Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Has Been Hijacked By Pop Upos


  • Please log in to reply
1 reply to this topic

#1 tatoylurdez

tatoylurdez

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 27 December 2007 - 10:20 AM

Please help, i ran combofix and this is the log, please advise

ComboFix 07-12-21.4 - Tatito 2007-12-26 21:44:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.452 [GMT -5:00]
Running from: C:\Documents and Settings\Tatito\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-27 to 2007-12-27 )))))))))))))))))))))))))))))))
.

2007-12-25 17:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-25 17:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-25 12:33 . 2007-11-23 07:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2007-12-25 12:33 . 2007-11-23 07:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-12-25 12:33 . 2007-11-23 07:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GTek
2007-12-25 12:33 . 2007-11-23 07:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2007-12-25 12:08 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll.wusetup.10643703.new
2007-12-25 11:53 . 2007-12-25 11:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-25 11:53 . 2007-12-25 11:53 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\SUPERAntiSpyware.com
2007-12-25 11:53 . 2007-12-25 11:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-25 11:52 . 2007-12-25 11:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 11:40 . 2007-12-25 11:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-25 11:40 . 2007-12-25 11:40 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-25 11:40 . 2007-12-25 11:40 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-25 11:40 . 2007-12-25 11:40 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-25 11:33 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-25 11:20 . 2007-12-25 11:20 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-24 17:19 . 2007-12-26 21:42 <DIR> d-------- C:\Program Files\IntelligentAdvisor
2007-12-23 17:36 . 2007-12-26 21:32 7,534 --a------ C:\WINDOWS\system32\Config.MPF
2007-12-23 17:03 . 2007-12-24 19:31 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-23 17:03 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\SiteAdvisor
2007-12-23 17:03 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-23 17:03 . 2007-12-23 17:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-23 17:01 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-23 17:00 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-12-23 17:00 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-12-23 17:00 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-12-23 17:00 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-12-23 17:00 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-12-23 17:00 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-12-23 16:59 . 2007-12-23 16:59 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-23 16:59 . 2007-12-26 10:19 <DIR> d-------- C:\Program Files\McAfee
2007-12-23 16:59 . 2007-12-24 01:31 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-23 16:57 . 2007-12-23 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-23 16:40 . 2007-12-23 16:40 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-12-23 16:40 . 2003-06-18 17:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-12-23 16:40 . 2007-12-23 16:40 376 --a------ C:\WINDOWS\ODBC.INI
2007-12-23 16:39 . 2007-12-23 16:40 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-23 16:38 . 2007-12-23 16:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-23 16:36 . 2007-12-23 16:36 <DIR> dr-h----- C:\MSOCache
2007-12-22 22:46 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-22 22:46 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-22 22:45 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-22 22:45 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-22 22:45 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-22 22:45 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-22 22:45 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-22 22:45 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-22 22:45 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Program Files\WSfonts
2007-12-22 22:22 . 2007-12-22 22:23 <DIR> d-------- C:\Program Files\Common Files\WORDsearch
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Program Files\Bible Explorer 4
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wsc
2007-12-22 22:22 . 2007-12-22 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WORDsearch
2007-12-22 22:22 . 2007-12-22 22:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{10659AF2-4F35-499C-A058-D29D27AEE138}
2007-12-22 22:22 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-12-10 11:13 . 2007-12-10 11:13 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\Viewpoint
2007-12-06 22:59 . 2007-12-06 22:59 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\CyberLink
2007-12-05 01:24 . 2007-12-05 01:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-04 10:27 . 2007-12-26 21:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-04 10:27 . 2007-12-04 10:27 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-04 10:26 . 2007-12-04 10:26 <DIR> d-------- C:\Program Files\iTunes
2007-12-04 10:26 . 2007-12-04 10:26 <DIR> d-------- C:\Program Files\iPod
2007-12-04 10:26 . 2007-12-09 08:58 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\Apple Computer
2007-12-04 10:25 . 2007-12-04 10:25 <DIR> d-------- C:\Program Files\QuickTime
2007-12-04 10:25 . 2007-12-04 10:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-04 10:24 . 2007-12-04 10:24 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-12-04 10:24 . 2007-12-04 10:24 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-04 10:24 . 2007-12-04 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-04 10:15 . 2007-12-04 10:15 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\MSNInstaller
2007-12-04 08:20 . 2007-12-24 23:21 <DIR> d-------- C:\Documents and Settings\Tatito\Shared
2007-12-04 08:20 . 2007-12-25 02:24 <DIR> d-------- C:\Documents and Settings\Tatito\Incomplete
2007-12-04 08:20 . 2007-12-25 02:03 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\LimeWire
2007-12-04 08:19 . 2007-12-04 23:35 <DIR> d-------- C:\Program Files\LimeWire
2007-12-04 08:16 . 2007-07-09 08:09 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-03 10:45 . 2007-12-03 10:45 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\acccore
2007-12-03 10:44 . 2007-12-24 10:33 <DIR> d-------- C:\Program Files\AIMTunes
2007-12-03 10:44 . 2007-12-03 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-12-03 10:44 . 2007-12-03 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-12-03 10:44 . 2007-12-03 10:44 21 --a------ C:\WINDOWS\atid.ini
2007-12-03 10:43 . 2007-12-03 10:45 <DIR> d-------- C:\Program Files\AIM6
2007-12-03 10:39 . 2007-12-03 10:39 2 --a------ C:\WINDOWS\msoffice.ini
2007-12-03 10:18 . 2007-12-03 10:18 <DIR> d--hs---- C:\Documents and Settings\Tatito\UserData
2007-12-03 10:11 . 2007-12-03 10:11 <DIR> d-------- C:\Program Files\Comcast
2007-12-02 02:07 . 2007-12-02 20:52 <DIR> d-------- C:\Program Files\iLuminaPT
2007-12-02 01:13 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-02 01:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-12-02 01:13 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-12-02 01:13 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-12-02 01:13 . 2007-12-02 01:13 4,128 --a------ C:\INFCACHE.1
2007-12-01 10:29 . 2007-11-23 07:27 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\Roxio
2007-12-01 10:29 . 2007-11-23 07:03 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\InstallShield
2007-12-01 10:29 . 2007-11-23 07:17 <DIR> d--h----- C:\Documents and Settings\Tatito\Application Data\GTek
2007-12-01 10:29 . 2007-11-23 07:08 <DIR> d-------- C:\Documents and Settings\Tatito\Application Data\ATI
2007-12-01 10:28 . 2007-11-23 07:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Roxio
2007-12-01 10:28 . 2007-11-23 07:03 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield
2007-12-01 10:28 . 2007-11-23 07:17 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\GTek
2007-12-01 10:28 . 2007-11-23 07:08 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2007-12-01 10:21 . 2007-12-01 10:21 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-10 06:27 --------- d-----w C:\Program Files\Google
2007-12-03 15:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-03 15:44 --------- d-----w C:\Program Files\Viewpoint
2007-12-03 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-03 15:43 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-03 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\silsipa_.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\silmipa_.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sildipa_.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sedi.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sedbi.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sedb.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\sed.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys4.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys3.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys2.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\lrssys1.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\hebii.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\griii.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\griibi.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\griib.fot
2007-12-02 06:56 1,409 ----a-w C:\WINDOWS\Fonts\grii.fot
2007-11-23 12:27 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2007-11-23 12:24 --------- d-----w C:\Program Files\Microsoft Works
2007-11-23 12:24 --------- d-----w C:\Program Files\EarthLink Setup
2007-11-23 12:24 --------- d-----w C:\Program Files\Dell
2007-11-23 12:23 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2007-11-23 12:23 --------- d-----w C:\Program Files\Real
2007-11-23 12:23 --------- d-----w C:\Program Files\Learn2.com
2007-11-23 12:23 --------- d-----w C:\Program Files\Common Files\Real
2007-11-23 12:23 --------- d-----w C:\Program Files\Common Files\Nullsoft
2007-11-23 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-23 12:22 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2007-11-23 12:22 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-11-23 12:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-23 12:21 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-23 12:20 --------- d-----w C:\Program Files\Dell DataSafe Online
2007-11-23 12:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-23 12:18 --------- d-----w C:\Program Files\Yahoo!
2007-11-23 12:18 --------- d-----w C:\Program Files\Dell Support Center
2007-11-23 12:18 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-11-23 12:18 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-11-23 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2007-11-23 12:17 --------- d-----w C:\Program Files\DellSupport
2007-11-23 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Gtek
2007-11-23 12:13 --------- d-----w C:\Program Files\Roxio
2007-11-23 12:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2007-11-23 12:12 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-11-23 12:10 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-23 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-11-23 12:09 --------- d-----w C:\Program Files\NetZeroInstallers
2007-11-23 12:09 --------- d-----w C:\Program Files\Digital Line Detect
2007-11-23 12:09 --------- d-----w C:\Program Files\CyberLink
2007-11-23 12:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-11-23 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-11-23 12:08 --------- d-----w C:\Program Files\NetWaiting
2007-11-23 12:08 --------- d-----w C:\Program Files\Modem Helper
2007-11-23 12:07 --------- d-----w C:\Program Files\Sigmatel
2007-11-23 12:06 --------- d-----w C:\Program Files\CONEXANT
2007-11-23 12:04 --------- d-----w C:\Program Files\AMD
2007-11-23 12:03 --------- d-----w C:\Program Files\Synaptics
2007-11-23 12:03 --------- d-----w C:\Program Files\Broadcom
2007-11-23 12:03 --------- d-----w C:\Program Files\ATI Technologies
2007-11-23 12:00 --------- d-----w C:\Program Files\Java
2007-11-23 12:00 --------- d-----w C:\Program Files\Common Files\Java
2007-11-23 11:59 --------- d-----w C:\Program Files\MSXML 6.0
2007-11-23 11:40 49,152 ----a-w C:\WINDOWS\setpwrcg.exe
2007-11-23 11:39 6,988 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_1501.mrk
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-31 10:12 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-17 03:16 90,112 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-10-17 03:16 6,684,672 ----a-w C:\WINDOWS\system32\atioglx1.dll
2007-10-17 03:16 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-10-17 03:16 5,148,672 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-10-17 03:16 430,080 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-10-17 03:16 41,984 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-10-17 03:16 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-10-17 03:16 303,104 ----a-w C:\WINDOWS\system32\ATIDEMGR.dll
2007-10-17 03:16 294,912 ----a-w C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-10-17 03:16 294,912 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-10-17 03:16 260,608 ----a-w C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-10-17 03:16 260,608 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-10-17 03:16 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-10-17 03:16 24,064 ----a-w C:\WINDOWS\system32\ativcoxx.dll
2007-10-17 03:16 221,184 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-10-17 03:16 2,518,336 ----a-w C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-10-17 03:16 2,518,336 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-10-17 03:16 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-10-17 03:16 118,784 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-10-17 03:16 106,496 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-10-17 03:16 1,777,152 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-10-17 03:16 1,092,960 ----a-w C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-10-17 03:16 1,092,960 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6548BF73-58FF-71D5-F97D-17C71E323709}]
2007-12-11 16:27 1019904 --a------ C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 12:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 12:47]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 13:29]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 16:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 12:06 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 12:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-23 07:20]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-21 15:06]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-07-22 20:29]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-23 07:09:06]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-04 15:24:43 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-23 21:59:49 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-23 21:59:47 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 21:46:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 21:46:44
.
2007-12-26 02:11:05 --- E O F ---

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 27 December 2007 - 03:09 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tatoylurdez
My name is Richie and i'll be helping you to fix your problems.

Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,not for private use.
Using this tool incorrectly could render your system/pc inoperable.

Please read and follow the imformation in the link below.
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Once you've completed all the steps in the above link,post a Hijackthis log into this topic if you still require help.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users