7} - C:\SnipeMonkey\SnipeMonkey.lnk
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%

    \bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

    missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

    http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

    http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -

    http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) -

    http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -

    http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) -

    http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O18 - Protocol: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - (no file)
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft

    Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12

    \MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\windows\system32\pmnllkh.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: msrv32 - C:\WINDOWS\SYSTEM32\msrv32.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: McAfee Application Installer Cleanup (0037231175004704) (0037231175004704mcinstcleanup) - Unknown owner -

    C:\DOCUME~1\nada\LOCALS~1\Temp\003723~1.EXE (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Diskeeper\DkService.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

    Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program

    Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Sandra Lite\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Sandra Lite\RpcSandraSrv.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Spyware Doctor\swdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog

    Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\TuneUp Utilities 2006

    \WinStylerThemeSvc.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I need the log from vundofix


    For the next hijack log - In notepad go to FORMAT and uncheck wordwrap


    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
     
  5. hiyas2u

    hiyas2u Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    4
    wordwrap was never checked, I think your applet is resizing, the reply window is much more narrow than original......combofix log:

    "nada" - 2007-07-17 14:01:47 - ComboFix 07-07-13.8 - Service Pack 2 FAT32


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\pmnllkh.dll
    C:\WINDOWS\system32\msrv32.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\nada\APPLIC~1\tmp118.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp11A.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp121.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp123.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp124.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp125.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp1E.tmp.exe
    C:\DOCUME~1\nada\APPLIC~1\tmp6B.tmp.exe
    C:\WINDOWS\system32\dna87f3d6c.dat
    C:\WINDOWS\system32\system
    C:\WINDOWS\system32\system\msxml4.dll
    C:\WINDOWS\system32\system\msxml4r.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


    2007-07-17 14:00 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-17 11:33 <DIR> d-------- C:\DOCUME~1\nada\APPLIC~1\uTorrent
    2007-07-17 11:24 105,436 --a------ C:\WINDOWS\system32\mllml.exe
    2007-07-17 09:09 <DIR> d--hs---- C:\FOUND.000
    2007-07-13 12:15 105,476 --a------ C:\WINDOWS\system32\gebcb.exe
    2007-07-13 08:55 <DIR> d-------- C:\!KillBox
    2007-07-12 16:50 <DIR> d-------- C:\SUPERAntiSpyware
    2007-07-12 16:50 <DIR> d-------- C:\DOCUME~1\nada\APPLIC~1\SUPERAntiSpyware.com
    2007-07-12 16:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-12 15:07 <DIR> d-------- C:\XoftSpySE
    2007-07-11 16:52 <DIR> d-------- C:\Spyware Scrapper Demo
    2007-07-11 16:52 <DIR> d-------- C:\DOCUME~1\nada\APPLIC~1\AntiSpywareDAT
    2007-07-11 16:43 <DIR> d-------- C:\SpywareGuard
    2007-07-11 16:35 <DIR> d-------- C:\SpywareBlaster
    2007-07-11 11:43 <DIR> d-------- C:\avi-dvd-pro
    2007-07-11 11:09 <DIR> d-------- C:\Cucusoft
    2007-07-11 10:27 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
    2007-07-11 10:27 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
    2007-07-11 10:27 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
    2007-07-11 10:27 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
    2007-07-09 15:30 <DIR> d-------- C:\boilsoft_tmp
    2007-07-09 15:19 <DIR> d-------- C:\AVI Converter
    2007-07-09 12:22 83,024 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-07-09 12:22 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-07-09 12:22 57,424 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-07-09 12:22 53,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-07-09 12:22 39,376 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
    2007-07-09 12:22 29,264 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2007-07-09 12:22 <DIR> d-------- C:\Spyware Doctor
    2007-07-09 12:22 <DIR> d-------- C:\DOCUME~1\nada\APPLIC~1\PC Tools
    2007-07-06 11:34 <DIR> d-------- C:\VundoFix Backups
    2007-07-06 10:45 31,232 -r-hs---- C:\WINDOWS\system32\msfDX.dll
    2007-07-06 10:45 163,328 -r-hs---- C:\WINDOWS\system32\flvDX.dll
    2007-07-06 10:43 <DIR> d-------- C:\SUPER
    2007-06-21 12:18 <DIR> d-------- C:\Program Files\Microsoft Works
    2007-06-21 12:00 9,140 --a------ C:\WINDOWS\system32\drivers\kid_lib.sys
    2007-06-21 12:00 69,632 --a------ C:\WINDOWS\system32\grxp4dll.dll
    2007-06-21 12:00 45,056 --a------ C:\WINDOWS\system32\Grxpff.dll
    2007-06-21 12:00 36,864 --a------ C:\WINDOWS\system32\grxp4exe.exe
    2007-06-21 12:00 32,768 --a------ C:\WINDOWS\system32\xp_run.exe
    2007-06-21 12:00 266,432 --a------ C:\WINDOWS\system32\drivers\ntxpusb.sys
    2007-06-21 12:00 2,977,792 --a------ C:\WINDOWS\system32\Grxp4ppg.dll
    2007-06-21 12:00 16,469 --a------ C:\WINDOWS\system32\xp_inst.dll
    2007-06-21 12:00 155,648 --a------ C:\WINDOWS\system32\ifc21.dll
    2007-06-21 12:00 126,976 --------- C:\WINDOWS\system32\DZIP32.DLL
    2007-06-21 12:00 11,920 --------- C:\WINDOWS\system32\drivers\KID_SYS.sys
    2007-06-21 11:59 <DIR> d-------- C:\Gravis
    2007-06-21 11:57 <DIR> d-------- C:\Xp4_5
    2007-06-20 16:43 12 --a------ C:\WINDOWS\bthservsdp.dat
    2007-06-20 14:42 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
    2007-06-20 14:42 27,136 --a------ C:\WINDOWS\system32\irmon.dll
    2007-06-20 14:42 152,576 --a------ C:\WINDOWS\system32\irftp.exe
    2007-06-20 14:38 <DIR> d-------- C:\V CAST Music Essentials Manager
    2007-06-20 11:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-06-20 11:45 208,248 --a------ C:\WINDOWS\system32\muweb.dll
    2007-06-20 08:25 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-06-19 15:17 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-06-19 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-06-19 14:32 <DIR> d-------- C:\Program Files\MagicISO


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-16 20:46:14 23,083 ----a-w C:\WINDOWS\mozver.dat
    2007-06-08 17:13:42 -------- d-----w C:\Program Files\movieshop
    2007-06-01 03:04:46 96,968 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
    2007-05-19 20:08:26 86,016 ----a-w C:\WINDOWS\system32\ElbyCDIO.dll
    2007-05-17 21:30:48 318,976 ----a-w C:\WINDOWS\system32\avisynth.dll
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 19:24:30 394,240 ----a-w C:\WINDOWS\system32\Smab.dll
    2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2006-12-29 00:27:54 87,608 ----a-w C:\DOCUME~1\nada\APPLIC~1\ezpinst.exe
    2006-12-29 00:27:54 47,360 ----a-w C:\DOCUME~1\nada\APPLIC~1\pcouffin.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000762-3965-4A1A-98CE-3D4BF457D4C8]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    2006-09-06 10:09 439872 --a------ C:\Yahoo!\Companion\Installs\cpn0\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
    2003-08-02 23:24 192512 -ra------ C:\SpywareGuard\dlprotect.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{569E7719-1A11-415E-9206-AC1860FB8BFF}]
    2006-04-13 09:29 200704 --a------ C:\InstantGet\IEBar\IGCatcher.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
    2006-10-31 15:29 198136 --a------ C:\Yahoo!\Common\yiesrvc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6427806D-3820-11D5-9939-00B0D0522EB5}]
    2001-04-26 13:28 69632 --a------ C:\Palm\FireConverterBrowserHelperObject.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65C8C1F5-230E-4DC9-9A0D-F3159A5E77]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    2006-12-22 16:02 67136 --a------ c:\program files\mcafee\virusscan\scriptcl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D36B965A-6A75-4AFD-A2CB-1D6F9B01A633}]
    C:\DOCUME~1\nada\LOCALS~1\Temp\~DP42.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CallTrace"="C:\Call Trace\ctrace.exe" [2001-07-27 09:23]
    "siService.exe"="C:\Spam Inspector\siService.exe" [2004-04-15 02:39]
    "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
    "PaperPort PTD"="C:\PaperPort\pptd40nt.exe" [2006-05-05 12:18]
    "IndexSearch"="C:\PaperPort\IndexSearch.exe" [2006-05-05 12:19]
    "Adobe Reader Speed Launcher"="C:\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 C:\WINDOWS\system32\bthprops.cpl]
    "Gravis Xperience Driver Support"="Grxp4exe.exe" [2002-02-26 10:05 C:\WINDOWS\system32\grxp4exe.exe]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
    "AnyDVD"="C:\AnyDVD\AnyDVD.exe" [2007-06-12 18:05]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
    "SecureItPro"="C:\SecureIt Pro\secureitpro470p.exe" [2002-01-17 22:26]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoStartMenuMyMusic"=1 (0x1)
    "NoSMMyPictures"=1 (0x1)
    "NoFavoritesMenu"=1 (0x1)
    "NoSMMyDocs"=1 (0x1)
    "NoRecentDocsMenu"=1 (0x1)
    "NoWindowsUpdate"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=0 (0x0)
    "NoLowDiskSpaceChecks"=1 (0x1)
    "LockTaskbar"=0 (0x0)
    "NoBandCustomize"=0 (0x0)
    "NoMovingBands"=0 (0x0)
    "NoCloseDragDropBands"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoToolbarsOnTaskbar"=0 (0x0)
    "NoSaveSettings"=0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "ClearRecentDocsOnExit"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"="C:\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 15:18]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\pmnllkh.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
    backup=C:\WINDOWS\pss\DataViz Inc Messenger.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
    backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
    backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
    backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
    backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nada^Start Menu^Programs^graphics^Startup^V CAST Music Monitor.lnk]
    path=C:\Documents and Settings\nada\Start Menu\Programs\graphics\Startup\V CAST Music Monitor.lnk
    backup=C:\WINDOWS\pss\V CAST Music Monitor.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nada^Start Menu^Programs^Startup^Allenchow Webmail Checker.lnk]
    backup=C:\WINDOWS\pss\Allenchow Webmail Checker.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^nada^Start Menu^Programs^Startup^Update Grokster.lnk]
    path=C:\Documents and Settings\nada\Start Menu\Programs\Startup\Update Grokster.lnk
    backup=C:\WINDOWS\pss\Update Grokster.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
    C:\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdRoarUpdate]
    C:\WINDOWS\ARUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\anydvd loader]
    C:\AnyDVD\AnyDVD_.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
    C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "C:\Diskeeper\DkIcon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadWare]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
    C:\Program Files\dvd43\dvd43_tray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    C:\Evidence Eliminator\ee.exe /m

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
    C:\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    C:\PaperPort\IndexSearch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
    D:\ghost\Agent\GhostTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    C:\PaperPort\pptd40nt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POP]
    C:\Program Files\POP\PopSrv205.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort10reminder]
    "C:\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\10\Config\Ereg\ereg.ini"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPScheduler]
    "C:\PaperPort\PPScheduler.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RVP]
    "C:\Program Files\RVP\bpc.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    "C:\Shareaza\Shareaza.exe" -tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    C:\Java\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system]
    explore.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Taskbar Hide]
    C:\TASKBA~1\TASKBAR.EXE -Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
    C:\washer\Webroot\Washer\wwDisp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Yahoo!\Messenger\ypager.exe" -quiet

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs BthServ
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    UxTuneUp


    Contents of the 'Scheduled Tasks' folder
    2007-07-17 18:13:30 C:\WINDOWS\tasks\MP Scheduled Scan.job
    2007-03-27 14:11:24 C:\WINDOWS\tasks\McQcTask.job
    2007-03-27 14:11:26 C:\WINDOWS\tasks\McDefragTask.job
    2007-07-12 19:07:38 C:\WINDOWS\tasks\XoftSpySE.job
    2003-12-27 19:00:28 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~NADA-KKVYKYV2ZN nada.job
    2003-12-27 19:00:28 C:\WINDOWS\tasks\2 Copernic Daily ~NADA-KKVYKYV2ZN nada.job
    2003-12-27 19:00:28 C:\WINDOWS\tasks\3 Copernic Weekly ~NADA-KKVYKYV2ZN nada.job
    2003-12-27 19:00:28 C:\WINDOWS\tasks\4 Copernic Monthly ~NADA-KKVYKYV2ZN nada.job
    2007-07-17 18:10:32 C:\WINDOWS\tasks\XoftSpySE 2.job
    2005-05-16 15:01:50 C:\WINDOWS\tasks\XoftSpy.job
    2007-07-17 15:25:24 C:\WINDOWS\tasks\Symantec NetDetect.job
    2007-07-06 21:20:00 C:\WINDOWS\tasks\1-Click Maintenance.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-17 14:11:29
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\0037231175004704mcinstcleanup]
    "ImagePath"="C:\DOCUME~1\nada\LOCALS~1\Temp\003723~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service"

    Completion time: 2007-07-17 14:14:17 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-17 14:14

    --- E O F ---
     
  6. hiyas2u

    hiyas2u Thread Starter

    Joined:
    Jul 16, 2007
    Messages:
    4
    hijackthis log:
    Logfile of HijackThis v1.99.1
    Scan saved at 2:43:59 PM, on 7/17/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Diskeeper\DkService.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    D:\ghost\Agent\PQV2iSvc.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wwSecure.exe
    C:\Call Trace\ctrace.exe
    C:\Spam Inspector\siService.exe
    C:\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\AnyDVD\AnyDVD.exe
    C:\Spam Inspector\siMailProxyServer.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Spam Inspector\siSpamFilterEngine.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\dss\DSS4DRU.exe
    C:\SpywareGuard\sgmain.exe
    C:\SpywareGuard\sgbhp.exe
    c:\syz_dat\systray.exe
    C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    C:\bbs\temp\utorrent.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Spam Inspector\siClientUI.exe
    C:\Spam Inspector\siMain.exe
    C:\SlimBrowser\sbrowser.exe
    C:\WINZIP\winzip32.exe
    C:\Documents and Settings\nada\Local Settings\Temp\wzb53\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    N4 - Mozilla: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\nada\Application Data\Mozilla\Profiles\default\c4pbtw07.slt\prefs.js)
    N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\nada\Application Data\Mozilla\Profiles\default\c4pbtw07.slt\prefs.js)
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8 - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\SpywareGuard\dlprotect.dll
    O2 - BHO: IECatcher Class - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\InstantGet\IEBar\IGCatcher.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Firepad FireConverter - {6427806D-3820-11D5-9939-00B0D0522EB5} - C:\Palm\FireConverterBrowserHelperObject.dll
    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {D36B965A-6A75-4AFD-A2CB-1D6F9B01A633} - C:\DOCUME~1\nada\LOCALS~1\Temp\~DP42.dll (file missing)
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\NetZero\toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: InstantGet Bar - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\InstantGet\IEBar\IGIEBar.dll
    O4 - HKLM\..\Run: [CallTrace] C:\Call Trace\ctrace.exe
    O4 - HKLM\..\Run: [siService.exe] "C:\Spam Inspector\siService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: DSS4DRU.lnk = C:\dss\DSS4DRU.exe
    O4 - Startup: SpywareGuard.lnk = C:\SpywareGuard\sgmain.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: &Clean Traces - C:\DAP\Privacy Package\dapcleanerie.htm
    O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm
    O8 - Extra context menu item: &Download with InstantGet - res://C:\InstantGet\IEBar\IGCatcher.dll/IGLink.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Acoo Search(&A) - res://C:\InstantGet\IEBar\IGIEBar.dll/SEARCH.HTM
    O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm
    O8 - Extra context menu item: Download &all with InstantGet - res://C:\InstantGet\IEBar\IGCatcher.dll/IGAll.htm
    O8 - Extra context menu item: Search Using Copernic Agent - C:\Copernic\Web\SearchExt.htm
    O8 - Extra context menu item: Search with Torrent Buster - res://C:\Torrent Buster\IEext.dll/ieExt.HTM
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\COPERNIC\COPERN~1.EXE
    O9 - Extra button: Run InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\InstantGet\InstantGet.exe
    O9 - Extra 'Tools' menuitem: &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\InstantGet\InstantGet.exe
    O9 - Extra button: SnipeMonkey - {73B41442-4735-4FF2-9C19-CEA30AE6D7B7} - C:\SnipeMonkey\SnipeMonkey.lnk
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
    O18 - Protocol: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - (no file)
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\windows\system32\pmnllkh.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: McAfee Application Installer Cleanup (0037231175004704) (0037231175004704mcinstcleanup) - Unknown owner - C:\DOCUME~1\nada\LOCALS~1\Temp\003723~1.EXE (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Diskeeper\DkService.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: Norton Ghost - Symantec Corporation - D:\ghost\Agent\PQV2iSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Sandra Lite\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Sandra Lite\RpcSandraSrv.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Spyware Doctor\swdsvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
    O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

    vundo log:
    VundoFix V6.5.6

    Checking Java version...

    Scan started at 2:50:13 PM 7/17/2007

    Listing files found while scanning....

    No infected files were found.
     
  7. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8 - (no file)

    O2 - BHO: (no name) - {65C8C1F5-230E-4DC9-9A0D-F3159A5E77 - (no file)

    O2 - BHO: (no name) - {D36B965A-6A75-4AFD-A2CB-1D6F9B01A633} - C:\DOCUME~1\nada\LOCALS~1\Temp\~DP42.dll (file missing)

    O18 - Protocol: copernicmeta - {9B46B30C-CB70-4551-9806-3238CC816A55} - (no file)

    O20 - AppInit_DLLs: c:\windows\system32\pmnllkh.dll

    O23 - Service: McAfee Application Installer Cleanup (0037231175004704) (0037231175004704mcinstcleanup) - Unknown owner - C:\DOCUME~1\nada\LOCALS~1\Temp\003723~1.EXE (file missing)

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by DELETE ON REBOOT. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    c:\windows\system32\pmnllkh.dll
    C:\WINDOWS\system32\mllml.exe
    C:\WINDOWS\system32\gebcb.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596411

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice