Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Sloooow Computer w/ Pop-ups [RESOLVED]

Started by Sloooow Computer , Mar 09 2008 10:58 AM

  • This topic is locked This topic is locked

#1
Sloooow Computer
Posted 09 March 2008 - 10:58 AM

Sloooow Computer

    New Member

  • Member
  • Pip
  • 6 posts
First off, thanks for reading this. My dumb roomate downloaded something and my computer has slowed down to the point where I feel like I'm back in Windows 95 days. I need this comp back to working asap, since its used for business purposes, and I'll make sure to 'help you' if you 'help me.'

BTW - running XP w/ SP2

Thanks!

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:49:14 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\CROSOF~1.NET\wucrtupd.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\E Miller\My Documents\?dobe\s?ool32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [Perw] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [QdrPack13] "C:\Program Files\QdrPack\QdrPack13.exe"
O4 - HKCU\..\Run: [Lutg] "C:\Documents and Settings\E Miller\My Documents\?dobe\s?ool32.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172790405156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 12406 bytes

Edited by Sloooow Computer, 09 March 2008 - 11:05 AM.

  • 0

Advertisements

#2
kahdah
Posted 09 March 2008 - 11:16 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Sloooow Computer

Welcome to G2Go. :)
=====================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Sloooow Computer
Posted 09 March 2008 - 01:44 PM

Sloooow Computer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hey Kahdah. Thanks for the quick reply. Here's the info:

ComboFix Log:

ComboFix 08-03-09.1 - E Miller 2008-03-09 12:50:45.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT -5:00]
Running from: C:\Documents and Settings\E Miller\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\E Miller\My Documents\DOBE~1
C:\Documents and Settings\E Miller\My Documents\DOBE~1\s?ool32.exe
C:\Documents and Settings\E Miller\Start Menu\Programs\Outerinfo
C:\Documents and Settings\E Miller\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\E Miller\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\crosof~1.net\??crosoft.NET\
C:\Program Files\Common Files\crosof~1.net\wucrtupd.exe
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive12.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack13.exe
C:\Program Files\QdrPack\trgts.gz
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\flt.dll
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\jkklmkj.dll
C:\WINDOWS\system32\nnnmp.ini
C:\WINDOWS\system32\nnnmp.ini2
C:\WINDOWS\system32\sttss.ini
C:\WINDOWS\system32\sttss.ini2
C:\WINDOWS\system32\urdzezj.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xxxvideo.exe
C:\WINDOWS\YOURAPP.EXE

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 09:52 . 2008-03-08 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-08 09:51 . 2008-03-08 20:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-08 09:51 . 2008-03-08 09:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 09:51 . 2008-03-08 09:51 <DIR> d-------- C:\Documents and Settings\E Miller\Application Data\SUPERAntiSpyware.com
2008-03-08 03:55 . 2008-03-08 03:55 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-03-08 03:54 . 2008-03-08 03:54 295,819 --a------ C:\WINDOWS\system32\L2E0B.tmp
2008-03-08 03:54 . 2008-03-08 03:54 229,532 --a------ C:\WINDOWS\system32\L2466.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 15:16 --------- d-----w C:\Documents and Settings\E Miller\Application Data\WeatherBug
2008-02-22 06:00 --------- d-----w C:\Program Files\Bodog Poker
2008-01-26 08:30 --------- d-----w C:\Program Files\AOL Games
2008-01-26 08:30 --------- d-----w C:\Documents and Settings\E Miller\Application Data\iWin
2008-01-26 08:20 --------- d-----w C:\Program Files\Yahoo! Games
2008-01-23 03:09 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-23 03:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-01-23 01:47 --------- d-----w C:\Program Files\Bonjour
2008-01-23 01:41 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-13 01:49 --------- d-----w C:\Documents and Settings\E Miller\Application Data\Corel
2007-09-04 03:28 1,300,048 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-02-08 11:42 21,822,168 ----a-w C:\Program Files\AdbeRdr80_en_US.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67A301B1-37C8-4A0F-BE93-C755EC09446E}]
C:\WINDOWS\system32\mljjg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 16:02 1343488]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Perw"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\wucrtupd.exe" [ ]
"Lutg"="C:\Documents and Settings\E Miller\My Documents\?dobe\s?ool32.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 12:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [2002-12-16 06:10 86102]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 12:59 88107 C:\WINDOWS\AGRSMMSG.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:36 107008]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 12:24 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 12:11 114688]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13 1695744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"KMCONFIG"="C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 14:51 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-28 19:32 286720]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 94208 C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"Corel Photo Downloader"="C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 11:20 478800]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-01-22 21:03:00 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2007-02-17 12:27:32 612352]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-11 17:27:44 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-04-04 12:10]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-11-20 20:25]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 10:29]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 01:53]
S3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 15:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f177c905-c1f1-11db-b44d-000c6e72140e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 13:00:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-09 13:04:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 18:04:20
ComboFix2.txt 2008-01-03 14:04:51
.
2008-02-13 09:05:51 --- E O F ---

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:51 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67A301B1-37C8-4A0F-BE93-C755EC09446E} - C:\WINDOWS\system32\mljjg.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Perw] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\wucrtupd.exe" -vt yazb
O4 - HKCU\..\Run: [Lutg] "C:\Documents and Settings\E Miller\My Documents\?dobe\s?ool32.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.wea...Transporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1005.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172790405156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 13249 bytes

Looking forward to your reply.
  • 0

#4
kahdah
Posted 09 March 2008 - 01:54 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
===============
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\L2E0B.tmp
C:\WINDOWS\system32\L2466.tmp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67A301B1-37C8-4A0F-BE93-C755EC09446E}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Perw"=-
"Lutg"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt
================================================================================
=
Then::

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
  • 0

#5
Sloooow Computer
Posted 09 March 2008 - 07:02 PM

Sloooow Computer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix.txt

ComboFix 08-03-09.1 - E Miller 2008-03-09 15:05:24.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT -5:00]
Running from: C:\Documents and Settings\E Miller\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\E Miller\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\L2466.tmp
C:\WINDOWS\system32\L2E0B.tmp
C:\WINDOWS\system32\winfrun32.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\L2466.tmp
C:\WINDOWS\system32\L2E0B.tmp
C:\WINDOWS\system32\winfrun32.bin

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 09:52 . 2008-03-08 09:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-08 09:51 . 2008-03-08 20:59 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-08 09:51 . 2008-03-08 09:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-08 09:51 . 2008-03-08 09:51 <DIR> d-------- C:\Documents and Settings\E Miller\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 15:16 --------- d-----w C:\Documents and Settings\E Miller\Application Data\WeatherBug
2008-02-22 06:00 --------- d-----w C:\Program Files\Bodog Poker
2008-01-26 08:30 --------- d-----w C:\Program Files\AOL Games
2008-01-26 08:30 --------- d-----w C:\Documents and Settings\E Miller\Application Data\iWin
2008-01-26 08:20 --------- d-----w C:\Program Files\Yahoo! Games
2008-01-23 03:09 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-01-23 03:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-01-23 01:47 --------- d-----w C:\Program Files\Bonjour
2008-01-23 01:41 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-01-13 01:49 --------- d-----w C:\Documents and Settings\E Miller\Application Data\Corel
2007-09-04 03:28 1,300,048 ----a-w C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
2007-02-08 11:42 21,822,168 ----a-w C:\Program Files\AdbeRdr80_en_US.exe
.

((((((((((((((((((((((((((((( snapshot@2008-03-09_13.04.06.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 03:50:20 69,112 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-09 18:01:52 69,112 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-23 03:50:20 419,244 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 18:01:52 419,244 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-09 20:11:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_790.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2006-04-07 16:02 1343488]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 13:31 1372160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 12:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X5100 Series"="C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe" [2002-12-16 06:10 86102]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 12:59 88107 C:\WINDOWS\AGRSMMSG.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"eFax 4.2"="C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 15:36 107008]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 12:24 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 12:11 114688]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 22:13 1695744]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 14:21 198184]
"KMCONFIG"="C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 14:51 212992]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-28 19:32 286720]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 10:48 94208 C:\WINDOWS\KHALMNPR.Exe]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 00:24 620152]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"Corel Photo Downloader"="C:\Program Files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe" [2007-02-06 11:20 478800]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-01-22 21:03:00 295606]
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 01:01:50 734872]
eFax 4.2.lnk - C:\Program Files\eFax Messenger 4.2\J2GTray.exe [2007-02-17 12:27:32 612352]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-11 17:27:44 593920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 NaiFsRec;NaiFsRec;C:\WINDOWS\system32\drivers\NaiFsRec.sys [2001-04-04 12:10]
R2 AvSynMgr;AVSync Manager;"C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe" [2001-11-20 20:25]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 10:29]
R2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-05-25 01:53]
S3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-03-29 15:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f177c905-c1f1-11db-b44d-000c6e72140e}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-09 15:11:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-09 15:15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-09 20:15:37
ComboFix2.txt 2008-03-09 18:04:25
ComboFix3.txt 2008-01-03 14:04:51
.
2008-02-13 09:05:51 --- E O F ---


MBAM Log:

Malwarebytes' Anti-Malware 1.07
Database version: 471

Scan type: Full Scan (A:\|C:\|H:\|)
Objects scanned: 145409
Time elapsed: 40 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchwbtoolbar.temperaturebarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Program Files\ISM\ism.exe.vir (Adware.ISM) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ISM\Uninstall.exe.vir (Adware.ISM) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\outerinfo.ico.vir (Malware.Trace) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrDrive\qdrloader.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack13.exe.vir (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urdzezj.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP453\A0040254.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP453\A0040256.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP453\A0040257.exe (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\A0040281.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\A0040290.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\A0040292.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\A0040293.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\snapshot\MFEX-20.DAT (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040347.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040348.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040350.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040352.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040355.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040357.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040390.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
  • 0

#6
kahdah
Posted 09 March 2008 - 07:23 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#7
Sloooow Computer
Posted 09 March 2008 - 09:11 PM

Sloooow Computer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
TotalScan:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-03-09 22:10:34
PROTECTIONS: 1
MALWARE: 40
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan 4.5.1 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00040319 adware/activesearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}
00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}
00040376 adware/adblaster Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f}
00048242 adware/404search Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}
00120993 adware/deskwizz Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4dfb-9693-23AB7686A456}
00132710 dialer.xd Dialers No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@trafficmp[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@atdmt[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@mediaplex[2].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@linksynergy[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@com[1].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@tickle[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@burstnet[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\[email protected][2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@realmedia[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@adrevolver[2].txt
00186469 Cookie/Reliablestats TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\[email protected][1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@adultfriendfinder[1].txt
00218901 adware/adbars Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641EF3-8A7A-4D84-8659-B0911E947CC8}
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@atwola[2].txt
00320978 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@winantivirus[1].txt
00505449 Cookie/Winantivirus TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@winantispyware[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP457\A0040469.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040410.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040336.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP457\A0040482.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\E Miller\Cookies\e_miller@enhance[2].txt
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP386\A0033259.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP457\A0040477.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP456\A0040405.sys
02891362 Adware/Yazzle Adware No 0 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\A0040284.exe
02903429 Adware/Adband Adware No 0 No No C:\QooBox\Quarantine\C\WINDOWS\system32\L2E0B.tmp.vir[ism.exe]
02905109 Adware/SpyAway Adware No 1 Yes No C:\System Volume Information\_restore{4C299185-1A9B-4994-992A-75C55A50A639}\RP454\A0040291.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#8
kahdah
Posted 10 March 2008 - 06:59 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F02779-6D88-4958-8AD3-83C12D86ADC7}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e9147a0a-a866-4214-b47c-da821891240f}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5AF2622-8C75-4dfb-9693-23AB7686A456}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{54645654-2225-4455-44A1-9F4543D34546}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{51641EF3-8A7A-4D84-8659-B0911E947CC8}]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
================================
After that please delete all of your cookies.

After that please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
==========================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image

Uninstalling Combofix will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
============================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#9
Sloooow Computer
Posted 10 March 2008 - 07:14 PM

Sloooow Computer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
After saving fixthis.reg to my desktop and then double clicking it, I get an error that says: "C:\Documents and Settings\E Miller\Desktop\fixthis.reg is not a valid Win32 application."

What should I do?
  • 0

#10
kahdah
Posted 10 March 2008 - 07:23 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please Go to start > run and type: cmd
This should open the command prompt Window (A black Window)

In the command prompt Window type the following commands:

assoc .reg=regfile Hit enter

ftype regfile=regedit.exe "%1" Hit enter

there should be a space between assoc and .reg
there should be a space between regedit.exe and "%1"

Then close the command prompt by typing exit or just close it using the x in the corner.

Then try the reg fix again.
  • 0

#11
Sloooow Computer
Posted 11 March 2008 - 07:41 AM

Sloooow Computer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Everything seems to be working now. Thanks a million!
  • 0

#12
kahdah
Posted 11 March 2008 - 06:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome and thank you for the donation :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#13
kahdah
Posted 11 March 2008 - 06:41 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP