Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware On My Pc


  • This topic is locked This topic is locked
18 replies to this topic

#1 nyi

nyi

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 03:39 PM

Hello,
I have spyware on my pc that blocked "All Programs" and other stuff such as "My Computer" and "My Documents". I've cleaned up all the viruses and finally got McAfee Anti-Virus software, spyware doctor and stopzilla. I think I am safe but I don't know how to clean up my PC. Please help. I've already scan my PC with Hijack This. Please see below. THe first one is main and the second is extra. I really appreciate your help.

Nyi.

Deckard's System Scanner v20071014.68
Run by Nyi Nyi on 2008-06-01 12:32:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
9: 2008-05-29 03:08:28 UTC - RP806 - System Checkpoint
8: 2008-05-27 23:03:41 UTC - RP805 - System Checkpoint
7: 2008-05-26 15:08:50 UTC - RP804 - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
6: 2008-05-26 14:18:50 UTC - RP803 - Removed RegClean
5: 2008-05-26 14:17:49 UTC - RP802 - Removed Google Toolbar for Internet Explorer


-- First Restore Point --
1: 2008-05-26 12:43:37 UTC - RP798 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-01 12:35:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CtHelper.exe
C:\WINDOWS\system32\dla\DLACTRLW.EXE
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Documents and Settings\Nyi Nyi\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: QXK Olive - {4EE62603-9BB7-462B-8A8D-E9F4BF11BE49} - C:\WINDOWS\boqnrwdmvdr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {D32B6535-F5F4-418C-B154-81822DFB5974} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: atfxqogp - {AC9264CC-124E-43B6-9144-8664D704A0BC} - C:\WINDOWS\atfxqogp.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - SITEguard - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} () - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} () - http://ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} () - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: vltdfabw - {7CCDB9A0-2165-443E-8C2D-7A338DAE111E} - C:\WINDOWS\vltdfabw.dll
O21 - SSODL: vregfwlx - {65B74F2E-776B-467B-BC17-6FB1D84E5152} - C:\WINDOWS\vregfwlx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: dlcq_device - Unknown owner - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe


--
End of file - 13103 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 szkg5 (szkg) - c:\windows\system32\drivers\szkg.sys <Not Verified; iS3 Inc.; Stopzilla>
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S0 PxHelp20 - c:\windows\system32\drivers\pxhelp20.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 Apache2.2 - "c:\program files\apache software foundation\apache2.2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
S2 szserver (STOPzilla Service) - "c:\program files\common files\is3\anti-spyware\szserver.exe" <Not Verified; iS3, Inc.; STOPzilla>
S2 WUSB300NSvc - "c:\program files\linksys\wusb300n\wlservice.exe" "wusb300n.exe" <Not Verified; ; WLService>
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) -


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/1000 MT Network Connection
Device ID: PCI\VEN_8086&DEV_100E&SUBSYS_01721028&REV_02\4&1C660DD6&0&60F0
Manufacturer: Intel
Name: Intel® PRO/1000 MT Network Connection
PNP Device ID: PCI\VEN_8086&DEV_100E&SUBSYS_01721028&REV_02\4&1C660DD6&0&60F0
Service: E1000

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSAMSUNG_DVD-ROM_SD-616E_________________F501____\5&111C7D47&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: SAMSUNG DVD-ROM SD-616E
PNP Device ID: IDE\CDROMSAMSUNG_DVD-ROM_SD-616E_________________F501____\5&111C7D47&0&0.0.0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMSONY_CD-RW__CRX216E_____________________PD01____\5&111C7D47&0&0.1.0
Manufacturer: (Standard CD-ROM drives)
Name: SONY CD-RW CRX216E
PNP Device ID: IDE\CDROMSONY_CD-RW__CRX216E_____________________PD01____\5&111C7D47&0&0.1.0
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-05-29 03:30:12 390 --a------ C:\WINDOWS\Tasks\RegClean Scheduled Scan.job
2008-05-26 11:58:52 344 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2008-05-26 11:58:49 336 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-05-24 16:54:00 274 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-09-17 16:54:15 396 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2008-05-01 and 2008-06-01 -----------------------------

2008-06-01 11:36:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-01 11:36:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-01 11:36:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-01 11:34:55 0 d-------- C:\WINDOWS\CSC
2008-05-26 20:17:18 0 dr-h----- C:\Documents and Settings\Thae Gyi\SendTo
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\Recent
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\PrintHood
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\NetHood
2008-05-26 20:17:18 0 dr------- C:\Documents and Settings\Thae Gyi\My Documents
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\Local Settings
2008-05-26 20:17:18 0 d-------- C:\Documents and Settings\Thae Gyi\Favorites
2008-05-26 20:17:18 0 d-------- C:\Documents and Settings\Thae Gyi\Desktop
2008-05-26 20:17:18 0 d--hs---- C:\Documents and Settings\Thae Gyi\Cookies
2008-05-26 20:17:18 0 dr-h----- C:\Documents and Settings\Thae Gyi\Application Data
2008-05-26 20:17:18 0 d---s---- C:\Documents and Settings\Thae Gyi\Application Data\Microsoft
2008-05-26 20:17:17 0 d--h----- C:\Documents and Settings\Thae Gyi\Templates
2008-05-26 20:17:17 0 dr------- C:\Documents and Settings\Thae Gyi\Start Menu
2008-05-26 20:17:16 524288 --ah----- C:\Documents and Settings\Thae Gyi\NTUSER.DAT
2008-05-26 16:17:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-26 15:01:34 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-26 15:01:34 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-26 15:01:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-26 15:01:34 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-26 15:01:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-26 15:01:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-26 15:01:33 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-26 15:01:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-26 15:01:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-26 14:06:04 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\Talkback
2008-05-26 13:54:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-26 13:52:58 0 d-------- C:\Program Files\SiteAdvisor
2008-05-26 13:52:56 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\SiteAdvisor
2008-05-26 13:52:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-26 12:16:34 90112 --a------ C:\WINDOWS\system32\qabkcqiu.dll
2008-05-26 12:15:49 633326 --ahs---- C:\WINDOWS\system32\jTvDdMoq.ini2
2008-05-26 11:52:48 0 d-------- C:\Program Files\McAfee.com
2008-05-26 11:49:09 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-26 11:48:26 0 d-------- C:\Program Files\McAfee
2008-05-26 11:38:19 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-26 11:13:02 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\TmpRecentIcons
2008-05-26 11:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-26 11:09:29 0 d-------- C:\Program Files\STOPzilla!
2008-05-26 11:09:28 0 d-------- C:\Program Files\Common Files\iS3
2008-05-26 11:09:27 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-26 10:13:58 0 dr-h----- C:\Documents and Settings\Nyi Nyi\Recent
2008-05-26 10:11:43 0 --a------ C:\winxplogon.sys
2008-05-26 08:53:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 08:52:31 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 08:52:21 0 d-------- C:\Program Files\Spyware Doctor
2008-05-26 08:52:21 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-26 08:50:42 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\RegClean
2008-05-26 08:43:27 1607 --ahs---- C:\WINDOWS\system32\qrssCJjl.ini2
2008-05-26 08:37:51 163840 --a------ C:\WINDOWS\xmpstean.exe
2008-05-26 08:37:51 327680 --a------ C:\WINDOWS\vregfwlx.dll
2008-05-26 08:37:51 159744 --a------ C:\WINDOWS\etkq.exe
2008-05-26 08:37:51 200704 --a------ C:\WINDOWS\atfxqogp.dll
2008-05-26 08:37:50 368640 --a------ C:\WINDOWS\vltdfabw.dll
2008-05-26 08:37:50 274432 --a------ C:\WINDOWS\boqnrwdmvdr.dll
2008-05-21 14:49:36 258048 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-05-21 14:49:12 397312 -ra------ C:\WINDOWS\system32\SZComp5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-05-13 10:03:58 34432 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys <Not Verified; iS3 Inc.; Stopzilla>
2008-05-06 14:53:40 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:53:32 364544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:52:46 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:52:30 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:52:06 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:51:44 196608 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:50:48 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:50:32 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:47:00 708608 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Find3M Report ---------------------------------------------------------------

2008-05-26 11:49:09 0 d-------- C:\Program Files\Common Files
2008-05-25 10:54:02 154 --a------ C:\dlcq
2008-05-14 05:32:55 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\CoreFTP
2008-04-11 19:12:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-09 18:03:16 0 d-------- C:\Program Files\DNA
2008-04-07 16:43:18 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\Adobe
2008-04-06 08:35:31 0 d-------- C:\Program Files\Java
2008-04-03 17:47:13 0 d-------- C:\Program Files\Apache Software Foundation


-- Registry Dump ---------------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- End of Deckard's System Scanner: finished at 2008-06-01 12:36:25 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 33%
Physical Memory (total/avail): 1023 MiB / 682.07 MiB
Pagefile Memory (total/avail): 2464.18 MiB / 2181.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.18 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.78 GiB total, 212.83 GiB free.
D: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500JD-75HBB0 - 232.83 GiB - 2 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 232.78 GiB - C:

\\.\PHYSICALDRIVE1 - Dell USB Mass Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: Spyware Doctor with AntiVirus v5.5.1.2 (PC Tools)
AV: McAfee VirusScan v (McAfee) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dlcqcoms.exe"="C:\\WINDOWS\\system32\\dlcqcoms.exe:*:Enabled:Lexmark Communications System"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"="C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- User Profiles ---------------------------------------------------------------

Nyi Nyi (admin)
Thae Gyi (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- Application Event Log -------------------------------------------------------

Event Record #/Type636 / Error
Event Submitted/Written: 06/01/2008 00:11:59 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type631 / Error
Event Submitted/Written: 05/29/2008 08:16:27 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 14312 (0x37e8)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume2\WINDOWS\TEMP\VER2D.TMP
by C:\Program Files\Spyware Doctor\pctsSvc.exe
22304(20000)(0)
22302(20000)(0)
22301(20000)(0)
226(20000)(0)
223(20000)(0)
220(20000)(0)
4(0)(0)
4(0)(0)

Event Record #/Type629 / Error
Event Submitted/Written: 05/29/2008 08:03:41 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\McAfee\VirusScan\McShield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 848 (0x350)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.14.0.0.349 / 5200.2160
Object being scanned = \Device\HarddiskVolume2\Documents and Settings\Nyi Nyi\Application Data\Macromedia\Dreamweaver 8\Configuration\Menus\Cache\Menus\DWAnchorContext.xml
by C:\Program Files\Spyware Doctor\pctsSvc.exe
22304(20000)(0)
22302(20000)(0)
22301(20000)(0)
226(20000)(0)
223(20000)(0)
220(20000)(0)
4(0)(0)
4(0)(0)

Event Record #/Type623 / Error
Event Submitted/Written: 05/29/2008 05:53:20 AM
Event ID/Source: 3299 / Apache Service
Event Description:
The Apache service named reported the following error:
>>> httpd.exe: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName .

Event Record #/Type621 / Error
Event Submitted/Written: 05/28/2008 05:36:47 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16640, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type17929 / Error
Event Submitted/Written: 06/01/2008 00:31:16 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type17928 / Warning
Event Submitted/Written: 06/01/2008 00:31:16 PM
Event ID/Source: 54 / pctfw2
Event Description:
\Device\PCTFWPL

Event Record #/Type17927 / Warning
Event Submitted/Written: 06/01/2008 00:31:16 PM
Event ID/Source: 54 / pctfw2
Event Description:
\Device\PCTFWPL

Event Record #/Type17925 / Error
Event Submitted/Written: 06/01/2008 00:29:20 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The McAfee Real-time Scanner service failed to start due to the following error:
%%1053

Event Record #/Type17924 / Error
Event Submitted/Written: 06/01/2008 00:29:05 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the McAfee Real-time Scanner service to connect.



-- End of Deckard's System Scanner: finished at 2008-06-01 12:36:25 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 PM

Posted 12 June 2008 - 03:41 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 03:46 PM

Hi Sam,
I am so happy to see a reply from someone willing to help me. Thank you so much. I am currently in Safe Mode. Can I do the Combofix in safe mode?

#4 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 04:13 PM

Hi Sam,
I run the ComboFix in safe mode and it rebooted but I forgot to press F8 and I was logged in to regular mode. It did not provide a log for me. I think it was trying to do something in command prompt but the message "command prompt is disabled by your system administrator" came up with "press any key to continue..."

I am in the safe mode again and I will run the ComboFix again. I'll let you know what I come up with.

Thanks.

Nyi.

#5 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 04:25 PM

Hi Sam,
I run the ComboFix. Please see the log below. I appreciate your help.
Thanks

Nyi.

ComboFix 08-06-11.1 - Administrator 2008-06-12 17:14:24.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.815 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Nyi Nyi\Desktop\Error Cleaner.url
C:\Documents and Settings\Nyi Nyi\Desktop\Privacy Protector.url
C:\Documents and Settings\Nyi Nyi\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Nyi Nyi\Favorites\Error Cleaner.url
C:\Documents and Settings\Nyi Nyi\Favorites\Privacy Protector.url
C:\Documents and Settings\Nyi Nyi\Favorites\Spyware&Malware Protection.url
.
---- Previous Run -------
.
C:\autorun.inf
C:\Documents and Settings\Thae Gyi\Desktop\Error Cleaner.url
C:\Documents and Settings\Thae Gyi\Desktop\Privacy Protector.url
C:\Documents and Settings\Thae Gyi\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Thae Gyi\Favorites\Error Cleaner.url
C:\Documents and Settings\Thae Gyi\Favorites\Privacy Protector.url
C:\Documents and Settings\Thae Gyi\Favorites\Spyware&Malware Protection.url
C:\WINDOWS\atfxqogp.dll
C:\WINDOWS\boqnrwdmvdr.dll
C:\WINDOWS\etkq.exe
C:\WINDOWS\system32\jpvsvaup.ini
C:\WINDOWS\system32\jTvDdMoq.ini
C:\WINDOWS\system32\jTvDdMoq.ini2
C:\WINDOWS\system32\nsskdkuf.ini
C:\WINDOWS\system32\qabkcqiu.dll
C:\WINDOWS\system32\qrssCJjl.ini
C:\WINDOWS\system32\qrssCJjl.ini2
C:\WINDOWS\system32\uiqckbaq.ini
C:\WINDOWS\system32\ypjrroaw.ini
C:\WINDOWS\vltdfabw.dll
C:\WINDOWS\vregfwlx.dll
C:\WINDOWS\xmpstean.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-12 16:25 . 2008-06-12 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-06-01 15:17 . 2008-06-01 15:17 <DIR> d-------- C:\Documents and Settings\Thae Gyi\Application Data\TmpRecentIcons
2008-06-01 15:14 . 2008-06-01 15:14 <DIR> d-------- C:\Documents and Settings\Thae Gyi\Application Data\Creative
2008-06-01 11:41 . 2008-06-01 11:41 <DIR> d-------- C:\Deckard
2008-06-01 11:36 . 2008-06-01 11:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-26 20:17 . 2008-06-01 14:51 <DIR> d-------- C:\Documents and Settings\Thae Gyi
2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-26 14:06 . 2008-05-26 14:06 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\Talkback
2008-05-26 13:55 . 2008-06-01 14:40 9,037 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-26 13:54 . 2008-05-26 13:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-26 13:52 . 2008-06-01 14:32 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-05-26 13:52 . 2008-05-26 14:11 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\SiteAdvisor
2008-05-26 13:52 . 2008-06-01 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-26 13:38 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-26 13:37 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-26 13:37 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-26 13:37 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-26 13:37 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-26 13:35 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-26 11:52 . 2008-05-26 11:57 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-26 11:49 . 2008-05-26 13:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-26 11:48 . 2008-05-26 13:49 <DIR> d-------- C:\Program Files\McAfee
2008-05-26 11:38 . 2008-05-26 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-26 11:19 . 2008-06-12 17:18 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-26 11:18 . 2008-06-12 17:08 64,756 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000005-00211102}.rfx
2008-05-26 11:18 . 2008-06-12 17:08 53,968 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000005-00211102}.rfx
2008-05-26 11:18 . 2008-06-12 17:08 53,968 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000003-00001102-00000005-00211102}.rfx
2008-05-26 11:18 . 2008-06-12 17:08 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-05-26 11:18 . 2008-06-12 17:08 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-05-26 11:15 . 2008-06-12 17:02 6,096 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-05-26 11:13 . 2008-05-26 11:13 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\TmpRecentIcons
2008-05-26 11:11 . 2008-05-27 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-26 11:09 . 2008-05-26 11:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-05-26 11:09 . 2008-05-26 11:09 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-05-26 11:09 . 2008-06-12 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-26 10:11 . 2008-05-26 10:11 0 --a------ C:\winxplogon.sys
2008-05-26 08:53 . 2008-06-12 16:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 08:52 . 2008-06-12 16:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-26 08:52 . 2008-05-26 08:53 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 08:52 . 2008-05-26 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-26 08:52 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-26 08:52 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-26 08:52 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-26 08:52 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-26 08:52 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-26 08:50 . 2008-05-26 08:51 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\RegClean
2008-05-21 14:49 . 2008-05-21 14:49 397,312 -ra------ C:\WINDOWS\system32\SZComp5.dll
2008-05-21 14:49 . 2008-05-21 14:49 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-05-13 10:03 . 2008-05-13 10:03 34,432 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 09:32 --------- d-----w C:\Documents and Settings\Nyi Nyi\Application Data\CoreFTP
2007-09-18 00:30 88,576 ---ha-w C:\Documents and Settings\Nyi Nyi\Application Data\rbap550.dll
2007-08-01 01:08 104 --sh--r C:\WINDOWS\system32\CFC33C5FFC.sys
2007-01-14 11:44 8 --sh--r C:\WINDOWS\system32\FC5F3CC3CF.sys
2007-09-02 21:50 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AC9264CC-124E-43B6-9144-8664D704A0BC}"= "C:\WINDOWS\atfxqogp.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{ac9264cc-124e-43b6-9144-8664d704a0bc}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{5CB86AF0-EBB2-4FEA-A255-2D45144CFE36}]
[HKEY_CLASSES_ROOT\atfxqogp]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05 69632]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"dlcqmon.exe"="C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe" [2006-06-20 13:37 286720]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Athan"="C:\Program Files\Athan\Athan.exe" [2006-05-23 07:30 974848]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 05:20 122940]
"DLCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-06-07 12:17 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-07 06:56 282624]
"WinZip E-Mail Companion OEAPI"="C:\Program Files\WinZip E-Mail Companion\loadwzco.exe" [2007-09-20 02:00 75136]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 03:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-03-17 14:39:07 24576]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-11-26 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-08-24 17:57 36640 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-27 21:47 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-09-06 15:27 1910040 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-09-10 11:43 9495832 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"WUSB300NSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apache2.2"=2 (0x2)
"dlcq_device"=2 (0x2)
"lanmanserver"=2 (0x2)
"McSysmon"=3 (0x3)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dlcqcoms.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-26 09:50]
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S4 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
S4 dlcq_device;dlcq_device;C:\WINDOWS\system32\dlcqcoms.exe [2006-07-13 17:27]
S4 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 15:58:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-26 15:58:49 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-29 07:30:12 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-05-24 20:54:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-17 20:54:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 17:18:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
.
**************************************************************************
.
Completion time: 2008-06-12 17:22:51 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-06-12 21:22:48

Pre-Run: 228,397,228,032 bytes free
Post-Run: 228,381,229,056 bytes free

272 --- E O F --- 2008-05-19 10:14:34

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 PM

Posted 12 June 2008 - 05:40 PM

Good job! That's the log I needed to see. :thumbsup:


Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{AC9264CC-124E-43B6-9144-8664D704A0BC}"=-
[-HKEY_CLASSES_ROOT\clsid\{ac9264cc-124e-43b6-9144-8664d704a0bc}]
[-HKEY_CLASSES_ROOT\atfxqogp.1]
[-HKEY_CLASSES_ROOT\TypeLib\{5CB86AF0-EBB2-4FEA-A255-2D45144CFE36}]
[-HKEY_CLASSES_ROOT\atfxqogp]
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


==================



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 06:05 PM

Sam,
I could not run the SuperAntispyware. A "Window Install" box with "The System Administrator has set policies to prevent this installation." message came up. But below is the new Combofix log.

Thanks.

ComboFix 08-06-11.1 - Administrator 2008-06-12 18:52:43.3 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.781 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.

2008-06-12 16:25 . 2008-06-12 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-06-01 15:17 . 2008-06-01 15:17 <DIR> d-------- C:\Documents and Settings\Thae Gyi\Application Data\TmpRecentIcons
2008-06-01 15:14 . 2008-06-01 15:14 <DIR> d-------- C:\Documents and Settings\Thae Gyi\Application Data\Creative
2008-06-01 11:41 . 2008-06-01 11:41 <DIR> d-------- C:\Deckard
2008-06-01 11:36 . 2008-06-01 11:36 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-26 20:17 . 2008-06-01 14:51 <DIR> d-------- C:\Documents and Settings\Thae Gyi
2008-05-26 16:17 . 2008-05-26 16:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-26 15:01 . 2008-05-26 15:01 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-26 14:06 . 2008-05-26 14:06 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\Talkback
2008-05-26 13:55 . 2008-06-01 14:40 9,037 --a------ C:\WINDOWS\system32\Config.MPF
2008-05-26 13:54 . 2008-05-26 13:54 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-26 13:52 . 2008-06-01 14:32 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-05-26 13:52 . 2008-05-26 14:11 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\SiteAdvisor
2008-05-26 13:52 . 2008-06-01 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-26 13:38 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-05-26 13:37 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-05-26 13:37 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-05-26 13:37 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-05-26 13:37 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-05-26 13:35 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-05-26 11:52 . 2008-05-26 11:57 <DIR> d-------- C:\Program Files\McAfee.com
2008-05-26 11:49 . 2008-05-26 13:36 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-05-26 11:48 . 2008-05-26 13:49 <DIR> d-------- C:\Program Files\McAfee
2008-05-26 11:38 . 2008-05-26 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-26 11:19 . 2008-06-12 17:18 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-05-26 11:18 . 2008-06-12 17:08 64,756 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000003-00001102-00000005-00211102}.rfx
2008-05-26 11:18 . 2008-06-12 17:08 53,968 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000003-00001102-00000005-00211102}.rfx
2008-05-26 11:18 . 2008-06-12 17:08 53,968 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000003-00001102-00000005-00211102}.rfx
2008-05-26 11:18 . 2008-06-12 17:08 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-05-26 11:18 . 2008-06-12 17:08 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-05-26 11:15 . 2008-06-12 17:02 6,096 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-05-26 11:13 . 2008-05-26 11:13 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\TmpRecentIcons
2008-05-26 11:11 . 2008-05-27 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-26 11:09 . 2008-05-26 11:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-05-26 11:09 . 2008-05-26 11:09 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-05-26 11:09 . 2008-06-12 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-26 10:11 . 2008-05-26 10:11 0 --a------ C:\winxplogon.sys
2008-05-26 08:53 . 2008-06-12 16:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 08:52 . 2008-06-12 16:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-26 08:52 . 2008-05-26 08:53 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 08:52 . 2008-05-26 08:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-26 08:52 . 2008-04-10 15:14 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-26 08:52 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-26 08:52 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-26 08:52 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-26 08:52 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-26 08:50 . 2008-05-26 08:51 <DIR> d-------- C:\Documents and Settings\Nyi Nyi\Application Data\RegClean
2008-05-21 14:49 . 2008-05-21 14:49 397,312 -ra------ C:\WINDOWS\system32\SZComp5.dll
2008-05-21 14:49 . 2008-05-21 14:49 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-05-13 10:03 . 2008-05-13 10:03 34,432 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 09:32 --------- d-----w C:\Documents and Settings\Nyi Nyi\Application Data\CoreFTP
2008-05-06 18:53 364,544 ----a-r C:\WINDOWS\system32\IS3DBA5.dll
2008-05-06 18:53 126,976 ----a-r C:\WINDOWS\system32\IS3HTUI5.dll
2008-05-06 18:52 61,440 ----a-r C:\WINDOWS\system32\IS3Hks5.dll
2008-05-06 18:52 372,736 ----a-r C:\WINDOWS\system32\IS3UI5.dll
2008-05-06 18:52 23,040 ----a-r C:\WINDOWS\system32\IS3XDat5.dll
2008-05-06 18:51 196,608 ----a-r C:\WINDOWS\system32\IS3Win325.dll
2008-05-06 18:50 94,208 ----a-r C:\WINDOWS\system32\IS3Inet5.dll
2008-05-06 18:50 90,112 ----a-r C:\WINDOWS\system32\IS3Svc5.dll
2008-05-06 18:47 708,608 ----a-r C:\WINDOWS\system32\IS3Base5.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-09-18 00:30 88,576 ---ha-w C:\Documents and Settings\Nyi Nyi\Application Data\rbap550.dll
1998-07-03 19:27 7,488 ----a-w C:\WINDOWS\inf\unregpn.exe
2007-08-01 01:08 104 --sh--r C:\WINDOWS\system32\CFC33C5FFC.sys
2007-01-14 11:44 8 --sh--r C:\WINDOWS\system32\FC5F3CC3CF.sys
2007-09-02 21:50 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 21:10 335872]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-01-13 14:05 69632]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"RCSystem"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 11:01 122880]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"dlcqmon.exe"="C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe" [2006-06-20 13:37 286720]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Athan"="C:\Program Files\Athan\Athan.exe" [2006-05-23 07:30 974848]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-11-07 05:20 122940]
"DLCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll" [2006-06-07 12:17 106496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-07 06:56 282624]
"WinZip E-Mail Companion OEAPI"="C:\Program Files\WinZip E-Mail Companion\loadwzco.exe" [2007-09-20 02:00 75136]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 03:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-03-17 14:39:07 24576]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-08-03 11:10:00 394856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideShutdownScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
--a------ 2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
--a------ 2008-04-10 15:14 1107848 C:\Program Files\Spyware Doctor\pctsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-11-26 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-08-24 17:57 36640 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-27 21:47 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-09-06 15:27 1910040 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
--a------ 2007-09-10 11:43 9495832 C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SiteAdvisor Service"=2 (0x2)
"WUSB300NSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Apache2.2"=2 (0x2)
"dlcq_device"=2 (0x2)
"lanmanserver"=2 (0x2)
"McSysmon"=3 (0x3)
"mcmscsvc"=2 (0x2)
"McODS"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\dlcqcoms.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-10 15:14]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-26 09:50]
S3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 17:10]
S4 Apache2.2;Apache2.2;"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice []
S4 dlcq_device;dlcq_device;C:\WINDOWS\system32\dlcqcoms.exe [2006-07-13 17:27]
S4 WUSB300NSvc;WUSB300NSvc;"C:\Program Files\Linksys\WUSB300N\WLService.exe" "WUSB300N.exe" []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 15:58:52 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-05-26 15:58:49 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-29 07:30:12 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
"2008-05-24 20:54:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-17 20:54:15 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-12 18:53:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-12 18:54:55
ComboFix-quarantined-files.txt 2008-06-12 22:54:52
ComboFix2.txt 2008-06-12 21:22:52

Pre-Run: 228,379,369,472 bytes free
Post-Run: 228,365,926,400 bytes free

242 --- E O F --- 2008-05-19 10:14:34

#8 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 06:23 PM

Sam,
I logged into regular mode and SuperAntispy is currently running.

Thanks

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 PM

Posted 12 June 2008 - 07:27 PM

Ok, good. Just post that log when it completes.
Also let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 June 2008 - 07:48 PM

Sam,
Scan is completed. My PC is running a lot faster than before now. I learned my lesson on going to illegal sites. I am never going there again. I think most of the spyware might be gone. Please see below for the SuperAntiware scan.

Thanks.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/12/2008 at 08:20 PM

Application Version : 4.15.1000

Core Rules Database Version : 3469
Trace Rules Database Version: 1460

Scan type : Complete Scan
Total Scan Time : 01:00:40

Memory items scanned : 362
Memory threats detected : 0
Registry items scanned : 6443
Registry threats detected : 2
File items scanned : 30601
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@adnetserver[1].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@www.stopzilla[1].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@winantiviruspro[1].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@antispywaremaster[2].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@gomyhit[1].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@sale.antispywaremaster[1].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@gomyhit[3].txt
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@82.98.235[1].txt
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.statcounter.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.paypal.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.stats.paypal.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\af7xwv0f.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
shop.winanonymous.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.adnetserver.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
www.hornyoldbleepers.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.www.hornyoldbleepers.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.www.hornyoldbleepers.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.www.hornyoldbleepers.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.www.hornyoldbleepers.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
www.freee-sex.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.toplist.cz [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.pornbilly.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
www.mosteroticteenies.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.teen-stop.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.kanoodle.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
click.interactivebrands.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.myaccounts.navyfcu.org [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.pornaccess.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.pornaccess.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
.shockingxxxmovies.com [ C:\Documents and Settings\Nyi Nyi\Application Data\Mozilla\Firefox\Profiles\7ewub2jm.default\cookies.txt ]
C:\Documents and Settings\Nyi Nyi\Cookies\nyi_nyi@www.googleadservices[1].txt

Registry Cleaner Trial
HKU\S-1-5-21-73586283-926492609-682003330-1003\Software\SoftwareOnline.com
C:\Documents and Settings\Nyi Nyi\Application Data\Registry Cleaner\Backups\2006-08-19,09-45 27 490.zip
C:\Documents and Settings\Nyi Nyi\Application Data\Registry Cleaner\Backups
C:\Documents and Settings\Nyi Nyi\Application Data\Registry Cleaner

Rogue.SpywareIsolator
HKU\S-1-5-21-73586283-926492609-682003330-1003\Software\spinstall
c:\winxplogon.sys

Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{83C57E25-D575-4D39-9121-E1A13A4AF898}\RP806\A0366032.DLL

Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{83C57E25-D575-4D39-9121-E1A13A4AF898}\RP806\A0366033.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{83C57E25-D575-4D39-9121-E1A13A4AF898}\RP806\A0366034.DLL

Trojan.Net-MSV/VPS-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{83C57E25-D575-4D39-9121-E1A13A4AF898}\RP806\A0366035.DLL

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 PM

Posted 13 June 2008 - 01:47 AM

Looking good! We're just about done here.
Please post a new log from DSS.

How is your computer behaving?
Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 13 June 2008 - 04:32 AM

There are no problems as far as speed. The "Virus Alert" is still showing on where the clock is. "All Programs" still don't show up and my display properties is still disable by "my administrator". You probably already are aware of this but I am just letting you know. Please see the new DSS log. By the way, dss.exe was not on my desktop and the first time I downloaed it and double click on it, it disappeared. I guess this has to do with .exe file but I thought you should know.

Deckard's System Scanner v20071014.68
Run by Nyi Nyi on 2008-06-13 05:16:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-13 05:17:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CtHelper.exe
C:\WINDOWS\system32\Ctxfihlp.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\dla\DLACTRLW.EXE
C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nyi Nyi\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - SITEguard - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O10 - Unknown file in Winsock LSP: C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} () - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} () - http://ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} () - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: dlcq_device - Unknown owner - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MpfSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe


--
End of file - 11968 bytes

-- Files created between 2008-05-13 and 2008-06-13 -----------------------------

2008-06-12 19:16:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-12 19:16:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-12 19:16:05 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\SUPERAntiSpyware.com
2008-06-12 16:55:08 68096 --a------ C:\WINDOWS\zip.exe
2008-06-12 16:55:08 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-12 16:55:08 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-12 16:55:08 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-12 16:55:08 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-12 16:55:08 98816 --a------ C:\WINDOWS\sed.exe
2008-06-12 16:55:08 80412 --a------ C:\WINDOWS\grep.exe
2008-06-12 16:55:08 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-12 16:27:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-06-12 16:27:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-06-12 16:25:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-06-01 15:24:01 0 d-------- C:\Documents and Settings\Thae Gyi\Application Data\Mozilla
2008-06-01 15:17:53 0 d-------- C:\Documents and Settings\Thae Gyi\Application Data\TmpRecentIcons
2008-06-01 15:14:40 0 d-------- C:\Documents and Settings\Thae Gyi\Application Data\Creative
2008-06-01 11:36:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-06-01 11:36:52 0 d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-06-01 11:36:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-06-01 11:34:55 0 d--hs---- C:\WINDOWS\CSC
2008-05-26 20:17:18 0 dr-h----- C:\Documents and Settings\Thae Gyi\SendTo
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\Recent
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\PrintHood
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\NetHood
2008-05-26 20:17:18 0 dr------- C:\Documents and Settings\Thae Gyi\My Documents
2008-05-26 20:17:18 0 d--h----- C:\Documents and Settings\Thae Gyi\Local Settings
2008-05-26 20:17:18 0 d-------- C:\Documents and Settings\Thae Gyi\Favorites
2008-05-26 20:17:18 0 d-------- C:\Documents and Settings\Thae Gyi\Desktop
2008-05-26 20:17:18 0 d--hs---- C:\Documents and Settings\Thae Gyi\Cookies
2008-05-26 20:17:18 0 dr-h----- C:\Documents and Settings\Thae Gyi\Application Data
2008-05-26 20:17:18 0 d---s---- C:\Documents and Settings\Thae Gyi\Application Data\Microsoft
2008-05-26 20:17:17 0 d--h----- C:\Documents and Settings\Thae Gyi\Templates
2008-05-26 20:17:17 0 dr------- C:\Documents and Settings\Thae Gyi\Start Menu
2008-05-26 20:17:16 786432 --ah----- C:\Documents and Settings\Thae Gyi\NTUSER.DAT
2008-05-26 16:17:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-05-26 15:01:34 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-26 15:01:34 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-26 15:01:34 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-26 15:01:34 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-26 15:01:33 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-26 15:01:33 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-26 15:01:33 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-26 15:01:33 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-26 15:01:33 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-26 15:01:33 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-26 14:06:04 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\Talkback
2008-05-26 13:54:02 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-05-26 13:52:58 0 d-------- C:\Program Files\SiteAdvisor
2008-05-26 13:52:56 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\SiteAdvisor
2008-05-26 13:52:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-05-26 11:52:48 0 d-------- C:\Program Files\McAfee.com
2008-05-26 11:49:09 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-26 11:48:26 0 d-------- C:\Program Files\McAfee
2008-05-26 11:38:19 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-26 11:13:02 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\TmpRecentIcons
2008-05-26 11:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-05-26 11:09:29 0 d-------- C:\Program Files\STOPzilla!
2008-05-26 11:09:28 0 d-------- C:\Program Files\Common Files\iS3
2008-05-26 11:09:27 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-05-26 10:13:58 0 dr-h----- C:\Documents and Settings\Nyi Nyi\Recent
2008-05-26 08:53:08 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-26 08:52:31 0 d-------- C:\Program Files\Common Files\PC Tools
2008-05-26 08:52:21 0 d-------- C:\Program Files\Spyware Doctor
2008-05-26 08:52:21 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-05-26 08:50:42 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\RegClean
2008-05-21 14:49:36 258048 -ra------ C:\WINDOWS\system32\SZBase5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-05-21 14:49:12 397312 -ra------ C:\WINDOWS\system32\SZComp5.dll <Not Verified; iS3, Inc.; STOPzilla>
2008-05-13 10:03:58 34432 -ra------ C:\WINDOWS\system32\drivers\SZKG.sys <Not Verified; iS3 Inc.; Stopzilla>


-- Find3M Report ---------------------------------------------------------------

2008-05-26 11:49:09 0 d-------- C:\Program Files\Common Files
2008-05-25 10:54:02 154 --a------ C:\dlcq
2008-05-14 05:32:55 0 d-------- C:\Documents and Settings\Nyi Nyi\Application Data\CoreFTP
2008-05-06 14:53:40 126976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:53:32 364544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:52:46 372736 -ra------ C:\WINDOWS\system32\IS3UI5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:52:30 61440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:52:06 23040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:51:44 196608 -ra------ C:\WINDOWS\system32\IS3Win325.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:50:48 94208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:50:32 90112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>
2008-05-06 14:47:00 708608 -ra------ C:\WINDOWS\system32\IS3Base5.dll <Not Verified; iS3, Inc.; iS3 Common Libraries>


-- Registry Dump ---------------------------------------------------------------


The command prompt has been disabled by your administrator.

Press any key to continue . . .


-- End of Deckard's System Scanner: finished at 2008-06-13 05:18:56 ------------

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:11 PM

Posted 13 June 2008 - 08:28 AM

Thanks for the info. That's exactly what makes this easier! :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O3 - Toolbar: (no name) - SITEguard - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)




Now we need to make some registry adjustments and they will be specific to your computer. The best way to get this done is for you to follow the instructions carefully at this page.

http://miekiemoes.blogspot.com/2008/05/vir...to-restore.html


Let me know how it goes and any issues that are still present after completing the process.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 13 June 2008 - 04:46 PM

Sam,
I am sorry I did not tell you this. The previous log I provided to you was done by double-clicking on dss.exe icon. I could not click on yes to download Hijackthis. So, I clicked on "Cancel" and it provided me with the log I provided. I am guessing that's not what you needed me to do. I am currently in safe mode. Should I run dss in Safe mode? Again, I apologize for not letting you know.

Nyi.

#15 nyi

nyi
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 13 June 2008 - 08:05 PM

I think this is what you were looking for. I finally figured out how to run Hijackthis.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:46 PM, on 6/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\dlcqcoms.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Nyi Nyi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [dlcqmon.exe] "C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DLCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-73586283-926492609-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Nyi Nyi')
O4 - HKUS\S-1-5-21-73586283-926492609-682003330-1003\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'Nyi Nyi')
O4 - HKUS\S-1-5-21-73586283-926492609-682003330-1003\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s (User 'Nyi Nyi')
O4 - HKUS\S-1-5-21-73586283-926492609-682003330-1003\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User 'Nyi Nyi')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.5.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3BA3B159-7533-4F96-A2CE-EE5894BBD3D5} - http://i.dell.com/images/global/js/scanner/SYSSCANNER.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {AE6C4705-0F11-4ACB-BDD4-37F138BEF289} - http://ritzpix.com/net/Uploader/LPUploader45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - http://www.networksolutionsemailpopwizard....rueSwitchEC.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - c:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: dlcq_device - - C:\WINDOWS\system32\dlcqcoms.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe

--
End of file - 10033 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users