IE 7 popups

[JSquier]

I'm having problems with popups here at work. Yes I want to use Firefox, but for work, I can't because it doesn't support what I need for work.
This is on IE 7 on a brand new Dell computer with popups off entirely yet I still get them opening in a new window even though I have it set to open in a new tab. How the can I fix this?????

I've used:
Spyware Doctor
Zone Alarm
Ad-Aware
CounterSpy
HiJackthis

 

[Punk]

Let's see your Hijackthis log...

 

[JSquier]

Logfile of HijackThis v1.99.1
Scan saved at 5:26:34 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\sda\bin\tgsrvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adp\ws2000\ws2000.exe
C:\NISSAN\Fastwin.exe
C:\Program Files\ADP\websuite TE\3.6\BZVT.EXE
C:\Program Files\ADP\webSuite TE\4.0\BZVBA.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jeremy Squier\My Documents\HijackThis.exe

O1 - Hosts: 207.184.109.65 sda.ds.adp.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file:///D:/autorun/PC-CONFIG-CHECK.CAB
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4DBE4C3-CB3F-4D39-B41C-124B39D70FF6}: NameServer = 151.164.11.201,151.164.160.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4DBE4C3-CB3F-4D39-B41C-124B39D70FF6}: NameServer = 151.164.11.201,151.164.160.201
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SupportSoft Repair Service (sda) (tgsrvc_sda) - SupportSoft, Inc. - C:\Program Files\sda\bin\tgsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[Punk]

Logfile of HijackThis v1.99.1
Scan saved at 5:26:34 PM, on 8/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\sda\bin\tgsrvc.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adp\ws2000\ws2000.exe
C:\NISSAN\Fastwin.exe
C:\Program Files\ADP\websuite TE\3.6\BZVT.EXE
C:\Program Files\ADP\webSuite TE\4.0\BZVBA.EXE
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jeremy Squier\My Documents\HijackThis.exe

O1 - Hosts: 207.184.109.65 sda.ds.adp.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00906302-0F14-442C-B39C-275F61BC25BC} (atSdaCfg Control) - file://D:\autorun\atSdaCfg.CAB
O16 - DPF: {4E8AEBE0-31A6-43B0-A429-748DB14A70A0} (SysEngW2k Control) - file:///D:/autorun/PC-CONFIG-CHECK.CAB
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4DBE4C3-CB3F-4D39-B41C-124B39D70FF6}: NameServer = 151.164.11.201,151.164.160.201
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4DBE4C3-CB3F-4D39-B41C-124B39D70FF6}: NameServer = 151.164.11.201,151.164.160.201
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SupportSoft Repair Service (sda) (tgsrvc_sda) - SupportSoft, Inc. - C:\Program Files\sda\bin\tgsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

This is all I found

in Blue The IP adress I'm not sure if it's a good one.
in Red I have found a spyware, it was hiding under the Java CLSID, if you look right under it, you will find the same CLSID of the righ JAVA button.

I have Underlined a few 016, I don't know if they're right.

Please check the IP of the 017 too, I couldn't find any help on those.

PS: I recomend you wait for an answer from someone like Buzz first, because I am still learning and might make mistakes.

 

[Buzz1927]

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Then rename Hijackthis to something random.exe and post a new log.

 

[Punk]

Buzz was my log analysis right though?

 

[Buzz1927]

Buzz was my log analysis right though?

The log's actually clean, it's what you don't see that's important.

 

[Punk]

The log's actually clean, it's what you don't see that's important.

What do you mean? something's missing?

The spyware I found wasn't one? ( I looked it up in Castlecops)...

 

[JSquier]

Hope this is what you guys might need. ADP/WEBSuite is a work program so disregard that

ComboFix 07-07-30.2 - "Jeremy Squier" 2007-08-02 8:12:50.1 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\filbtsqt.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\xxyayvt.dll
C:\WINDOWS\system32\xxyayvt.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\xxyayvt.dll
C:\WINDOWS\system32\xxyayvt.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\x64


((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))


2007-08-02 08:14 4,672 --a------ C:\WINDOWS\system32\qakgewif.exe
2007-08-02 08:12 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 16:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-01 15:57 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-08-01 15:53 <DIR> d-------- C:\Program Files\Nero
2007-08-01 15:53 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-08-01 14:18 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2007-08-01 14:18 20,480 --a------ C:\WINDOWS\system32\wbload.dll
2007-08-01 14:18 <DIR> d-------- C:\Program Files\Stardock
2007-08-01 13:03 512 --a------ C:\ScanSectorLog.dat
2007-08-01 13:02 62,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-01 13:02 2,783,008 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-01 12:55 125,504 --a------ C:\WINDOWS\system32\spmpnigk.dll
2007-08-01 12:54 <DIR> d-------- C:\DOCUME~1\JEREMY~1\APPLIC~1\MailFrontier
2007-08-01 12:49 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-08-01 12:49 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-08-01 12:49 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-08-01 12:49 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-08-01 12:49 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-08-01 12:47 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-08-01 12:45 <DIR> d-------- C:\Program Files\PowerArchiver
2007-08-01 07:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BlueZone
2007-08-01 07:42 <DIR> d-------- C:\Program Files\ADP Dealer Services
2007-08-01 07:41 <DIR> d-------- C:\Program Files\Adp
2007-08-01 07:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Seagull Software
2007-07-31 17:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~2.WIN\APPLIC~1\SupportSoft
2007-07-31 17:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\SupportSoft
2007-07-31 17:49 <DIR> d-------- C:\Program Files\sda
2007-07-31 17:49 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-07-31 17:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-07-31 12:54 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-07-31 12:53 <DIR> d-------- C:\Program Files\MSBuild
2007-07-31 12:49 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2007-07-31 12:49 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-07-31 12:49 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-07-31 12:49 <DIR> d-------- C:\6fa9a37e7fb8aa0c41a16b0890845a92
2007-07-31 12:42 36,352 --a------ C:\WINDOWS\system32\tsgqec.dll
2007-07-31 12:42 288,768 --a------ C:\WINDOWS\system32\rhttpaa.dll
2007-07-31 12:42 116,736 --a------ C:\WINDOWS\system32\aaclient.dll
2007-07-31 11:41 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-31 11:20 <DIR> d--hs---- C:\DOCUME~1\JEREMY~1\UserData
2007-07-31 07:59 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-31 07:59 <DIR> d-------- C:\DOCUME~1\JEREMY~1\APPLIC~1\Lavasoft
2007-07-31 07:42 125,504 --a------ C:\WINDOWS\system32\uhpvmndu.dll
2007-07-30 11:46 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-07-30 08:40 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-07-30 08:40 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-07-30 08:40 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-07-30 08:40 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2007-07-30 08:40 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-07-30 08:40 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-07-30 08:40 <DIR> d-------- C:\DOCUME~1\JEREMY~1\APPLIC~1\PC Tools
2007-07-30 08:39 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-07-27 10:18 <DIR> d-------- C:\Program Files\VistaCodecPack
2007-07-27 10:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-27 10:00 228,960 --------- C:\WINDOWS\system32\mllmm.dll
2007-07-27 09:55 31,254 --------- C:\WINDOWS\system32\xxyayvt.dll
2007-07-27 09:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-27 09:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-27 09:30 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-07-27 09:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-27 09:30 <DIR> d-------- C:\9267bbe0a230c64c39dca5
2007-07-26 13:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-07-26 11:05 <DIR> d-------- C:\Program Files\uTorrent
2007-07-26 11:05 <DIR> d-------- C:\DOCUME~1\JEREMY~1\APPLIC~1\uTorrent
2007-07-26 09:04 <DIR> d-------- C:\Program Files\iPod Access for Windows
2007-07-25 12:58 <DIR> d-------- C:\Program Files\iTunes
2007-07-25 12:58 <DIR> d-------- C:\Program Files\iPod
2007-07-25 12:56 <DIR> d-------- C:\Program Files\QuickTime
2007-07-25 12:56 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-25 12:55 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-07-25 12:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-25 12:28 <DIR> d-------- C:\DOCUME~1\JEREMY~1\APPLIC~1\Apple Computer
2007-07-25 12:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-24 15:54 <DIR> d-------- C:\DOCUME~1\JEREMY~1\HODObjs
2007-07-24 15:54 <DIR> d-------- C:\DOCUME~1\JEREMY~1\HODData
2007-07-24 15:52 <DIR> d-------- C:\DOCUME~1\JEREMY~1\HODCCweb3270.nnanet.com
2007-07-21 11:42 <DIR> d-------- C:\DOCUME~1\JEREMY~1\APPLIC~1\AdobeUM
2007-07-21 07:29 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-20 17:41 1,688 --a------ C:\WINDOWS\mozver.dat
2007-07-20 17:34 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-07-20 17:27 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-07-20 17:20 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-07-20 17:20 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-07-20 17:20 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-07-20 17:20 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-07-20 17:19 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-07-20 17:17 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-20 15:12 <DIR> d-------- C:\Program Files\HP
2007-07-20 15:12 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-07-20 14:10 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-07-20 14:10 <DIR> d-------- C:\Program Files\AskPBar
2007-07-20 14:09 <DIR> d-------- C:\Program Files\Trillian
2007-07-20 13:53 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-07-20 13:53 87,040 --a------ C:\WINDOWS\system32\P2BDAO.DLL
2007-07-20 13:53 748,160 --a------ C:\WINDOWS\system32\CO2C40EN.DLL
2007-07-20 13:53 54,272 --a------ C:\WINDOWS\system32\P2IRDAO.DLL
2007-07-20 13:53 50,176 --a------ C:\WINDOWS\system32\CTDAO.DLL
2007-07-20 13:53 415,504 --a------ C:\WINDOWS\system32\MSREPL35.DLL
2007-07-20 13:53 36,352 --a------ C:\WINDOWS\system32\P2BBND.DLL


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-02 08:14 6884 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-02 08:14 38300 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-07-18 21:23 --------- d-------- C:\Program Files\Messenger
2007-07-18 21:07 6430 --a------ C:\WINDOWS\system32\drivers\1028_Dell_DIM_DM061.mrk
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FB63E52-4D6E-48C1-A08F-F630FE50F337}]
2007-07-27 09:55 31254 --------- C:\WINDOWS\system32\xxyayvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{487B5771-6E92-4323-9308-985A6E9E9D4A}]
2007-07-27 10:00 228960 --------- C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 10:20 C:\WINDOWS\stsystra.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 16:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 07:21 155648]
"{1FB63E52-4D6E-48C1-A08F-F630FE50F337}"= C:\WINDOWS\system32\xxyayvt.dll [2007-07-27 09:55 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm]
C:\WINDOWS\system32\mllmm.dll 2007-07-27 10:00 228960 C:\WINDOWS\system32\mllmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayvt]
xxyayvt.dll 2007-07-27 09:55 31254 C:\WINDOWS\system32\xxyayvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\DellSupport\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
"c:\dell\E-Center\EULALauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MskAgentexe]
C:\Program Files\McAfee\MSK\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer]
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\spmpnigk.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\drivers\iaStor.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\system32\drivers\ASCTRM.sys
R2 dsunidrv;DellSupport UniDriver;C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
R2 tgsrvc_sda;SupportSoft Repair Service (sda);C:\Program Files\sda\bin\tgsrvc.exe /p sda
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver;C:\WINDOWS\system32\DRIVERS\e1e5132.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
S3 DSproct;DSproct;\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 IKFileFlt;File Filter Driver;C:\WINDOWS\system32\drivers\ikfileflt.sys
S3 IKFileSec;File Security Driver;C:\WINDOWS\system32\drivers\ikfilesec.sys
S3 IkSysFlt;System Filter Driver;C:\WINDOWS\system32\drivers\iksysflt.sys
S3 IKSysSec;System Security Driver;C:\WINDOWS\system32\drivers\iksyssec.sys
S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-26 17:51:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 08:16:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-02 8:17:51 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-02 08:17

--- E O F ---

 

[JSquier]

My mouse is dragging too btw

 

[Buzz1927]

Can you post the re-named Hijackthis aswell, thanks.

What do you mean? something's missing?

Yes, somethings missing...

The spyware I found wasn't one? ( I looked it up in Castlecops)...

So did I, it's legit
http://www.castlecops.com/o9list-4.html

 

[Punk]

Yes but if you enter just the CLSID, you'll see that there are two results, one L and the other X. Since he has twice the same button, and that one has no name, I thought that the one without a name was a spyware.

 

[Buzz1927]

Yes but if you enter just the CLSID, you'll see that there are two results, one L and the other X. Since he has twice the same button, and that one has no name, I thought that the one without a name was a spyware.

Best to take this to pm's, not in someone's thread

 

[Punk]

Best to take this to pm's, not in someone's thread

Yeah sorry about that JSquier