Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Assist Not Sure What Problem Is Have Ran Required


  • This topic is locked This topic is locked
3 replies to this topic

#1 stickittoum

stickittoum

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 05 July 2008 - 02:05 PM

Tyvm

Attached Files



BC AdBot (Login to Remove)

 


#2 stickittoum

stickittoum
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 09 July 2008 - 08:37 PM

Merged topics. Topic title was: Trouble With Ie Browser 'jump's To Redirected Pop Up Ads ~ OB

Apreciate any help /advice you can give me thank you very much!
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-09 18:28:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive E: has 0.59 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-09 18:29:32
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\system32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\igfxtray.exe
E:\WINDOWS\system32\hkcmd.exe
E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\IoctlSvc.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\svchost.exe
E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tip.it/runescape/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.38.29.154:8888
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Steganos.Pwm.BHO - {23162633-071E-4D3C-B347-B85451A92DBA} - E:\Program Files\Steganos Password Manager 2009\PwmBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - E:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SansaDispatch] E:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [win16dll] E:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe
O4 - HKLM\..\Run: [CanonMyPrinter] E:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [svchost] E:\WINDOWS\svchost.exe "E:\Program Files\FolderVault\FolderVault.exe",86
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: CallWave.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://E:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://E:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://E:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://E:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://E:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (file missing)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (file missing)
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212389263265
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{98B0EC61-2E6A-4539-8338-179996BDDD05}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - E:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: chabkxol - {3bdf9b40-acbb-4087-83ed-78927a0abfef} - E:\Documents and Settings\All Users.WINDOWS\Application Data\chabkxol.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - E:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - E:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe


--
End of file - 9654 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 13:34:33 306688 --a------ E:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-09 13:33:53 0 d--h----- E:\WINDOWS\system32\CanonIJ Uninstaller Information
2008-07-09 13:33:49 0 d--h----- E:\Program Files\CanonBJ
2008-07-09 13:19:15 0 d-------- E:\Program Files\Canon
2008-07-08 04:25:39 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\DAEMON Tools Pro
2008-07-08 04:25:26 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro
2008-07-08 04:23:47 0 d-------- E:\Program Files\DAEMON Tools Pro
2008-07-08 04:19:30 685816 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2008-07-06 03:02:23 0 d-------- E:\New Folder
2008-07-05 14:39:24 24576 --a------ E:\WINDOWS\svchost.exe <Not Verified; Gear Box Computers; svchost>
2008-07-01 05:09:05 0 d--h----- E:\Documents and Settings\Administrator.HOME-23C490E58B\Recent
2008-07-01 03:53:19 0 d-------- E:\Documents and Settings\Guest\Application Data\Nero
2008-07-01 03:50:02 0 d-------- E:\Documents and Settings\Guest\Local Settings
2008-07-01 03:50:02 0 d-------- E:\Documents and Settings\Guest\Favorites
2008-07-01 03:50:02 0 d-------- E:\Documents and Settings\Guest\Cookies
2008-07-01 03:50:02 0 d-------- E:\Documents and Settings\Guest\Application Data
2008-07-01 03:50:02 0 d-------- E:\Documents and Settings\Guest\Application Data\Microsoft
2008-07-01 03:50:01 0 d-------- E:\Documents and Settings\Guest\Templates
2008-07-01 03:50:00 786432 --ah----- E:\Documents and Settings\Guest\NTUSER.DAT
2008-06-30 06:26:06 233472 --a------ E:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat
2008-06-29 05:52:19 6291456 --a------ E:\Documents and Settings\Administrator.HOME-23C490E58B\ntuser.dat
2008-06-21 04:17:30 0 d-------- E:\WINDOWS\system32\netrax06
2008-06-21 04:17:25 114688 --a------ E:\Documents and Settings\All Users.WINDOWS\Application Data\chabkxol.dll
2008-06-21 04:17:15 0 dr------- E:\Documents and Settings\LocalService.NT AUTHORITY\Favorites
2008-06-20 22:14:46 0 d-------- E:\Program Files\Alwil Software
2008-06-19 05:51:06 0 d-------- E:\Program Files\CallWave
2008-06-18 22:28:28 0 d-------- E:\Program Files\BreakPoint Software
2008-06-18 16:00:44 0 d-------- E:\Program Files\Apple Software Update
2008-06-15 19:39:46 0 d-------- E:\Program Files\Steganos Password Manager 2009
2008-06-15 19:08:02 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Steganos
2008-06-15 18:48:21 1 --a------ E:\WINDOWS\system32\exp16sys.dll
2008-06-15 18:48:21 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\a32w
2008-06-15 17:57:53 5 --a------ E:\WINDOWS\system32\Urncb.dll
2008-06-15 17:57:40 9 --a------ E:\WINDOWS\system32\Urncbc.dll
2008-06-15 17:57:21 0 d-------- E:\Program Files\Keylogger
2008-06-15 17:06:24 0 d-------- E:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
2008-06-15 16:30:23 74703 --a------ E:\WINDOWS\system32\mfc45.dll
2008-06-15 16:25:24 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\iolo
2008-06-15 16:25:24 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\iolo
2008-06-15 00:49:53 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Real
2008-06-14 18:16:28 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\TigerPlayer
2008-06-14 18:13:01 0 d-------- E:\Program Files\MpcStar
2008-06-14 12:25:06 346784 -ra------ E:\WINDOWS\system32\drivers\wg311tn5.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
2008-06-14 12:03:40 16194 --a------ E:\WINDOWS\system32\AWINDIS5.SYS <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 Protocol Driver for Windows>
2008-06-14 12:03:40 73728 --a------ E:\WINDOWS\system32\AW32n50.dll <Not Verified; AMBIT Microsystems Corporation.; AMBIT WinDis32 DLL for Windows>
2008-06-14 11:43:09 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\SmartFTP
2008-06-14 11:41:26 0 d-------- E:\Program Files\SmartFTP Client
2008-06-14 11:40:09 0 d-------- E:\Program Files\SmartFTP Client 3.0 Setup Files
2008-06-11 02:45:03 0 d-------- E:\Program Files\SanDisk
2008-06-11 02:02:16 0 d-------- E:\Program Files\iPod
2008-06-11 01:59:50 0 d-------- E:\Program Files\iTunes
2008-06-11 01:26:07 0 d-------- E:\Program Files\Bonjour
2008-06-11 01:24:08 0 d-------- E:\Program Files\QuickTime
2008-06-11 00:04:05 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\acccore
2008-06-11 00:04:04 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\AIMPro
2008-06-11 00:02:12 0 d-------- E:\Program Files\Common Files\Nullsoft
2008-06-10 23:59:11 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\AIM
2008-06-10 15:41:50 0 d-------- E:\Program Files\Brad Smith
2008-06-10 12:58:06 0 d-------- E:\WINDOWS\File & Folder List Maker
2008-06-10 12:58:06 0 d-------- E:\Program Files\File & Folder List Maker
2008-06-10 12:46:48 0 d-------- E:\Program Files\Yamicsoft
2008-06-09 21:27:56 0 d-------- E:\Program Files\Real
2008-06-09 10:51:54 0 d-------- E:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-06-09 06:58:06 0 d-------- E:\Program Files\Windows Media Connect 2
2008-06-09 06:55:00 0 d-------- E:\WINDOWS\system32\drivers\UMDF
2008-06-09 06:36:16 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Pegasys Inc
2008-06-09 03:46:41 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Uniblue
2008-06-09 03:46:16 0 d-------- E:\Program Files\Uniblue


-- Find3M Report ---------------------------------------------------------------

2008-07-08 22:11:27 4212 ---h----- E:\WINDOWS\system32\zllictbl.dat
2008-07-05 21:29:13 0 d-------- E:\Program Files\FolderVault
2008-07-05 21:29:01 94 --a------ E:\WINDOWS\system32\run.bat
2008-07-05 13:02:35 0 d-------- E:\Program Files\Trojan Remover
2008-07-05 10:48:48 0 d-------- E:\Program Files\Microsoft Works
2008-07-05 10:47:56 0 d-------- E:\Program Files\MSBuild
2008-07-05 02:38:29 0 d-------- E:\Program Files\PokerStars
2008-07-04 07:09:18 0 d-------- E:\Program Files\LimeWire
2008-07-01 21:25:35 2916 --a------ E:\WINDOWS\system32\tmp.reg
2008-06-21 00:02:41 0 d-------- E:\Program Files\Final Ares Complete Edition
2008-06-20 21:37:52 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\SUPERAntiSpyware.com
2008-06-20 16:33:18 0 d-------- E:\Program Files\Common Files
2008-06-14 12:17:42 0 d-------- E:\Program Files\Common Files\InstallShield
2008-06-14 12:17:29 0 d--h----- E:\Program Files\InstallShield Installation Information
2008-06-11 02:30:34 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Adobe
2008-06-10 15:40:29 286720 -----n--- E:\WINDOWS\SETUP1.EXE <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-10 15:40:24 73216 --a------ E:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-09 06:35:48 0 d-------- E:\Program Files\DivX
2008-06-09 04:55:44 0 d-------- E:\Program Files\Messenger
2008-06-08 02:57:57 0 d-------- E:\Program Files\ATT
2008-06-08 02:57:47 0 d-------- E:\Program Files\Yahoo!
2008-06-08 02:57:14 0 d-------- E:\Program Files\Common Files\Motive
2008-06-08 02:48:09 22 --a------ E:\WINDOWS\system32\VideoEA560DEADrivers.dll
2008-06-07 15:10:36 0 d-------- E:\Program Files\Common Files\Adobe
2008-06-07 11:50:31 25992 --a------ E:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-06-06 13:03:28 0 d-------- E:\Program Files\ClikView 2.1
2008-06-06 12:59:23 0 d-------- E:\Program Files\nBit Information Technologies
2008-06-04 13:39:56 0 d-------- E:\Program Files\Movie Maker
2008-06-04 13:34:39 0 d-------- E:\Program Files\Windows NT
2008-06-03 21:08:24 0 d-------- E:\Program Files\WinHTTrack
2008-06-03 20:47:43 0 d-------- E:\Program Files\StAPH
2008-06-03 20:17:23 784 --a------ E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\mpauth.dat
2008-06-03 20:10:03 0 d-------- E:\Program Files\NGI Logviewer
2008-06-03 16:50:25 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\LimeWire
2008-06-03 07:07:26 0 d-------- E:\Program Files\Adobe Media Player
2008-06-03 07:07:18 0 d-------- E:\Program Files\Common Files\Adobe AIR
2008-06-03 01:18:18 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Ipswitch
2008-06-03 01:17:56 0 d-------- E:\Program Files\Ipswitch
2008-06-03 01:16:45 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\InstallShield
2008-06-03 00:59:57 0 d-------- E:\Program Files\JufSoft
2008-06-02 23:15:41 0 d-------- E:\Program Files\MSXML 4.0
2008-06-02 14:34:01 158 --a------ E:\WINDOWS\hlistHMFAxCore6f6bfeced9785daef763a7612687e36d
2008-06-02 14:34:00 300 --a------ E:\WINDOWS\wlistHMFAxCore6f6bfeced9785daef763a7612687e36d
2008-06-02 14:33:19 135168 --a------ E:\WINDOWS\system32\Lock.dll <Not Verified; Gear Box Computers; Lock>
2008-06-02 14:33:18 757760 --a------ E:\WINDOWS\system32\help.dll <Not Verified; SoftHelp; Help Provider Library>
2008-06-02 14:07:18 0 d-------- E:\Program Files\SUPERAntiSpyware
2008-06-02 14:05:00 0 d-------- E:\Program Files\NeroInstall.bak
2008-06-02 14:01:17 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Nero
2008-06-02 13:58:11 0 d-------- E:\Program Files\Common Files\Nero
2008-06-02 13:54:37 0 d-------- E:\Program Files\Nero
2008-06-02 13:43:54 0 d-------- E:\Program Files\BitComet
2008-06-02 13:37:09 2560 --a------ E:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2008-06-02 08:14:33 0 d-------- E:\Program Files\WinAce
2008-06-02 07:56:46 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Macromedia
2008-06-02 07:56:08 1169 --a------ E:\WINDOWS\mozver.dat
2008-06-02 06:35:47 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Media Player Classic
2008-06-02 06:35:30 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\DivX
2008-06-02 06:32:28 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Apple Computer
2008-06-02 06:27:43 0 d-------- E:\Program Files\Common Files\Apple
2008-06-02 06:22:44 0 d-------- E:\Program Files\K-Lite Codec Pack
2008-06-02 06:15:56 0 d-------- E:\Program Files\GPL MPEG Decoder
2008-06-02 05:48:17 0 --a------ E:\WINDOWS\nsreg.dat
2008-06-02 05:48:07 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Mozilla
2008-06-02 05:09:26 0 d-------- E:\Program Files\Common Files\ACD Systems
2008-06-02 05:09:07 0 d-------- E:\Program Files\ACD Systems
2008-06-02 05:05:35 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\ACD Systems
2008-06-02 04:54:07 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\WinRAR
2008-06-02 03:40:42 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Lavasoft
2008-06-02 03:08:29 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Simply Super Software
2008-06-02 02:55:11 0 d-------- E:\Program Files\Java
2008-06-02 02:46:45 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Sun
2008-06-01 23:43:38 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\MailFrontier
2008-06-01 23:06:17 0 d-------- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\Identities
2008-06-01 22:55:45 21640 --a------ E:\WINDOWS\system32\emptyregdb.dat
2008-06-01 15:49:06 62 --ahs---- E:\Documents and Settings\Administrator.HOME-23C490E58B\Application Data\desktop.ini
2008-05-31 23:59:24 0 d-------- E:\Program Files\Realtek AC97
2008-05-31 23:38:04 0 d-------- E:\Program Files\Microsoft Silverlight
2008-05-31 20:08:44 0 d-------- E:\Program Files\Common Files\Java
2008-05-31 19:48:30 0 d-------- E:\Program Files\Belarc
2008-05-31 15:43:55 0 d-------- E:\Program Files\microsoft frontpage
2008-05-31 15:41:32 0 d--h----- E:\Program Files\WindowsUpdate
2008-05-31 15:41:00 0 d-------- E:\Program Files\Common Files\MSSoap
2008-05-31 15:39:40 0 d-------- E:\Program Files\Online Services
2008-05-31 15:39:31 0 d-------- E:\Program Files\MSN Gaming Zone
2008-05-30 16:37:07 0 d-------- E:\Program Files\Common Files\ODBC
2008-05-30 16:37:03 0 d-------- E:\Program Files\Common Files\SpeechEngines
2008-05-30 16:22:48 802816 --a------ E:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 16:22:48 823296 --a------ E:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:48 823296 --a------ E:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 815104 --a------ E:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 16:22:46 683520 --a------ E:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-29 04:46:37 0 d--hs---- E:\Program Files\RECYCLER
2008-05-24 05:22:09 0 d-------- E:\Program Files\WinHex
2008-05-23 09:54:01 0 d-------- E:\Program Files\WinSnap
2008-05-23 09:03:00 0 d-------- E:\Program Files\ArcSoft
2008-05-22 15:22:18 3596288 --a------ E:\WINDOWS\system32\qt-dx331.dll
2008-05-22 15:19:46 196608 --a------ E:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 15:19:46 81920 --a------ E:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 15:18:54 12288 --a------ E:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 09:54:07 0 d-------- E:\Program Files\natual reader
2008-05-19 17:49:33 0 d-------- E:\Program Files\Release


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23162633-071E-4D3C-B347-B85451A92DBA}]
2008/05/27 07:41 AM 86016 --a------ E:\Program Files\Steganos Password Manager 2009\PwmBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="E:\WINDOWS\system32\igfxtray.exe" [2005/06/21 04:48 PM]
"HotKeysCmds"="E:\WINDOWS\system32\hkcmd.exe" [2005/06/21 04:44 PM]
"ZoneAlarm Client"="E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008/04/02 09:07 PM]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008/02/22 04:25 AM]
"NeroFilterCheck"="E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008/02/28 09:59 AM]
"NBKeyScan"="E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008/02/18 04:29 PM]
"RegistryMechanic"="" []
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008/01/11 10:16 PM]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008/06/02 11:13 AM]
"SansaDispatch"="E:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007/10/22 12:52 PM]
"QuickTime Task"="E:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2008/06/14 06:14 PM]
"win16dll"="E:\Program Files\Advanced Invisible Keylogger\Advanced Invisible Keylogger.exe" []
"CanonMyPrinter"="E:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006/03/21 06:30 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008/04/14 05:42 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008/02/28 05:07 PM]
"SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008/05/28 10:33 AM]
"svchost"="E:\WINDOWS\svchost.exe" [2008/07/05 02:39 PM]
"DAEMON Tools Pro Agent"="E:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007/09/06 06:08 AM]

E:\Documents and Settings\Administrator.HOME-23C490E58B\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007/08/24 4:45:42 AM]

E:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
CallWave.lnk - E:\Program Files\CallWave\IAM.exe [2008/06/19 5:50:53 AM]
WinZip Quick Pick.lnk - E:\Program Files\WinZip\WZQKPICK.EXE [2008/04/03 11:20:00 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"chabkxol"= {3bdf9b40-acbb-4087-83ed-78927a0abfef} - E:\Documents and Settings\All Users.WINDOWS\Application Data\chabkxol.dll [2008/06/21 04:17 AM 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
E:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDFix]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ab6d3a8-2da0-11dd-98ee-806d6172696f}]
AutoRun\command- D:\SETUP.EXE




-- End of Deckard's System Scanner: finished at 2008-07-09 18:33:27 ------------

Edited by Orange Blossom, 10 July 2008 - 06:25 PM.


#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:25 PM

Posted 26 July 2008 - 11:31 PM

Welcome to the BleepingComputer Forums. Since it has been a few days, please post a new Deckard's System Scanner which includes the HijackThis log. Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:25 PM

Posted 05 August 2008 - 05:56 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users