Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I keep getting pop ups [RESOLVED]


  • This topic is locked This topic is locked

#16
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Gravity,

Yea its a complicated one, im no expert but i tryed quite alot before seeking help and didnt get to the bottom of it.

As i said DSS isnt producing the extra.txt only the main.txt which is posted in the last reply.

Regards,

Furio
  • 0

Advertisements


#17
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Your post must have been cut off then. Could you please re-post the main.txt portion of the DSS log?
  • 0

#18
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Deckard's System Scanner v20071014.68
Run by John Chilcott on 2008-07-06 23:21:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John Chilcott.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:33, on 06/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\John Chilcott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNCH~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6781 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 13:23:44 0 d-------- C:\Program Files\PartyGaming
2008-06-21 01:40:05 0 d-------- C:\WINDOWS\pss
2008-06-21 01:02:15 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Auslogics
2008-06-21 01:01:43 0 d-------- C:\Program Files\Auslogics
2008-06-21 00:24:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 00:24:01 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Mozilla
2008-06-17 14:48:07 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 14:48:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 14:48:06 0 d-------- C:\Program Files\Xvid
2008-06-16 22:05:00 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-16 21:58:56 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-16 01:07:19 0 d-------- C:\Program Files\PFConfig
2008-06-16 00:16:09 0 d-------- C:\Downloads
2008-06-16 00:15:26 0 d-------- C:\Program Files\BitComet
2008-06-11 22:17:51 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-11 00:05:30 0 d-------- C:\Program Files\Native Instruments
2008-06-11 00:05:30 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-06-10 23:38:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\BitZipper
2008-06-10 23:38:12 0 d-------- C:\Program Files\BitZipper
2008-06-09 01:16:36 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2008-07-06 13:41:53 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\OpenOffice.org2
2008-07-06 13:41:12 0 d-------- C:\Program Files\McAfee
2008-07-04 22:46:06 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\LimeWire
2008-07-02 20:30:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 20:30:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\SUPERAntiSpyware.com
2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files
2008-06-20 14:26:47 0 d-------- C:\Program Files\Tibia
2008-06-17 11:49:14 0 d-------- C:\Program Files\Google
2008-06-16 19:41:15 0 d-------- C:\Program Files\Panda Security
2008-06-08 16:25:48 0 d-------- C:\Program Files\Common Files\John
2008-06-05 23:19:56 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\.BitTornado
2008-06-05 21:54:15 0 d-------- C:\Program Files\Image-Line
2008-06-05 21:54:08 0 d-------- C:\Program Files\VstPlugins
2008-06-05 16:36:03 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-08 20:34:31 0 d-------- C:\Program Files\Trend Micro
2008-05-08 19:57:39 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-05-08 19:47:05 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Malwarebytes
2008-05-08 19:46:44 0 d-------- C:\Program Files\Common Files\Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [01/11/2006 13:48]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [24/03/2006 18:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/08/2006 19:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/03/2008 15:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 12:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"uikqa"="c:\documents and settings\john chilcott\local settings\application data\uikqa.exe" [01/07/2008 18:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\John Chilcott\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikkwukqy]
c:\documents and settings\john chilcott\local settings\application data\ikkwukqy.exe ikkwukqy

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NNServ"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-06 23:22:02 ------------
  • 0

#19
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
furio, alright, found two more things that we need to take care of.

STEP ONE
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    c:\documents and settings\john chilcott\local settings\application data\uikqa.exe
    c:\documents and settings\john chilcott\local settings\application data\ikkwukqy.exe
    
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uikqa
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\\ikkwukqy
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

After this, please reboot. Once you have rebooted your PC, please post a new DSS log, the main.txt will be fine.
  • 0

#20
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Deckard's System Scanner v20071014.68
Run by John Chilcott on 2008-07-08 12:05:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John Chilcott.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:23, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John Chilcott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNCH~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6841 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 13:23:44 0 d-------- C:\Program Files\PartyGaming
2008-06-21 01:40:05 0 d-------- C:\WINDOWS\pss
2008-06-21 01:02:15 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Auslogics
2008-06-21 01:01:43 0 d-------- C:\Program Files\Auslogics
2008-06-21 00:24:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 00:24:01 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Mozilla
2008-06-17 14:48:07 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 14:48:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 14:48:06 0 d-------- C:\Program Files\Xvid
2008-06-16 22:05:00 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-16 21:58:56 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-16 01:07:19 0 d-------- C:\Program Files\PFConfig
2008-06-16 00:16:09 0 d-------- C:\Downloads
2008-06-16 00:15:26 0 d-------- C:\Program Files\BitComet
2008-06-11 22:17:51 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-11 00:05:30 0 d-------- C:\Program Files\Native Instruments
2008-06-11 00:05:30 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-06-10 23:38:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\BitZipper
2008-06-10 23:38:12 0 d-------- C:\Program Files\BitZipper
2008-06-09 01:16:36 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2008-07-08 11:54:54 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\OpenOffice.org2
2008-07-07 18:01:19 0 d-------- C:\Program Files\McAfee
2008-07-04 22:46:06 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\LimeWire
2008-07-02 20:30:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 20:30:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\SUPERAntiSpyware.com
2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files
2008-06-20 14:26:47 0 d-------- C:\Program Files\Tibia
2008-06-17 11:49:14 0 d-------- C:\Program Files\Google
2008-06-16 19:41:15 0 d-------- C:\Program Files\Panda Security
2008-06-08 16:25:48 0 d-------- C:\Program Files\Common Files\John
2008-06-05 23:19:56 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\.BitTornado
2008-06-05 21:54:15 0 d-------- C:\Program Files\Image-Line
2008-06-05 21:54:08 0 d-------- C:\Program Files\VstPlugins
2008-06-05 16:36:03 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-08 20:34:31 0 d-------- C:\Program Files\Trend Micro
2008-05-08 19:57:39 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2008-05-08 19:47:05 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Malwarebytes
2008-05-08 19:46:44 0 d-------- C:\Program Files\Common Files\Download Manager


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [01/11/2006 13:48]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [24/03/2006 18:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/08/2006 19:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/03/2008 15:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 12:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]
"iaqgguk"="c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe" [07/07/2008 16:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\John Chilcott\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikkwukqy]
c:\documents and settings\john chilcott\local settings\application data\ikkwukqy.exe ikkwukqy

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NNServ"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-08 12:05:51 ------------


OTMoveIt2 log file:

File/Folder c:\documents and settings\john chilcott\local settings\application data\uikqa.exe not found.
File/Folder c:\documents and settings\john chilcott\local settings\application data\ikkwukqy.exe not found.
File/Folder not found.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uikqa >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\uikqa not found.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\\ikkwukqy >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\\ikkwukqy not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_115957
  • 0

#21
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
furio, lets try this.

STEP ONE
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

STEP TWO
Next, I would like you open a new text document. Go to the Start Menu, then All Programs/Programs, then to Accessories, then click Notepad.

Copy the following into the Notepad window.
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uikqa"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikkwukqy]
Now, in notepad go to File and the Save As. Change the location to your desktop by clicking the Desktop icon on the left hand side. Then where it has "*.txt", replace that with "gtgfix.reg", then change the Save as type to "All Files", then click save.

You should now have a file on your desktop called gtgfix.reg, go ahead and double click on that file. It will ask if you want to import this into the registry, just click yes.

STEP THREE
Also, please post a new DSS log with your next reply.
  • 0

#22
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ok thats done matey!

Deckard's System Scanner v20071014.68
Run by John Chilcott on 2008-07-09 19:31:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John Chilcott.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:24, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John Chilcott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNCH~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iaqgguk] c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe iaqgguk
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0157921215627492) (0157921215627492mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\015792~1.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7172 bytes

-- Files created between 2008-06-09 and 2008-07-09 -----------------------------

2008-07-09 19:18:06 0 d-------- C:\WINDOWS\LastGood
2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 13:23:44 0 d-------- C:\Program Files\PartyGaming
2008-06-21 01:40:05 0 d-------- C:\WINDOWS\pss
2008-06-21 01:02:15 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Auslogics
2008-06-21 01:01:43 0 d-------- C:\Program Files\Auslogics
2008-06-21 00:24:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 00:24:01 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Mozilla
2008-06-17 14:48:07 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 14:48:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 14:48:06 0 d-------- C:\Program Files\Xvid
2008-06-16 22:05:00 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-16 21:58:56 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-16 01:07:19 0 d-------- C:\Program Files\PFConfig
2008-06-16 00:16:09 0 d-------- C:\Downloads
2008-06-16 00:15:26 0 d-------- C:\Program Files\BitComet
2008-06-11 22:17:51 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-11 00:05:30 0 d-------- C:\Program Files\Native Instruments
2008-06-11 00:05:30 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-06-10 23:38:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\BitZipper
2008-06-10 23:38:12 0 d-------- C:\Program Files\BitZipper
2008-06-09 01:16:36 0 d--h----- C:\WINDOWS\PIF


-- Find3M Report ---------------------------------------------------------------

2008-07-09 19:18:05 0 d-------- C:\Program Files\McAfee
2008-07-08 18:35:37 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\OpenOffice.org2
2008-07-04 22:46:06 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\LimeWire
2008-07-02 20:30:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 20:30:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\SUPERAntiSpyware.com
2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files
2008-06-20 14:26:47 0 d-------- C:\Program Files\Tibia
2008-06-17 11:49:14 0 d-------- C:\Program Files\Google
2008-06-16 19:41:15 0 d-------- C:\Program Files\Panda Security
2008-06-08 16:25:48 0 d-------- C:\Program Files\Common Files\John
2008-06-05 23:19:56 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\.BitTornado
2008-06-05 21:54:15 0 d-------- C:\Program Files\Image-Line
2008-06-05 21:54:08 0 d-------- C:\Program Files\VstPlugins
2008-06-05 16:36:03 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-08 19:57:39 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [01/11/2006 13:48]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [24/03/2006 18:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/08/2006 19:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/03/2008 15:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 12:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]
"iaqgguk"="c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe" [07/07/2008 16:56]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\John Chilcott\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NNServ"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-09 19:31:52 ------------


Love john xx :)
  • 0

#23
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
furio, looks like we have a stubborn piece of malware here. I'd like for you to upload a file to let some analyst look at it and maybe tell us what it is and then lets run a new spyware scan with Malwarebytes' Anti-Malware.

STEP ONE
Set Explorer to view Hidden Files and Folders:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Show all Files and Folders
  • Select Apply to All Folders | Yes | Apply | OK.
Go to this link, fill in your username and the link to this thread, then click on browse and locate this file on your computer, then click on "send file".

c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe

Set Explorer to Defaults:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Restore Defaults
  • Select Apply to All Folders | Yes | Apply | OK

STEP TWO
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iaqgguk
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP THREE
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

After this, please reboot. Once you have rebooted your PC, please post a new DSS log, the main.txt will be fine.
  • 0

#24
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2

23:03:56 09/07/2008
mbam-log-7-9-2008 (23-03-56).txt

Scan type: Quick Scan
Objects scanned: 41249
Time elapsed: 6 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
End.

Explorer killed successfully
File move failed. c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe scheduled to be moved on reboot.
< HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iaqgguk >
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iaqgguk deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\flaF2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF57A7.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF5803.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DFD98F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DFDA3D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_UqvduPf4Cg20DRD scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_0y209x0RmloVkPn scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_He7J80Fmxr1s4y6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_U5mmYcJ2xz8kVOg scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_4JS8PbCOmoPWtUT scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_lcoStOyZuSx8nI1 scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_224745

Files moved on Reboot...
c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe moved successfully.
File C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\flaF2.tmp not found!
File C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF57A7.tmp not found!
File C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF5803.tmp not found!
File C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DFD98F.tmp not found!
File C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DFDA3D.tmp not found!
File C:\WINDOWS\temp\mcafee_UqvduPf4Cg20DRD not found!
File C:\WINDOWS\temp\mcmsc_0y209x0RmloVkPn not found!
File C:\WINDOWS\temp\mcmsc_He7J80Fmxr1s4y6 not found!
File C:\WINDOWS\temp\mcmsc_U5mmYcJ2xz8kVOg not found!
C:\WINDOWS\temp\sqlite_4JS8PbCOmoPWtUT moved successfully.
C:\WINDOWS\temp\sqlite_lcoStOyZuSx8nI1 moved successfully.
  • 0

#25
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
furio, thanks for those logs they are looking good. Can you please post a new DSS main.txt log?
  • 0

Advertisements


#26
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Deckard's System Scanner v20071014.68
Run by John Chilcott on 2008-07-10 17:24:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as John Chilcott.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:10, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\SSUPDATE.EXE
C:\Documents and Settings\John Chilcott\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JOHNCH~1.EXE
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [iaqgguk] c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe iaqgguk
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0157921215627492) (0157921215627492mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\015792~1.EXE (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7244 bytes

-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-09 22:56:38 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 13:23:44 0 d-------- C:\Program Files\PartyGaming
2008-06-21 01:40:05 0 d-------- C:\WINDOWS\pss
2008-06-21 01:02:15 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Auslogics
2008-06-21 01:01:43 0 d-------- C:\Program Files\Auslogics
2008-06-21 00:24:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-21 00:24:01 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\Mozilla
2008-06-17 14:48:07 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-17 14:48:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-17 14:48:06 0 d-------- C:\Program Files\Xvid
2008-06-16 22:05:00 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-16 21:58:56 8464 --a------ C:\WINDOWS\system32\sporder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-06-16 01:07:19 0 d-------- C:\Program Files\PFConfig
2008-06-16 00:16:09 0 d-------- C:\Downloads
2008-06-16 00:15:26 0 d-------- C:\Program Files\BitComet
2008-06-11 22:17:51 0 d-------- C:\Program Files\Windows Live Safety Center
2008-06-11 00:05:30 0 d-------- C:\Program Files\Native Instruments
2008-06-11 00:05:30 0 d-------- C:\Program Files\Common Files\Native Instruments
2008-06-10 23:38:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\BitZipper
2008-06-10 23:38:12 0 d-------- C:\Program Files\BitZipper


-- Find3M Report ---------------------------------------------------------------

2008-07-10 17:24:45 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\OpenOffice.org2
2008-07-09 19:18:05 0 d-------- C:\Program Files\McAfee
2008-07-04 22:46:06 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\LimeWire
2008-07-02 20:30:20 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 20:30:17 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\SUPERAntiSpyware.com
2008-07-02 20:29:55 0 d-------- C:\Program Files\Common Files
2008-06-20 14:26:47 0 d-------- C:\Program Files\Tibia
2008-06-17 11:49:14 0 d-------- C:\Program Files\Google
2008-06-16 19:41:15 0 d-------- C:\Program Files\Panda Security
2008-06-08 16:25:48 0 d-------- C:\Program Files\Common Files\John
2008-06-05 23:19:56 0 d-------- C:\Documents and Settings\John Chilcott\Application Data\.BitTornado
2008-06-05 21:54:15 0 d-------- C:\Program Files\Image-Line
2008-06-05 21:54:08 0 d-------- C:\Program Files\VstPlugins
2008-06-05 16:36:03 0 d-------- C:\Program Files\Common Files\McAfee
2008-05-08 19:57:39 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
26/11/2007 10:46 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05/08/2005 14:56]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [01/11/2006 13:48]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [13/12/2005 18:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [13/12/2005 18:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [13/12/2005 18:45]
"SigmatelSysTrayApp"="stsystra.exe" [24/03/2006 18:30 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [03/08/2006 19:51]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [08/03/2006 13:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [23/03/2008 15:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 12:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [28/05/2008 10:33]
"iaqgguk"="c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\John Chilcott\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [20/10/2005 12:04:08]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NNServ"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-07-10 17:26:21 ------------
  • 0

#27
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
furio,
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKCU\..\Run: [iaqgguk] c:\documents and settings\john chilcott\local settings\application data\iaqgguk.exe iaqgguk

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\NNServ
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Also, please post a new HijackThis log when this is complete.
  • 0

#28
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Explorer killed successfully
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\NNServ >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\NNServ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF789A.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF78AC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF83E2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JOHNCH~1\LOCALS~1\Temp\~DF8412.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcafee_eHgocegDG50TBaN scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_CNgEs8UH4DWHodE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_P1GEWaKFwuFdzdv scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_wb0Z8gqQkS3w0rS scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_558Jn6ngvgo2brc scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_HOcj3G4Fs7kqEYJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ih3ljeH1x4qIwgJ scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\sqlite_ohQ2gqyyjxH2sXF scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07112008_032716

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:33:17, on 11/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [OTScanIt] C:\Documents and Settings\John Chilcott\Desktop\OTMoveIt2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6477 bytes
  • 0

#29
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
furio, are you still receiving popups?
  • 0

#30
furio

furio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
They seem to have got worse!!! NA not really i have tested out my internet and it seems they have all gone finally!! Amsome.

Thanks for your help and patience on this one.

Many thanks

John
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP