1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

MyWebSearch and others taking over my pc!

Discussion in 'Virus & Other Malware Removal' started by dceezy, Jul 8, 2007.

?

Is Windows Defender any good?

  1. What about Max Secure Spyware Detector?

    100.0%
  2. Norton Antirus and Internet Security?

    0 vote(s)
    0.0%
Thread Status:
Not open for further replies.
Advertisement
  1. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    I have Windows XP on a Dell Dimension 3000 (I think). I'm having major problems getting rid of adware and I think I might have viruses too. When I surf the web so many windows pop up that internet explorer eventually just shuts down. There's nothing I can do about it. I have Windows Defender (which i'm hearing is pretty lame) and Spyhunter but they don't seem to pick up on everything. I justdownloaded a free trial of Max Secure Spyware Detector and it pulled up over 700 suspicious files and cookies! :eek: I really need some advice. I tried to do a system restore and it doesn't work. Help me!
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi Welcome to TSG!!

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


    Run HijackThis and click Open the Misc Tools section
    Click Open Uninstall Manager, Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of the log here in your next reply.
     
  3. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:36:46 PM, on 7/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\Symantec\Ghost\bin\rteng6.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\SpywareDetector\SDSystemTray.exe
    C:\Program Files\SpywareDetector\SDService.exe
    C:\Program Files\SpywareDetector\SpywareDetector.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.254.1
    O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\DOCUME~1\DEMON~1.DD4\LOCALS~1\Temp\juan.dll (file missing)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
    O4 - HKLM\..\Run: [NGServer] "C:\Program Files\Symantec\Ghost\ngserver.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\eyokoxj.dll,TurnOn2
    O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
    O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8862 bytes






    Adobe Shockwave Player
    Apple Software Update
    Arc DVD Copy 1.5.5
    Banctec Service Agreement
    Bejeweled 2 Deluxe
    CC_ccProxyMSI
    CC_ccStart
    ccCommon
    Dell Driver Reset Tool
    Dell Support 5.0.0 (630)
    DivX Author
    DivX Codec
    DivX Content Uploader
    DivX Player
    DivX Web Player
    EarthLink setup files
    eSnips
    Get High Speed Internet!
    GGE909 PC Recoil Pad
    GrabIt 1.7.1 Beta (build 960)
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Indeo® software
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    iPod for Windows 2006-01-10
    iTunes
    Jasc Paint Shop Pro Studio, Dell Editon
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    LimeWire 4.12.14
    LiveReg (Symantec Corporation)
    LiveUpdate 1.90 (Symantec Corporation)
    Messenger Service
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows XP Video Decoder Checkup Utility
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    MSRedist
    MSXML 4.0 SP2 (KB927978)
    MSXML 6.0 Parser (KB927977)
    MySpaceIM
    Norton AntiSpam
    Norton AntiSpam
    Norton AntiVirus
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Security Center
    Norton WMI Update
    Plus! MP3 Audio Converter LE
    QuickPar 0.9
    QuickTime
    RealPlayer
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    SpyHunter
    Spyware Detector
    Symantec Ghost
    Symantec Script Blocking Installer
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920342)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Viewpoint Media Player
    Windows Defender
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Encoder 9 Series
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Media Player 11
    Windows Rights Management Client Backwards Compatibility SP2
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
    WordPerfect Office 12
    XP Codec Pack

    Thanx for such a quick response. I hope this helps!
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  5. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    "DeMon" - 2007-07-09 9:36:27 - ComboFix 07-07-09.3 - Service Pack 2


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\DEMON~1.DD4\APPLIC~1.\macromedia\Flash Player\#SharedObjects\2N3E8QDF\www.broadcaster.com
    C:\DOCUME~1\DEMON~1.DD4\APPLIC~1.\macromedia\Flash Player\#SharedObjects\2N3E8QDF\www.broadcaster.com\played_list.sol
    C:\DOCUME~1\DEMON~1.DD4\APPLIC~1.\macromedia\Flash Player\#SharedObjects\2N3E8QDF\www.broadcaster.com\video_queue.sol
    C:\DOCUME~1\DEMON~1.DD4\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\DOCUME~1\DEMON~1.DD4\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol


    ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


    2007-07-09 09:34 51,200 --a--c--- C:\WINDOWS\nircmd.exe
    2007-07-08 17:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-07-08 16:55 1,152 --a--c--- C:\WINDOWS\SYSTEM32\windrv.sys
    2007-07-08 16:55 <DIR> d-------- C:\Program Files\SpyNoMore
    2007-07-08 16:43 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
    2007-07-08 15:36 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-08 15:17 138,752 --a--c--- C:\WINDOWS\SYSTEM32\sndvol32.exe
    2007-07-08 10:36 63 --a--c--- C:\WINDOWS\SYSTEM\SysSD.dll
    2007-07-08 10:35 60,680 --a--c--- C:\WINDOWS\SYSTEM32\CloseAll.exe
    2007-07-08 10:35 270,336 --a--c--- C:\WINDOWS\SYSTEM32\CheckDll.dll
    2007-07-08 10:35 1,044,480 --a--c--- C:\WINDOWS\SYSTEM32\VchReg.dll
    2007-07-08 10:35 <DIR> d-------- C:\Program Files\SpywareDetector
    2007-07-07 14:53 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\AntiSpywareBot
    2007-07-07 12:28 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\GetRightToGo
    2007-07-07 10:56 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\SUPERAntiSpyware.com
    2007-07-07 10:56 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-07 10:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-06 18:43 53,248 --a--c--- C:\WINDOWS\SYSTEM32\eyokoxj.dll
    2007-07-03 09:53 <DIR> d-------- C:\Program Files\MySpace
    2007-07-02 21:39 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\WinRAR
    2007-07-02 18:13 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\GrabIt
    2007-07-01 21:19 <DIR> d-------- C:\Program Files\eSnips
    2007-06-28 12:48 <DIR> d-------- C:\Program Files\Pegasys Inc
    2007-06-27 18:32 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-06-25 10:37 <DIR> d----c--- C:\My programs
    2007-06-25 10:36 <DIR> d----c--- C:\My Vids
    2007-06-25 10:22 <DIR> d----c--- C:\TempDVD
    2007-06-25 10:17 <DIR> d-------- C:\Program Files\LimeWire4.12.14
    2007-06-25 10:08 <DIR> d-------- C:\Program Files\iMesh Applications
    2007-06-23 21:30 2,560 -----c--- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
    2007-06-23 21:30 2,432 -----c--- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
    2007-06-23 21:30 129,784 -----c--- C:\WINDOWS\SYSTEM32\pxafs.dll
    2007-06-23 21:30 <DIR> d-------- C:\Program Files\DivXinstal
    2007-06-23 21:12 <DIR> d----c--- C:\WINDOWS\LastGood(2)
    2007-06-23 21:11 <DIR> d-------- C:\Program Files\iTunes
    2007-06-23 21:08 <DIR> d-------- C:\Program Files\Your Company Name
    2007-06-23 20:47 <DIR> d----c--- C:\WINDOWS\pss
    2007-06-23 08:58 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Roxio
    2007-06-23 08:58 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Roxio
    2007-06-23 08:57 <DIR> d-------- C:\Program Files\InterActual
    2007-06-23 08:54 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DLA
    2007-06-23 08:38 <DIR> d-------- C:\Program Files\SightSpeed
    2007-06-23 08:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
    2007-06-23 08:31 <DIR> d-------- C:\Program Files\Roxio
    2007-06-23 08:31 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
    2007-06-23 08:31 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
    2007-06-20 13:09 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Nero
    2007-06-16 09:19 <DIR> d-------- C:\Program Files\iTunes(2)


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-08 20:55:44 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-07 19:08:52 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-07 16:04:37 2,112 -c--a-w C:\WINDOWS\system32\tmp.reg
    2007-07-06 22:04:44 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\QuickPar
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\Modem On Hold
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\Modem Helper
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\Messenger
    2007-07-06 22:04:41 -------- d-----w C:\Program Files\LimeWire
    2007-07-06 22:04:41 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
    2007-07-06 21:46:57 -------- d-----w C:\Program Files\Windows NT
    2007-07-02 22:12:51 -------- d-----w C:\Program Files\GrabIt
    2007-07-02 21:58:13 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\LimeWire
    2007-06-27 22:33:42 -------- d-----w C:\Program Files\QuickTime
    2007-06-26 17:34:11 -------- d-----w C:\Program Files\MSN Games
    2007-06-25 18:21:19 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\dvdcss
    2007-06-24 01:12:35 -------- d-----w C:\Program Files\Apple Software Update(2)
    2007-06-24 01:12:05 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\acccore
    2007-06-24 01:11:04 -------- d-----w C:\Program Files\Common Files\Java(2)
    2007-06-24 01:11:00 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Move Networks
    2007-06-24 01:10:04 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Corel
    2007-06-24 01:09:56 -------- d-----w C:\Program Files\Common Files\Ahead
    2007-06-24 01:09:42 -------- d-----w C:\Program Files\MySpace(2)
    2007-06-24 01:09:13 -------- d-----w C:\Program Files\Pegasys Inc(2)
    2007-06-24 01:06:24 -------- d-----w C:\Program Files\Real
    2007-06-20 19:25:30 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Ahead
    2007-06-16 13:19:24 -------- d-----w C:\Program Files\iPod
    2007-05-31 06:45:07 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 -c--a-w C:\WINDOWS\system32\DivX.dll
    2007-05-27 16:25:45 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\LEAPS
    2007-05-17 01:59:33 32 -c--a-w C:\WINDOWS\popcinfot.dat
    2007-05-16 15:12:02 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 02:01:47 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Mind Control Software
    2007-05-13 03:41:52 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\PlayFirst
    2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\schannel.dll
    2007-04-25 12:44:34 1,024,000 -c--a-w C:\WINDOWS\system32\ewmpegco.dll
    2007-04-23 00:15:29 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 -c--a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 -c--a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-21 13:13:36 131,584 -c--a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2007-04-19 14:00:05 1 -c--a-w C:\WINDOWS\system32\au3305arc.dll
    2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
    2003-11-21 18:04 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    2003-12-04 19:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47]
    "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 20:35]
    "NGServer"="C:\Program Files\Symantec\Ghost\ngserver.exe" [2001-03-22 18:02]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-02 17:40]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-06-08 17:44]
    "SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-06-11 16:29]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-04-14 10:55]
    "SecurityUpdate"="C:\WINDOWS\system32\eyokoxj.dll" [2007-07-06 18:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
    "Sonic RecordNow! Deluxe"="" []

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
    C:\Program Files\SpywareDetector\SDNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime


    Contents of the 'Scheduled Tasks' folder
    2007-07-03 12:55:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-09 13:00:25 C:\WINDOWS\tasks\MP Scheduled Scan.job
    2007-07-09 13:36:00 C:\WINDOWS\tasks\Symantec NetDetect.job
    2007-07-09 13:35:00 C:\WINDOWS\tasks\User_Feed_Synchronization-{A21BB427-2412-43F5-92F7-ACDD9A003054}.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-09 09:38:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-09 9:39:19
    C:\ComboFix-quarantined-files.txt ... 2007-07-09 09:39

    --- E O F ---













    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:20:07 AM, on 7/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\Symantec\Ghost\bin\rteng6.exe
    C:\WINDOWS\system32\locator.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\SpywareDetector\SDService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.254.1
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
    O4 - HKLM\..\Run: [NGServer] "C:\Program Files\Symantec\Ghost\ngserver.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
    O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\eyokoxj.dll,TurnOn2
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8802 bytes



    Thanx!:D
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

    Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Processes group click ALL
    • In the Win32 Services group click ALL
    • In the Driver Services group click ALL
    • In the Registry group click ALL
    • In the Files Created Within group click 60 days Make sure Non-Microsoft only is UNCHECKED
    • In the Files Modified Within group select 30 days Make sure Non-Microsoft only is UNCHECKED
    • In the File String Search group select ALL
    • in the Additional scans sections please press select ALL
    • Now click the Run Scan button on the toolbar.
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
    Please post the resulting log here as an attachment.

    • Click on the orange Post a Reply! button
    • scroll down to Manage Attachments
    • Click in the box that says Upload File from your Computer
    • Click the Browse... button and find the file then click open
    • Click the Upload button
    • Wait until you see Current Attachment and your file name
    • Click on Close this window
    • Then submit the reply.
     
  7. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/09/2007 at 11:58 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3266
    Trace Rules Database Version: 1277

    Scan type : Complete Scan
    Total Scan Time : 00:26:25

    Memory items scanned : 497
    Memory threats detected : 0
    Registry items scanned : 5099
    Registry threats detected : 0
    File items scanned : 66647
    File threats detected : 0
    :confused:














    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:08:05 PM, on 7/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\Symantec\Ghost\bin\rteng6.exe
    C:\WINDOWS\system32\locator.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\SpywareDetector\SDService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\EXPLORER.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.254.1
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
    O4 - HKLM\..\Run: [NGServer] "C:\Program Files\Symantec\Ghost\ngserver.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
    O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\eyokoxj.dll,TurnOn2
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 9036 bytes
     
  8. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    winpfind3u.txt
     

    Attached Files:

  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download the HostsXpert 4.0 - Hosts File Manager.
    • Unzip HostsXpert 4.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.0 - Hosts File Manager
    • Run HostsXpert 4.0 - Hosts File Manager from its new home
    • Click "Make Hosts Writable?"
    • Click Restore MS Hosts and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  10. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    O.K. This is getting a bit technical for me. I'm trying to follow.
    I don't know if I'm using a custom hosts file. Can you tell from the logs I send you/how do I find out?







    "DeMon" - 2007-07-10 13:32:26 - ComboFix 07-07-10.1 - Service Pack 2


    ((((((((((((((((((((((((( Files Created from 2007-06-10 to 2007-07-10 )))))))))))))))))))))))))))))))


    2007-07-09 09:34 51,200 --a--c--- C:\WINDOWS\nircmd.exe
    2007-07-08 17:29 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2007-07-08 16:55 1,152 --a--c--- C:\WINDOWS\SYSTEM32\windrv.sys
    2007-07-08 16:55 <DIR> d-------- C:\Program Files\SpyNoMore
    2007-07-08 16:43 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic Anti-Spyware
    2007-07-08 15:36 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-08 15:17 138,752 --a--c--- C:\WINDOWS\SYSTEM32\sndvol32.exe
    2007-07-08 10:36 63 --a--c--- C:\WINDOWS\SYSTEM\SysSD.dll
    2007-07-08 10:35 60,680 --a--c--- C:\WINDOWS\SYSTEM32\CloseAll.exe
    2007-07-08 10:35 270,336 --a--c--- C:\WINDOWS\SYSTEM32\CheckDll.dll
    2007-07-08 10:35 1,044,480 --a--c--- C:\WINDOWS\SYSTEM32\VchReg.dll
    2007-07-08 10:35 <DIR> d-------- C:\Program Files\SpywareDetector
    2007-07-07 14:53 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\AntiSpywareBot
    2007-07-07 12:28 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\GetRightToGo
    2007-07-07 10:56 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\SUPERAntiSpyware.com
    2007-07-07 10:56 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-07-07 10:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-07-06 18:43 53,248 --a--c--- C:\WINDOWS\SYSTEM32\eyokoxj.dll
    2007-07-03 09:53 <DIR> d-------- C:\Program Files\MySpace
    2007-07-02 21:39 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\WinRAR
    2007-07-02 18:13 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\GrabIt
    2007-07-01 21:19 <DIR> d-------- C:\Program Files\eSnips
    2007-06-28 12:48 <DIR> d-------- C:\Program Files\Pegasys Inc
    2007-06-27 18:32 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-06-25 10:37 <DIR> d----c--- C:\My programs
    2007-06-25 10:36 <DIR> d----c--- C:\My Vids
    2007-06-25 10:22 <DIR> d----c--- C:\TempDVD
    2007-06-25 10:17 <DIR> d-------- C:\Program Files\LimeWire4.12.14
    2007-06-25 10:08 <DIR> d-------- C:\Program Files\iMesh Applications
    2007-06-23 21:30 2,560 -----c--- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
    2007-06-23 21:30 2,432 -----c--- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
    2007-06-23 21:30 129,784 -----c--- C:\WINDOWS\SYSTEM32\pxafs.dll
    2007-06-23 21:30 <DIR> d-------- C:\Program Files\DivXinstal
    2007-06-23 21:12 <DIR> d----c--- C:\WINDOWS\LastGood(2)
    2007-06-23 21:11 <DIR> d-------- C:\Program Files\iTunes
    2007-06-23 21:08 <DIR> d-------- C:\Program Files\Your Company Name
    2007-06-23 20:47 <DIR> d----c--- C:\WINDOWS\pss
    2007-06-23 08:58 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Roxio
    2007-06-23 08:58 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Roxio
    2007-06-23 08:57 <DIR> d-------- C:\Program Files\InterActual
    2007-06-23 08:54 <DIR> d----c--- C:\WINDOWS\SYSTEM32\DLA
    2007-06-23 08:38 <DIR> d-------- C:\Program Files\SightSpeed
    2007-06-23 08:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Roxio
    2007-06-23 08:31 <DIR> d-------- C:\Program Files\Roxio
    2007-06-23 08:31 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
    2007-06-23 08:31 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
    2007-06-20 13:09 <DIR> d----c--- C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Nero
    2007-06-16 09:19 <DIR> d-------- C:\Program Files\iTunes(2)


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-09 18:09:15 -------- d-----w C:\Program Files\Common Files\Symantec Shared
    2007-07-09 15:25:52 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-07 16:04:37 2,112 -c--a-w C:\WINDOWS\system32\tmp.reg
    2007-07-06 22:04:44 -------- d-----w C:\Program Files\Windows Media Connect 2
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\QuickPar
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\Modem On Hold
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\Modem Helper
    2007-07-06 22:04:43 -------- d-----w C:\Program Files\Messenger
    2007-07-06 22:04:41 -------- d-----w C:\Program Files\LimeWire
    2007-07-06 22:04:41 -------- d-----w C:\Program Files\Bejeweled 2 Deluxe
    2007-07-06 21:46:57 -------- d-----w C:\Program Files\Windows NT
    2007-07-02 22:12:51 -------- d-----w C:\Program Files\GrabIt
    2007-07-02 21:58:13 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\LimeWire
    2007-06-27 22:33:42 -------- d-----w C:\Program Files\QuickTime
    2007-06-26 17:34:11 -------- d-----w C:\Program Files\MSN Games
    2007-06-25 18:21:19 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\dvdcss
    2007-06-24 01:12:35 -------- d-----w C:\Program Files\Apple Software Update(2)
    2007-06-24 01:12:05 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\acccore
    2007-06-24 01:11:04 -------- d-----w C:\Program Files\Common Files\Java(2)
    2007-06-24 01:11:00 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Move Networks
    2007-06-24 01:10:04 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Corel
    2007-06-24 01:09:56 -------- d-----w C:\Program Files\Common Files\Ahead
    2007-06-24 01:09:42 -------- d-----w C:\Program Files\MySpace(2)
    2007-06-24 01:09:13 -------- d-----w C:\Program Files\Pegasys Inc(2)
    2007-06-24 01:06:24 -------- d-----w C:\Program Files\Real
    2007-06-20 19:25:30 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Ahead
    2007-06-16 13:19:24 -------- d-----w C:\Program Files\iPod
    2007-05-31 06:45:07 524,288 -c--a-w C:\WINDOWS\system32\DivXsm.exe
    2007-05-31 06:44:55 823,296 -c--a-w C:\WINDOWS\system32\divx_xx07.dll
    2007-05-31 06:44:54 823,296 -c--a-w C:\WINDOWS\system32\divx_xx0c.dll
    2007-05-31 06:44:54 802,816 -c--a-w C:\WINDOWS\system32\divx_xx11.dll
    2007-05-31 06:44:54 740,442 -c--a-w C:\WINDOWS\system32\DivX.dll
    2007-05-27 16:25:45 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\LEAPS
    2007-05-17 01:59:33 32 -c--a-w C:\WINDOWS\popcinfot.dat
    2007-05-16 15:12:02 683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 02:01:47 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\Mind Control Software
    2007-05-13 03:41:52 -------- dc----w C:\DOCUME~1\DEMON~1.DD4\APPLIC~1\PlayFirst
    2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\schannel.dll
    2007-04-25 12:44:34 1,024,000 -c--a-w C:\WINDOWS\system32\ewmpegco.dll
    2007-04-23 00:15:29 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
    2007-04-23 00:15:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
    2007-04-23 00:15:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
    2007-04-23 00:02:34 73,728 -c--a-w C:\WINDOWS\system32\dpl100.dll
    2007-04-23 00:02:34 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
    2007-04-23 00:02:33 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
    2007-04-23 00:02:31 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
    2007-04-23 00:02:31 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
    2007-04-23 00:02:31 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
    2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
    2007-04-23 00:02:31 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
    2007-04-23 00:01:47 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    2007-04-23 00:01:46 124,472 -c--a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
    2007-04-21 13:13:36 131,584 -c--a-w C:\WINDOWS\system32\SpoonUninstall.exe
    2007-04-19 14:00:05 1 -c--a-w C:\WINDOWS\system32\au3305arc.dll
    2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 02:45:54 1,710,936 -c--a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 02:45:48 549,720 -c--a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 02:45:42 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 02:45:36 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 02:45:28 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 02:45:20 53,080 -c--a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9ECB9560-04F9-4bbc-943D-298DDF1699E1}]
    2003-11-21 18:04 126976 --a------ C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
    2003-12-04 19:22 103368 --a------ C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 17:42]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-09 12:47]
    "URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 20:35]
    "NGServer"="C:\Program Files\Symantec\Ghost\ngserver.exe" [2001-03-22 18:02]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2006-12-02 17:40]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "SystemTraySD"="C:\Program Files\SpywareDetector\SDSystemTray.exe" [2007-06-08 17:44]
    "SDAutoLiveupdate"="C:\Program Files\SpywareDetector\LiveUpdateSD.exe" [2007-06-11 16:29]
    "SNM"="C:\Program Files\SpyNoMore\SNM.exe" [2007-04-14 10:55]
    "SecurityUpdate"="C:\WINDOWS\system32\eyokoxj.dll" [2007-07-06 18:43]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
    "Sonic RecordNow! Deluxe"="" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
    C:\Program Files\SpywareDetector\SDNotify.dll 2007-06-06 15:04 172032 C:\Program Files\SpywareDetector\SDNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime


    Contents of the 'Scheduled Tasks' folder
    2007-07-03 12:55:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-10 17:10:04 C:\WINDOWS\tasks\MP Scheduled Scan.job
    2007-07-10 17:31:00 C:\WINDOWS\tasks\Symantec NetDetect.job
    2007-07-10 17:30:00 C:\WINDOWS\tasks\User_Feed_Synchronization-{A21BB427-2412-43F5-92F7-ACDD9A003054}.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-10 13:34:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-10 13:35:15
    C:\ComboFix-quarantined-files.txt ... 2007-07-10 13:35
    C:\ComboFix2.txt ... 2007-07-09 09:39

    --- E O F ---










    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:36:08 PM, on 7/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\Symantec\Ghost\bin\rteng6.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\SpywareDetector\SDService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.254.1
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
    O4 - HKLM\..\Run: [NGServer] "C:\Program Files\Symantec\Ghost\ngserver.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
    O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
    O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
    O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\eyokoxj.dll,TurnOn2
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8604 bytes


    ;) Thanx!
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    If you were using a custom hosts file you would know it. Your hosts file has been replaced with one providing you with popups. Please run HostsXpert per the instructions to replace your current hosts file with the standard file from Microsoft.


    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found:
      [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
    • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.
     
  12. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    eyokoxj.dll;c:\windows\system32;Trojan.BhoSpy;Will be cured after reboot.;



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:24:10 PM, on 7/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    C:\Program Files\Symantec\Ghost\ngserver.exe
    C:\Program Files\Symantec\Ghost\bin\rteng6.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\SpywareDetector\SDService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.254.1
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
    O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
    O4 - HKLM\..\Run: [NGServer] "C:\Program Files\Symantec\Ghost\ngserver.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SecurityUpdate] rundll32.exe C:\WINDOWS\system32\eyokoxj.dll,TurnOn2
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
    O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec New Zealand Limited - C:\Program Files\Symantec\Ghost\ngserver.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 8815 bytes
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please run a new WinPFind3 log for me.
     
  14. dceezy

    dceezy Thread Starter

    Joined:
    Jul 8, 2007
    Messages:
    34
    The popups are slowing down. Internet explorer isn't shutting down as much. I ran Superantispyware and it brought up a lot of stuff. Should I not worry about that right now?




    I had to take this stuff out of the the attachment because it was to big to send:




    WinPFind3 logfile created on: 7/11/2007 6:28:46 PM
    WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\DeMon.DD47N071\Desktop\WinPFind3u\
    Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
    Internet Explorer (Version = 7.0.5730.11)

    765.98 Mb Total Physical Memory | 521.80 Mb Available Physical Memory | 68.12% Memory free
    1.83 Gb Paging File | 1.52 Gb Available in Paging File | 83.12% Paging File free
    Paging file location(s): C:\pagefile.sys 0 0;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 34.30 Gb Total Space | 10.86 Gb Free Space | 31.67% Space Free
    Drive D: | 2.91 Gb Total Space | 0.54 Gb Free Space | 18.49% Space Free
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded

    Computer Name: DD47N071
    Current User Name: DeMon
    Logged in as Administrator.
    Current Boot Mode: Normal


    [Processes - All]
    smss.exe -> %System32%\SMSS.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50688 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    csrss.exe -> %System32%\CSRSS.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6144 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    winlogon.exe -> %System32%\WINLOGON.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 502272 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    services.exe -> %System32%\SERVICES.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 108032 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    lsass.exe -> %System32%\LSASS.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13312 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\rpcss.dll [DcomLaunch] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
    -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\termsrv.dll [TermService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 295424 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\rpcss.dll [RpcSs] -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:50 AM | Attr = ]
    msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> Microsoft Corporation [Ver = 1.1.1593.0 | Size = 13592 bytes | Modified Date = 11/3/2006 7:19:58 PM | Attr = ]
    svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\appmgmts.dll [AppMgmt] -> File not found
    -> %System32%\audiosrv.dll [AudioSrv] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\qmgr.dll [BITS] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\browser.dll [Browser] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\cryptsvc.dll [CryptSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60416 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\dhcpcsvc.dll [Dhcp] -> Microsoft Corporation [Ver = 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003) | Size = 111616 bytes | Modified Date = 5/19/2006 8:59:42 AM | Attr = ]
    -> %System32%\dmserver.dll [dmserver] -> Microsoft Corp. [Ver = 2600.2180.503.0 | Size = 23552 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\ersvc.dll [ERSvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\es.dll [EventSystem] -> Microsoft Corporation [Ver = 2001.12.4414.308 | Size = 243200 bytes | Modified Date = 7/26/2005 12:39:46 AM | Attr = ]
    -> %System32%\shsvcs.dll [FastUserSwitchingCompatibility] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
    -> %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll [helpsvc] -> File not found
    -> %System32%\hidserv.dll [HidServ] -> File not found
    -> %System32%\srvsvc.dll [lanmanserver] -> Microsoft Corporation [Ver = 5.1.2600.2577 (xpsp_sp2_gdr.041130-1729) | Size = 96768 bytes | Modified Date = 12/7/2004 3:32:34 PM | Attr = ]
    -> %System32%\wkssvc.dll [lanmanworkstation] -> Microsoft Corporation [Ver = 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106) | Size = 132096 bytes | Modified Date = 8/17/2006 8:28:28 AM | Attr = ]
    -> %System32%\msgsvc.dll [Messenger] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\netman.dll [Netman] -> Microsoft Corporation [Ver = 5.1.2600.2743 (xpsp_sp2_gdr.050819-1525) | Size = 197632 bytes | Modified Date = 8/22/2005 2:29:46 PM | Attr = ]
    -> %System32%\mswsock.dll [Nla] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\ntmssvc.dll [NtmsSvc] -> Microsoft Corporation [Ver = 5.1.2400.2180 | Size = 435200 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\rasauto.dll [RasAuto] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 89088 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\rasmans.dll [RasMan] -> Microsoft Corporation [Ver = 5.1.2600.2936 (xpsp_sp2_gdr.060621-2347) | Size = 181248 bytes | Modified Date = 6/22/2006 6:47:18 AM | Attr = ]
    -> %System32%\mprdim.dll [RemoteAccess] -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 49152 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\schedsvc.dll [Schedule] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 190976 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\seclogon.dll [seclogon] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\sens.dll [SENS] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 38912 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\ipnathlp.dll [SharedAccess] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\shsvcs.dll [ShellHWDetection] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
    -> %System32%\srsvc.dll [srservice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 170496 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\tapisrv.dll [TapiSrv] -> Microsoft Corporation [Ver = 5.1.2600.2716 (xpsp_sp2_gdr.050707-1657) | Size = 249344 bytes | Modified Date = 7/8/2005 12:27:56 PM | Attr = ]
    -> %System32%\shsvcs.dll [Themes] -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 134656 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr = ]
    -> %System32%\trkwks.dll [TrkWks] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 90624 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\w32time.dll [w32time] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 174592 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\wbem\WMIsvc.dll [winmgmt] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\MsPMSNSv.dll [WmdmPmSN] -> Microsoft Corporation [Ver = 11.0.5721.5145 | Size = 27136 bytes | Modified Date = 10/18/2006 10:47:16 PM | Attr = ]
    -> %System32%\wscsvc.dll [wscsvc] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 81408 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\wuauserv.dll [wuauserv] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\wzcsvc.dll [WZCSVC] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 359936 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\xmlprov.dll [xmlprov] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\dnsrslvr.dll [Dnscache] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 45568 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\alrsvc.dll [Alerter] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17408 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\lmhsvc.dll [LmHosts] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 13824 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\ssdpsrv.dll [SSDPSRV] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 71680 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\upnphost.dll [upnphost] -> Microsoft Corporation [Ver = 5.1.2600.3077 (xpsp_sp2_gdr.070204-2255) | Size = 185344 bytes | Modified Date = 2/5/2007 4:17:02 PM | Attr = ]
    -> %System32%\webclnt.dll [WebClient] -> Microsoft Corporation [Ver = 5.1.2600.2821 (xpsp_sp2_gdr.060103-1536) | Size = 68096 bytes | Modified Date = 1/3/2006 11:35:06 PM | Attr = ]
    ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCSETMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 235168 bytes | Modified Date = 3/9/2006 12:48:22 PM | Attr = ]
    sndsrvc.exe -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.5.1.6 | Size = 206552 bytes | Modified Date = 4/5/2005 12:17:22 PM | Attr = ]
    ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\CCEVTMGR.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 255648 bytes | Modified Date = 3/9/2006 12:47:58 PM | Attr = ]
    explorer.exe -> %SystemRoot%\EXPLORER.EXE -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 5 | Size = 1404928 bytes | Modified Date = 10/14/2004 5:42:54 PM | Attr = ]
    intelmem.exe -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 9/3/2003 10:12:44 PM | Attr = ]
    ccapp.exe -> %CommonProgramFiles%\Symantec Shared\CCAPP.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 71328 bytes | Modified Date = 3/9/2006 12:47:52 PM | Attr = ]
    msascui.exe -> %ProgramFiles%\Windows Defender\MSASCui.exe -> Microsoft Corporation [Ver = 1.1.1593.0 | Size = 866584 bytes | Modified Date = 11/3/2006 7:20:12 PM | Attr = ]
    jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ]
    ctfmon.exe -> %System32%\CTFMON.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    netdde.exe -> %System32%\NETDDE.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 111104 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    msdtc.exe -> %System32%\MSDTC.EXE -> Microsoft Corporation [Ver = 2001.12.4414.258 | Size = 6144 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    alg.exe -> %System32%\ALG.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 44544 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    aspnet_state.exe -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 33632 bytes | Modified Date = 4/13/2007 3:20:52 AM | Attr = ]
    ccproxy.exe -> %CommonProgramFiles%\Symantec Shared\CCPROXY.EXE -> Symantec Corporation [Ver = 2.1.6.3 | Size = 218736 bytes | Modified Date = 2/28/2005 5:56:32 PM | Attr = ]
    ccpwdsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPWDSVC.EXE -> Symantec Corporation [Ver = 2.1.10.2 | Size = 87712 bytes | Modified Date = 3/9/2006 12:48:08 PM | Attr = ]
    dllhost.exe -> %System32%\DLLHOST.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    svchost.exe -> %System32%\SVCHOST.EXE [C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    -> %System32%\w3ssl.dll [HTTPFilter] -> Microsoft Corporation [Ver = 6.0.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15872 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    navapsvc.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 10.00.2 | Size = 158848 bytes | Modified Date = 4/23/2004 12:04:16 PM | Attr = ]
    netsvc.exe -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 3:59:48 PM | Attr = ]
    dbserv.exe -> %ProgramFiles%\Symantec\Ghost\bin\dbserv.exe -> Symantec New Zealand Limited [Ver = 7.0.0.245 | Size = 45056 bytes | Modified Date = 3/22/2001 6:01:34 PM | Attr = ]
    ngserver.exe -> %ProgramFiles%\Symantec\Ghost\ngserver.exe -> Symantec New Zealand Limited [Ver = 7.0.0.245 | Size = 1040650 bytes | Modified Date = 3/22/2001 6:02:16 PM | Attr = ]
    rteng6.exe -> %ProgramFiles%\Symantec\Ghost\bin\rteng6.exe -> [Ver = | Size = 39936 bytes | Modified Date = 8/6/1999 3:16:02 PM | Attr = ]
    locator.exe -> %System32%\LOCATOR.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    savscan.exe -> %ProgramFiles%\Norton Internet Security\Norton AntiVirus\SAVSCAN.EXE -> Symantec Corporation [Ver = | Size = 194272 bytes | Modified Date = 1/25/2005 10:48:50 PM | Attr = ]
    sdservice.exe -> %ProgramFiles%\SpywareDetector\SDService.exe -> Max Secure Software [Ver = 6, 0, 3, 9 | Size = 247512 bytes | Modified Date = 6/8/2007 10:23:04 AM | Attr = ]
    dllhost.exe -> %System32%\DLLHOST.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5120 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    vssvc.exe -> %System32%\VSSVC.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 289792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    wmiapsrv.exe -> %System32%\WBEM\WMIAPSRV.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 126464 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    dmadmin.exe -> %System32%\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    symwsc.exe -> %CommonProgramFiles%\Symantec Shared\Security Center\symwsc.exe -> Symantec Corporation [Ver = 2005.1.2.20 | Size = 316544 bytes | Modified Date = 11/2/2004 5:59:50 PM | Attr = ]
    iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> Microsoft Corporation [Ver = 7.00.6000.16473 (vista_gdr.070420-1500) | Size = 625152 bytes | Modified Date = 4/24/2007 10:26:26 AM | Attr = HS]
    msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:38 PM | Attr = HS]
    taskmgr.exe -> %System32%\TASKMGR.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135680 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
    winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
     

    Attached Files:

  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    If you still have popups please run a new WinPFind3 log for me.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593216

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice