Options
IE Pop-ups while running Firefox
Hey, so i've had this problem for about a month and i've been trying to fix it myself, but so far everything i've done hasn't had any effect. So yeah, i get pop ups from various sites including some blank ones with the header Powered by Zedo. Any help would be appreciated
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:29 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\llass.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {4947B574-5B3A-4720-B48B-9B631A152EB0} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {57C2F6D2-7AFA-488C-7090-94AB3D458B37} - C:\Program Files\MSN Gaming Zone\qufax122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\System32\yayvuvs.dll (file missing)
O2 - BHO: (no name) - {b6fa7c08-6978-49fb-be36-5a33b3f62819} - C:\WINDOWS\System32\diombwy.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FF944266-E0BD-4457-8032-0E61251754F6} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MircoSoftSN] llass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [MircoSoftSN] llass.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe (User '?') O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - S-1-5-21-436374069-362288127-725345543-1003 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User '?')
O4 - S-1-5-21-436374069-362288127-725345543-1003 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?') O4 - S-1-5-21-436374069-362288127-725345543-1003 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200871025000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200873267515
O20 - Winlogon Notify: axixhgnz - axixhgnz.dll (file missing)
O20 - Winlogon Notify: yayvuvs - yayvuvs.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 8768 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:29 PM, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\llass.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {4947B574-5B3A-4720-B48B-9B631A152EB0} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {57C2F6D2-7AFA-488C-7090-94AB3D458B37} - C:\Program Files\MSN Gaming Zone\qufax122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\System32\yayvuvs.dll (file missing)
O2 - BHO: (no name) - {b6fa7c08-6978-49fb-be36-5a33b3f62819} - C:\WINDOWS\System32\diombwy.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FF944266-E0BD-4457-8032-0E61251754F6} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [MircoSoftSN] llass.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [MircoSoftSN] llass.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU" (User '?')
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe (User '?') O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-436374069-362288127-725345543-1003\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 (User '?')
O4 - S-1-5-21-436374069-362288127-725345543-1003 Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe (User '?')
O4 - S-1-5-21-436374069-362288127-725345543-1003 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '?') O4 - S-1-5-21-436374069-362288127-725345543-1003 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User '?')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200871025000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200873267515
O20 - Winlogon Notify: axixhgnz - axixhgnz.dll (file missing)
O20 - Winlogon Notify: yayvuvs - yayvuvs.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 8768 bytes
0
Comments
I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
Step 1:
Please download MBAM and ComboFix to your desktop
Step 2:
Run Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.Step 3:
Run ComboFix
Warning: You should not use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could render your system/pc inoperable.
Thanks for helping me so far, I followed your carefully, here are the results:
Combofix:
ComboFix 08-04-08.4 - Owner 2008-04-08 15:26:44.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Owner\My Documents\ASEMBL~1
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\_000004_.tmp.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000010_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\_000012_.tmp.dll
C:\WINDOWS\system32\bmthuaut.dll
C:\WINDOWS\system32\dqdycivb.dll
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\kjpyeldo.dll
C:\WINDOWS\system32\knnmp.ini
C:\WINDOWS\system32\knnmp.ini2
C:\WINDOWS\system32\ndacodpa.ini
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\owytjadc.dll
C:\WINDOWS\system32\oyetbqtx.dll
C:\WINDOWS\system32\ubrrlifk.dll
C:\WINDOWS\system32\ulgngggq.dll
C:\WINDOWS\system32\whmxectw.dll
C:\WINDOWS\system32\whrfednr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
\Legacy_CMDSERVICE
\Legacy_DOMAINSERVICE
\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.
2008-04-08 15:03 . 2008-04-08 15:03 d
C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-08 15:02 . 2008-04-08 15:02 d
C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 15:02 . 2008-04-08 15:02 d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 21:29 . 2008-04-06 21:29 d
C:\Program Files\SpywareBlaster
2008-04-06 21:29 . 2008-04-06 21:33 d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 21:29 . 2005-08-25 18:18 118,784 --a
C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-06 19:25 . 2008-04-06 19:25 230 --a
C:\WINDOWS\system32\spupdsvc.inf
2008-04-06 19:08 . 2008-04-06 19:08 d
C:\Documents and Settings\Owner\dwhelper
2008-04-06 14:21 . 2008-04-07 15:38 69 --a
C:\WINDOWS\NeroDigital.ini
2008-04-02 04:08 . 2008-04-02 04:08 d
C:\Program Files\MSXML 4.0
2008-03-31 18:58 . 2008-03-31 18:58 d
C:\Program Files\NeroInstall.bak
2008-03-31 18:52 . 2008-03-31 18:52 d
C:\Documents and Settings\Owner\Application Data\Nero
2008-03-31 18:42 . 2008-03-31 18:42 d
C:\Program Files\Nero
2008-03-31 18:42 . 2008-03-31 18:47 d
C:\Program Files\Common Files\Nero
2008-03-31 18:42 . 2008-03-31 18:42 d
C:\Documents and Settings\All Users\Application Data\Nero
2008-03-30 22:07 . 2008-03-30 22:10 115,844 --a
C:\iphonecover.png
2008-03-20 01:30 . 2008-03-20 01:30 31,304 --ah
C:\WINDOWS\system32\mlfcache.dat
2008-03-16 18:08 . 2008-03-16 20:10 d
C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-16 17:50 . 2008-03-16 17:50 d
C:\Program Files\Common Files\iS3
2008-03-16 17:50 . 2008-03-18 15:34 d
C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-13 17:05 . 2004-08-04 01:56 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-03-13 04:13 . 2008-03-13 04:13 71,745 --a
C:\WINDOWS\system32\MRT.INI
2008-03-09 15:10 . 2008-03-09 15:09 869,336 --a
C:\WINDOWS\unins000.exe
2008-03-09 15:10 . 2008-03-09 15:10 2,547 --a
C:\WINDOWS\unins000.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) .
2008-04-08 19:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-08 19:35 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-04-08 19:00
d
w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-08 01:01
d
w C:\Documents and Settings\Owner\Application Data\MP3Rocket
2008-04-08 00:43
d
w C:\Program Files\mIRC
2008-04-07 19:47
d
w C:\Program Files\Steam
2008-04-03 12:11
d
w C:\Program Files\Trend Micro
2008-03-18 21:34
d
w C:\Program Files\Java
2008-03-15 17:11
d
w C:\Program Files\AIM
2008-03-13 21:03
d
w C:\Program Files\Windows Media Connect 2
2008-03-13 13:22
d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-03-13 12:14
d
w C:\Program Files\DivX
2008-03-13 12:14
d
w C:\Program Files\DirectX
2008-03-13 12:14
d
w C:\Program Files\Common Files\logishrd
2008-03-13 12:14
d
w C:\Program Files\Bonjour
2008-03-13 12:14
d
w C:\Program Files\Apple Software Update
2008-03-13 12:14
d
w C:\Program Files\AOD
2008-03-13 12:13
d
w C:\Program Files\GoldWave
2008-03-13 12:13
d
w C:\Program Files\Folders
2008-03-13 12:12
d
w C:\Program Files\uTorrent
2008-03-13 12:12
d
w C:\Program Files\Spybot - Search & Destroy
2008-03-13 12:12
d
w C:\Program Files\Rainlendar2
2008-03-13 12:12
d
w C:\Program Files\MP3 Rocket
2008-03-13 12:12
d
w C:\Program Files\Last.fm
2008-03-13 12:12
d
w C:\Program Files\iTunes
2008-03-09 19:14
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 16:45
d
w C:\Program Files\Illustrate
2008-03-05 12:00
d
w C:\Documents and Settings\Owner\Application Data\Aim
2008-03-04 21:12
d
w C:\Program Files\Styler
2008-02-28 22:38 1,152,478 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 21:14 1,152,476 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 21:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 21:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-08 15:36
d
w C:\Program Files\Common Files\Java
2008-02-08 15:34
d
w C:\Program Files\AskSBar
2007-06-13 10:23 1,569,246 --sh--r C:\WINDOWS\system32\llass.exe
. ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) .
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4947B574-5B3A-4720-B48B-9B631A152EB0}] C:\WINDOWS\system32\pmnnk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C2F6D2-7AFA-488C-7090-94AB3D458B37}] C:\Program Files\MSN Gaming Zone\qufax122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6fa7c08-6978-49fb-be36-5a33b3f62819}] C:\WINDOWS\System32\diombwy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-02-08 11:34 262144 --a
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-02-08 11:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-08 11:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 06:23 1543136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 2008538]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MircoSoftSN"="llass.exe" [2007-06-13 06:23 1569246 C:\WINDOWS\system32\llass.exe]
"POINTER"="point32.exe" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 16:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 16:16 919006 C:\WINDOWS\system32\nwiz.exe]
"Diamondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2401750]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "MircoSoftSN"="llass.exe" [2007-06-13 06:23 1569246 C:\WINDOWS\system32\llass.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-21 15:42:20 106496]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-21 16:19:52 3450608]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 18:34:48 3925466]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axixhgnz]
axixhgnz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvuvs]
yayvuvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\System32\mllmn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MircoSoftSN]
-r-hs---- 2007-06-13 06:23 1569246 C:\WINDOWS\system32\llass.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a
2008-02-28 10:59 751074 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2275286 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\dei2wizzl3\\counter-strike\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\llass.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\WINDOWS\\explorer.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 02:13:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-08 19:38:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-08 15:37:37 Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Other Running Processes
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-04-08 15:43:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-08 19:43:00
Pre-Run: 5,547,413,504 bytes free
Post-Run: 5,462,945,792 bytes free
.
2008-04-06 19:51:10 --- E O F ---
HT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:54 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\llass.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {4947B574-5B3A-4720-B48B-9B631A152EB0} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {57C2F6D2-7AFA-488C-7090-94AB3D458B37} - C:\Program Files\MSN Gaming Zone\qufax122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {b6fa7c08-6978-49fb-be36-5a33b3f62819} - C:\WINDOWS\System32\diombwy.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [MircoSoftSN] llass.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunServices: [MircoSoftSN] llass.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200871025000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200873267515
O20 - Winlogon Notify: axixhgnz - axixhgnz.dll (file missing)
O20 - Winlogon Notify: yayvuvs - yayvuvs.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 7091 bytes
Post the log if you have it, otherwise, please follow the new instructions
Please do the following....
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
Whoops, forgot about the MBAM log, sorry The IE pop ups have disappeared, thanks alot!
Here are the updated Logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:50 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\llass.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Last.fm\LastFM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {4947B574-5B3A-4720-B48B-9B631A152EB0} - C:\WINDOWS\system32\pmnnk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: 0 - {57C2F6D2-7AFA-488C-7090-94AB3D458B37} - C:\Program Files\MSN Gaming Zone\qufax122.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {b6fa7c08-6978-49fb-be36-5a33b3f62819} - C:\WINDOWS\System32\diombwy.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [MircoSoftSN] llass.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\RunServices: [MircoSoftSN] llass.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINDOWS\TEMP\E_S79.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200871025000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200873267515
O20 - Winlogon Notify: axixhgnz - axixhgnz.dll (file missing)
O20 - Winlogon Notify: yayvuvs - yayvuvs.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 7162 bytes
ComboFix 08-04-08.4 - Owner 2008-04-08 20:11:38.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.
2008-04-08 17:43 . 2008-04-08 20:13 d
C:\WINDOWS\LastGood
2008-04-08 15:03 . 2008-04-08 15:03 d
C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-08 15:02 . 2008-04-08 15:02 d
C:\Program Files\Malwarebytes' Anti-Malware
2008-04-08 15:02 . 2008-04-08 15:02 d
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-07 15:16 . 2008-04-07 15:16 d
C:\Program Files\RAR Password Cracker
2008-04-06 21:29 . 2008-04-06 21:29 d
C:\Program Files\SpywareBlaster
2008-04-06 21:29 . 2008-04-06 21:33 d-a
C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 21:29 . 2005-08-25 18:18 118,784 --a
C:\WINDOWS\system32\MSSTDFMT.DLL
2008-04-06 19:25 . 2008-04-06 19:25 230 --a
C:\WINDOWS\system32\spupdsvc.inf
2008-04-06 19:08 . 2008-04-06 19:08 d
C:\Documents and Settings\Owner\dwhelper
2008-04-06 14:21 . 2008-04-07 15:38 69 --a
C:\WINDOWS\NeroDigital.ini
2008-04-02 04:08 . 2008-04-02 04:08 d
C:\Program Files\MSXML 4.0
2008-03-31 18:58 . 2008-03-31 18:58 d
C:\Program Files\NeroInstall.bak
2008-03-31 18:52 . 2008-03-31 18:52 d
C:\Documents and Settings\Owner\Application Data\Nero
2008-03-31 18:42 . 2008-03-31 18:42 d
C:\Program Files\Nero
2008-03-31 18:42 . 2008-03-31 18:47 d
C:\Program Files\Common Files\Nero
2008-03-31 18:42 . 2008-03-31 18:42 d
C:\Documents and Settings\All Users\Application Data\Nero
2008-03-30 22:07 . 2008-03-30 22:10 115,844 --a
C:\iphonecover.png
2008-03-20 01:30 . 2008-03-20 01:30 31,304 --ah
C:\WINDOWS\system32\mlfcache.dat
2008-03-16 18:08 . 2008-03-16 20:10 d
C:\Documents and Settings\All Users\Application Data\SITEguard
2008-03-16 17:50 . 2008-03-16 17:50 d
C:\Program Files\Common Files\iS3
2008-03-16 17:50 . 2008-03-18 15:34 d
C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-03-13 17:05 . 2004-08-04 01:56 221,184 --a
C:\WINDOWS\system32\wmpns.dll
2008-03-13 04:13 . 2008-03-13 04:13 71,745 --a
C:\WINDOWS\system32\MRT.INI
2008-03-09 15:10 . 2008-03-09 15:09 869,336 --a
C:\WINDOWS\unins000.exe
2008-03-09 15:10 . 2008-03-09 15:10 2,547 --a
C:\WINDOWS\unins000.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-08 21:07
d
w C:\Program Files\Steam
2008-04-08 19:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-04-08 19:35 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-04-08 19:00
d
w C:\Documents and Settings\Owner\Application Data\uTorrent
2008-04-08 01:01
d
w C:\Documents and Settings\Owner\Application Data\MP3Rocket
2008-04-08 00:43
d
w C:\Program Files\mIRC
2008-04-03 12:11
d
w C:\Program Files\Trend Micro
2008-03-18 21:34
d
w C:\Program Files\Java
2008-03-15 17:11
d
w C:\Program Files\AIM
2008-03-13 21:03
d
w C:\Program Files\Windows
Media Connect 2 2008-03-13 13:22
d--h--w C:\Documents and Settings\Owner\Application Data\ijjigame
2008-03-13 12:14
d
w C:\Program Files\DivX
2008-03-13 12:14
d
w C:\Program Files\DirectX
2008-03-13 12:14
d
w C:\Program Files\Common Files\logishrd
2008-03-13 12:14
d
w C:\Program Files\Bonjour
2008-03-13 12:14
d
w C:\Program Files\Apple Software Update
2008-03-13 12:14
d
w C:\Program Files\AOD
2008-03-13 12:13
d
w C:\Program Files\GoldWave
2008-03-13 12:13
d
w C:\Program Files\Folders
2008-03-13 12:12
d
w C:\Program Files\uTorrent
2008-03-13 12:12
d
w C:\Program Files\Spybot - Search & Destroy
2008-03-13 12:12
d
w C:\Program Files\Rainlendar2
2008-03-13 12:12
d
w C:\Program Files\MP3 Rocket
2008-03-13 12:12
d
w C:\Program Files\Last.fm
2008-03-13 12:12
d
w C:\Program Files\iTunes
2008-03-09 19:14
d
w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-07 16:45 345,558 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-07 16:45
d
w C:\Program Files\Illustrate
2008-03-05 12:00
d
w C:\Documents and Settings\Owner\Application Data\Aim
2008-03-04 21:12
d
w C:\Program Files\Styler
2008-02-28 22:38 1,152,478 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-02-26 21:14 1,152,476 ----a-w C:\WINDOWS\UNRecode.exe
2008-02-18 21:21 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-18 21:21 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-02-18 21:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-01-31 14:21 95,296 ----a-w C:\WINDOWS\system32\ssgcwnoq.dll
2008-01-23 22:21 192,988 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-01-20 21:33 558,142 ----a-w C:\WINDOWS\java\Packages\KPVHR771.ZIP
2008-01-20 21:33 155,995 ----a-w C:\WINDOWS\java\Packages\RXJZLNR3.ZIP
2008-01-16 23:25 857,568 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2007-06-13 10:23 1,569,246 --sh--r C:\WINDOWS\system32\llass.exe
. ((((((((((((((((((((((((((((( snapshot@2008-04-08_15.42.23.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 340,954 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 12:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 251,360 ----a-w C:\WINDOWS\fdsv.exe
- 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2000-08-31 12:00:00 258,520 ----a-w C:\WINDOWS\grep.exe
+ 2004-08-04 05:56:48 361,438 ----a-w C:\WINDOWS\LastGood\system32\accwiz.exe
+ 2004-08-04 05:56:48 188,894 ----a-w C:\WINDOWS\LastGood\system32\atmadm.exe
+ 2004-08-04 05:56:48 183,254 ----a-w C:\WINDOWS\LastGood\system32\cisvc.exe
+ 2004-08-04 05:56:48 280,540 ----a-w C:\WINDOWS\LastGood\system32\clipbrd.exe
+ 2004-08-04 05:56:50 205,270 ----a-w C:\WINDOWS\LastGood\system32\conime.exe
+ 2004-08-04 05:56:50 202,716 ----a-w C:\WINDOWS\LastGood\system32\defrag.exe
+ 2004-08-04 05:56:50 193,496 ----a-w C:\WINDOWS\LastGood\system32\dmremote.exe
+ 2004-08-04 05:56:50 188,370 ----a-w C:\WINDOWS\LastGood\system32\dumprep.exe
+ 2004-08-04 05:56:50 223,192 ----a-w C:\WINDOWS\LastGood\system32\extrac32.exe
+ 2004-08-04 05:56:50 198,612 ----a-w C:\WINDOWS\LastGood\system32\fontview.exe
+ 2004-08-04 05:56:52 211,926 ----a-w C:\WINDOWS\LastGood\system32\ie4uinit.exe
+ 2004-08-04 05:56:52 201,178 ----a-w C:\WINDOWS\LastGood\system32\ipxroute.exe
+ 2004-08-04 05:56:52 252,886 ----a-w C:\WINDOWS\LastGood\system32\locator.exe
+ 2004-08-04 05:56:52 250,326 ----a-w C:\WINDOWS\LastGood\system32\magnify.exe
+ 2004-08-04 05:56:54 183,772 ----a-w C:\WINDOWS\LastGood\system32\msdtc.exe
+ 2004-08-04 05:56:54 189,920 ----a-w C:\WINDOWS\LastGood\system32\mstinit.exe
+ 2004-08-04 05:56:56 263,644 ----a-w C:\WINDOWS\LastGood\system32\netsh.exe
+ 2004-08-04 05:56:56 210,396 ----a-w C:\WINDOWS\LastGood\system32\odbcad32.exe
+ 2004-08-04 05:56:56 228,826 ----a-w C:\WINDOWS\LastGood\system32\oobe\oobebaln.exe
+ 2004-08-04 05:56:56 193,494 ----a-w C:\WINDOWS\LastGood\system32\perfmon.exe
+ 2004-08-04 05:56:56 198,102 ----a-w C:\WINDOWS\LastGood\system32\qprocess.exe
+ 2004-08-04 05:56:56 227,798 ----a-w C:\WINDOWS\LastGood\system32\reg.exe
+ 2004-08-04 05:56:56 192,478 ----a-w C:\WINDOWS\LastGood\system32\rsh.exe
+ 2004-08-04 05:56:56 191,962 ----a-w C:\WINDOWS\LastGood\system32\runonce.exe
+ 2004-08-04 05:56:58 220,124 ----a-w C:\WINDOWS\LastGood\system32\shmgrate.exe
+ 2004-08-04 05:56:58 185,814 ----a-w C:\WINDOWS\LastGood\system32\smbinst.exe
+ 2004-08-04 05:56:58 189,406 ----a-w C:\WINDOWS\LastGood\system32\spnpinst.exe
+ 2004-08-04 05:56:58 787,930 ----a-w C:\WINDOWS\LastGood\system32\sspipes.scr
+ 2004-08-04 05:56:58 283,612 ----a-w C:\WINDOWS\LastGood\system32\sysocmgr.exe
+ 2005-05-10 23:45:48 253,406 ----a-w C:\WINDOWS\LastGood\system32\telnet.exe
+ 2004-08-04 05:56:58 194,528 ----a-w C:\WINDOWS\LastGood\system32\upnpcont.exe
+ 2004-08-04 05:56:52 281,046 ----a-w C:\WINDOWS\LastGood\system32\usmt\migload.exe
+ 2004-08-04 05:56:58 467,420 ----a-w C:\WINDOWS\LastGood\system32\vssvc.exe
+ 2004-08-04 05:56:58 183,252 ----a-w C:\WINDOWS\LastGood\system32\winver.exe
+ 2004-08-04 05:56:58 209,884 ----a-w C:\WINDOWS\LastGood\system32\wpabaln.exe
+ 2004-08-04 05:56:58 208,338 ----a-w C:\WINDOWS\LastGood\system32\xcopy.exe
- 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 12:00:00 276,446 ----a-w C:\WINDOWS\sed.exe
- 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 314,330 ----a-w C:\WINDOWS\swsc.exe
- 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
+ 2000-08-31 12:00:00 390,106 ----a-w C:\WINDOWS\swxcacls.exe
- 2008-04-08 19:25:17 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-08 19:43:09 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-08 19:25:17 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-08 19:43:09 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 12:00:00 226,778 ----a-w C:\WINDOWS\VFind.exe
- 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
+ 2000-08-31 12:00:00 245,718 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4947B574-5B3A-4720-B48B-9B631A152EB0}] C:\WINDOWS\system32\pmnnk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C2F6D2-7AFA-488C-7090-94AB3D458B37}] C:\Program Files\MSN Gaming Zone\qufax122.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6fa7c08-6978-49fb-be36-5a33b3f62819}] C:\WINDOWS\System32\diombwy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}] 2008-02-08 11:34 262144 --a
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-02-08 11:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-02-08 11:34 262144]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EPSON Stylus CX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.exe" [ ]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [ ]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 06:23 1543136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 18:07 2008538]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MircoSoftSN"="llass.exe" [2007-06-13 06:23 1569246 C:\WINDOWS\system32\llass.exe]
"POINTER"="point32.exe" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-10-06 16:16 5058560]
"nwiz"="nwiz.exe" [2003-10-06 16:16 919006 C:\WINDOWS\system32\nwiz.exe]
"Diamondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 17:29 2401750]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "MircoSoftSN"="llass.exe" [2007-06-13 06:23 1569246 C:\WINDOWS\system32\llass.exe]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2008-01-21 15:42:20 106496]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-01-21 16:19:52 3450608] Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 18:34:48 3925466]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\axixhgnz]
axixhgnz.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvuvs]
yayvuvs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\System32\mllmn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MircoSoftSN]
-r-hs---- 2007-06-13 06:23 1569246 C:\WINDOWS\system32\llass.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a
2008-02-28 10:59 751074 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2275286 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\steamapps\\dei2wizzl3\\counter-strike\\hl.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\llass.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"C:\\WINDOWS\\explorer.exe"=
"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
R3 Razerlow;Razerlow USB Filter
Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 23:43]
S1 videoprtt;videoprtt;C:\WINDOWS\system32\drivers\videoprtt.sys []
S3 Revolution1;Revolution1;C:\Documents and Settings\Owner\Desktop\GB\Revolution_Engine_8.3_ShaK3\SHAK3.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-04-06 02:13:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-08 19:38:53 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe .
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 20:17:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2008-04-08 20:20:47
ComboFix-quarantined-files.txt 2008-04-09 00:20:36
ComboFix2.txt 2008-04-08 19:43:07
Pre-Run: 5,386,596,352 bytes free
Post-Run: 5,374,009,344 bytes free
.
2008-04-08 19:45:27 --- E O F ---
Please do the following....
1. Please open Notepad
- Click Start , then Run
- Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.
If you are not the user who started this thread, you must start your own Thread instead