LDTate:
Hi, and thanks so much for your help.
Of note (or perhaps not), my system performance had dramatically improved since my original post here and original detected onset (about 10 days ago). Speed has become seemingly normal. However, Avast was still showing mljji.dll infection on boot (and otherwise). Further, Avast, Super Ad Blocker and other program (full) scans were showing varoius VUNDO infections. Just last night, using file research center, find out what's running on your computer, i was directed to and deleted several different variations of VUNDO.
Also of note, after the original detected onset and manual registry tinkering, I had to reinstall or overinstall Windows XP from OEM disc, and I did subsequently reinstall SERVICE PACK 2 (while infected!)
Third, just now (after running COMBOFIX), AOL Spyware showed BIFROST backdoor, which I blocked. This is very first inkling of that.
Below are COMBO and updated HIJACK logs:
ComboFix 08-01-13.1 - Timothy 2008-01-13 11:09:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.265 [GMT -5:00]
Running from: C:\Documents and Settings\Timothy\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Alwil Software\Avast4\ashDisp .exe
C:\Program Files\Common Files\AOL\1115497508\ee\AOLSoftware.exe
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\Pure Networks\Port Magic\PO4A1A~1 .EXE
C:\Program Files\Pure Networks\Port Magic\PO4A1A~2 .EXE
C:\Program Files\Pure Networks\Port Magic\PO4A1A~3 .EXE
C:\Program Files\Pure Networks\Port Magic\PO4A1A~4 .EXE
C:\Program Files\Pure Networks\Port Magic\PO579B~1 .EXE
C:\Program Files\Pure Networks\Port Magic\PO579B~2 .EXE
C:\Program Files\Pure Networks\Port Magic\PO579B~3 .EXE
C:\Program Files\Pure Networks\Port Magic\PO579B~4 .EXE
C:\Program Files\Pure Networks\Port Magic\PO6634~1 .EXE
C:\Program Files\Pure Networks\Port Magic\PO6634~2 .EXE
C:\Program Files\Pure Networks\Port Magic\PO6634~3 .EXE
C:\Program Files\Pure Networks\Port Magic\PO6634~4 .EXE
C:\Program Files\Pure Networks\Port Magic\PODF97~1 .EXE
C:\Program Files\Pure Networks\Port Magic\PODF97~2 .EXE
C:\Program Files\Pure Networks\Port Magic\PORTAO~1 .EXE
C:\Program Files\Pure Networks\Port Magic\PORTAO~2 .EXE
C:\Program Files\Pure Networks\Port Magic\PORTAO~3 .EXE
C:\Program Files\Pure Networks\Port Magic\PORTAO~4 .EXE
C:\Program Files\Pure Networks\Port Magic\PortAOL .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\REGSHAVE\REGSHAVE.EXE
C:\WINDOWS\cookies.ini
C:\WINDOWS\IME\IMJP8_1\IMJPMIG .EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\system32\mljji.dll
C:\WINDOWS\system32\uninstall.exe
<pre>
C:\Program Files\Alwil Software\Avast4\ashDisp .exe ---> QooBox
C:\Program Files\Common Files\aol\1115497508\EE\AOLSoftware .exe ---> AOLSoftware.exe
C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe ---> EngUtil.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe ---> diagent.exe
C:\Program Files\Messenger\msmsgs .exe ---> QooBox
C:\Program Files\Pure Networks\Port Magic\PODF97~2 .EXE ---> QooBox
C:\Program Files\QuickTime\qttask .exe ---> qttask.exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE ---> REGSHAVE.EXE
C:\WINDOWS\IME\IMJP8_1\IMJPMIG .EXE ---> QooBox
C:\WINDOWS\IME\IMKR6_1\IMEKRMIG .EXE ---> IMEKRMIG.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe ---> QooBox
</pre>
.
.
((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.
2008-01-13 11:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 11:17 . 2008-01-12 11:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-01-12 11:17 . 2008-01-12 11:17 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Malwarebytes
2008-01-10 01:25 . 1999-08-26 04:02 216,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr.BAK
2008-01-09 14:39 . 2008-01-11 09:32 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-09 11:19 . 2008-01-10 17:28 <DIR> d-------- C:\Program Files\moved mljji dll bug 2
2008-01-09 01:58 . 2008-01-09 01:58 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-09 01:17 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2008-01-08 23:06 . 2008-01-08 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LightScribe
2008-01-08 20:08 . 2008-01-08 20:08 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-01-08 19:57 . 2008-01-08 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-08 13:44 . 2008-01-09 14:40 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\Ahead
2008-01-08 13:40 . 2008-01-08 13:40 <DIR> d-------- C:\Program Files\Nero
2008-01-08 13:40 . 2008-01-08 20:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-07 00:41 . 2008-01-07 09:02 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\PrevxCSI
2008-01-07 00:41 . 2008-01-07 00:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-06 23:53 . 2008-01-12 11:11 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2008-01-06 23:53 . 2008-01-06 23:53 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\SuperAdBlocker.com
2008-01-06 22:23 . 2008-01-06 22:23 164 --a------ C:\install.dat
2008-01-06 21:00 . 2008-01-06 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-06 20:59 . 2008-01-06 22:51 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-06 19:52 . 2008-01-13 11:18 2,206 --a------ C:\WINDOWS\SYSTEM32\wpa.dbl
2008-01-06 15:07 . 2008-01-13 00:51 <DIR> d-------- C:\Program Files\moved mljji dll bug
2008-01-05 11:37 . 2008-01-06 23:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 11:37 . 2008-01-06 23:45 <DIR> d-------- C:\Documents and Settings\Timothy\Application Data\SUPERAntiSpyware.com
2008-01-05 11:37 . 2008-01-05 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 10:16 . 2008-01-05 10:17 <DIR> d-------- C:\Program Files\XoftSpySE
2008-01-04 21:50 . 2008-01-04 21:50 <DIR> d-------- C:\Program Files\Alwil Software
2008-01-04 21:50 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-01-04 21:50 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2008-01-04 21:50 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-01-04 21:50 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-01-04 21:50 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-01-04 21:50 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-01-04 21:50 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-01-04 19:46 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\SYSTEM32\secupd.sig
2008-01-04 19:46 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\SYSTEM32\secupd.dat
2008-01-04 19:45 . 2004-08-04 02:56 380,416 --------- C:\WINDOWS\SYSTEM32\irprops.cpl
2008-01-04 19:44 . 2004-08-04 00:22 23,024 --a------ C:\WINDOWS\SYSTEM32\ieuinit.inf
2008-01-04 19:44 . 2004-07-17 13:40 19,528 --a------ C:\WINDOWS\
002689_.tmp
2008-01-04 18:07 . 2004-08-04 02:56 614,912 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-01-04 18:07 . 2004-08-04 02:56 331,264 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2008-01-04 18:07 . 2004-08-04 02:56 265,728 --a------ C:\WINDOWS\SYSTEM32\h323.tsp
2008-01-04 17:36 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-04 16:48 . 2005-10-20 17:20 1,082,368 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2008-01-04 16:18 . 2004-08-04 02:56 351,232 --a------ C:\WINDOWS\SYSTEM32\winhttp.dll
2008-01-04 16:18 . 2004-08-04 02:56 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2008-01-04 16:17 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-04 16:17 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-04 16:10 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\SYSTEM32\wuaucpl.cpl
2008-01-04 15:55 . 2002-09-03 14:31 10,096,640 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\hwxcht.dll
2008-01-04 15:54 . 2001-08-17 22:36 312,832 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\EXCH_aqueue.dll
2008-01-04 15:53 . 2001-07-21 18:52 25,645 --a------ C:\WINDOWS\SYSTEM32\CNBJHLP.HLP
2008-01-04 15:53 . 2001-07-21 18:52 787 --a------ C:\WINDOWS\SYSTEM32\CNBJHLP.CNT
2008-01-04 15:53 . 2008-01-04 15:53 0 --a------ C:\WINDOWS\control.ini
2008-01-04 15:52 . 2008-01-04 15:52 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-01-04 15:52 . 2008-01-04 15:52 749 -rah----- C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest
2008-01-04 15:52 . 2008-01-04 15:52 749 -rah----- C:\WINDOWS\SYSTEM32\sapi.cpl.manifest
2008-01-04 15:52 . 2008-01-04 15:52 749 -rah----- C:\WINDOWS\SYSTEM32\nwc.cpl.manifest
2008-01-04 15:52 . 2008-01-04 15:52 749 -rah----- C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest
2008-01-04 15:52 . 2008-01-04 15:52 488 -rah----- C:\WINDOWS\SYSTEM32\logonui.exe.manifest
2008-01-04 15:49 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-01-04 15:47 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2008-01-04 15:47 . 2004-08-04 01:07 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\dmusic.sys
2008-01-04 15:47 . 2006-06-14 03:47 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2008-01-04 15:45 . 2004-08-04 02:56 130,048 --a------ C:\WINDOWS\SYSTEM32\ksproxy.ax
2008-01-04 15:45 . 2004-08-04 02:56 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2008-01-04 15:44 . 2004-08-04 03:01 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2008-01-04 15:43 . 2004-08-04 01:01 196,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2008-01-04 15:41 . 2002-09-03 14:50 1,086,182 -ra------ C:\WINDOWS\SET116.tmp
2008-01-04 15:41 . 2002-09-03 14:40 13,608 -ra------ C:\WINDOWS\SET12B.tmp
2008-01-04 15:41 . 2002-09-03 15:06 7,046 -ra------ C:\WINDOWS\SET149.tmp
2008-01-03 22:50 . 2008-01-03 22:50 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 22:50 . 2008-01-03 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-03 01:40 . 2008-01-03 01:36 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-03 01:36 . 2008-01-03 01:40 <DIR> d-------- C:\Documents and Settings\Timothy\.housecall6.6
2007-12-31 22:03 . 2008-01-02 07:15 1,031,518 --ahs---- C:\WINDOWS\SYSTEM32\xbaxqgdu.ini
2007-12-29 10:19 . 2008-01-03 11:18 <DIR> d-------- C:\Program Files\Doblon
2007-12-29 10:09 . 2008-01-03 00:41 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
2007-12-29 09:32 . 2007-12-29 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoGen
2007-12-28 15:51 . 2007-12-28 15:57 24 ---hs---- C:\WINDOWS\SFA964AF7.tmp
2007-12-28 15:49 . 2007-12-28 15:49 <DIR> d-------- C:\Program Files\SlySoft
2007-12-21 09:01 . 2008-01-05 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-14 02:58 . 2007-12-14 02:58 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\NCH Swift Sound
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 16:17 --------- d-----w C:\Program Files\REGSHAVE
2008-01-13 16:17 --------- d-----w C:\Program Files\QuickTime
2008-01-12 04:08 --------- d-----w C:\Program Files\RegScrubXP
2008-01-11 16:32 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-01-11 14:50 28,164 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-01-10 03:29 --------- d-----w C:\Program Files\Roxio
2008-01-08 16:47 --------- d-----w C:\Program Files\Common Files\Adaptec Shared
2008-01-07 04:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-07 04:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 04:38 --------- d-----w C:\Program Files\Google
2008-01-07 04:38 --------- d-----w C:\Documents and Settings\Timothy\Application Data\Roxio
2008-01-05 23:40 --------- d-----w C:\Program Files\ItsDeductible2005
2008-01-05 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-05 23:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-05 21:32 --------- d-----w C:\Program Files\McAfee.com
2008-01-05 21:16 --------- d-----w C:\Program Files\NCH Swift Sound
2008-01-05 21:14 --------- d-----w C:\Program Files\QUICKENW
2008-01-05 14:03 --------- d-----w C:\Program Files\Java
2008-01-03 13:56 --------- d-----w C:\Documents and Settings\Timothy\Application Data\LimeWire
2007-12-22 13:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-22 05:13 82,664 ----a-w C:\Documents and Settings\Timothy\Application Data\GDIPFONTCACHEV1.DAT
2007-12-18 14:46 --------- d-----w C:\Program Files\ItsDeductibleEX
2007-12-04 14:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-12-02 16:24 --------- d-----w C:\Program Files\Rintox Virtual Piano
2007-12-02 16:23 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-02 16:23 286,720 ------w C:\WINDOWS\Setup1.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-02-06 05:35 315 ----a-w C:\Program Files\bible.win
.
<pre>
----a-w 1,855,488 2008-01-12 16:08:26 C:\Program Files\adelphia hsagent\bin\tgcmd .exe
----a-w 132,496 2008-01-12 16:08:24 C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w 319,488 2008-01-07 04:27:52 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon .exe
----a-w 868,352 2008-01-07 04:27:52 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc .exe
----a-w 57,344 2008-01-05 20:24:36 C:\Program Files\SlySoft\CloneCD\CloneCDTray .exe
----a-w 1,318,912 2008-01-07 04:28:10 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
----a-w 20,992 2008-01-05 00:04:36 C:\Program Files\Ulead Systems\Ulead PhotoImpact\SSaver\Ussshreg .exe
----a-w 28,672 2008-01-03 05:41:01 C:\WINDOWS\SYSTEM32\DSentry .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperAdBlocker"="C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe" [2007-08-01 09:28 1564672]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 00:17 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2008-01-13 09:01 135264]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2008-01-13 09:01 65536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-13 09:01 53248]
"HostManager"="C:\Program Files\Common Files\AOL\1115497508\ee\AOLSoftware.exe" [2008-01-13 09:01 50736]
"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PODF97~3.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 00:31 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 05:00 44032]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-04 00:59 44544]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"= C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSEHB.DLL [2006-11-07 12:58 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SABWinLogon]
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL 2007-08-01 09:28 176128 C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvvsr]
vtuvvsr.dll
R1 SABDIFSV;SABDIFSV;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS [2005-09-21 11:17]
R1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [2007-02-20 16:02]
S2 StudioPro;StudioPro webcam;C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 21:18]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 19:27]
.
**************************************************************************
disk not found C:\
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
disk not found C:\
**************************************************************************
.
Completion time: 2008-01-13 11:25:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 16:24:28
.
2008-01-09 22:35:21 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:58 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\SERA 3.0\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\AOL\1115497508\ee\AOLSoftware.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\common files\aol\1115497508\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1115497508\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Timothy\Desktop\HijackThis.exe
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1115497508\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PODF97~3.EXE" -Run
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {8B65C874-0B5A-409A-A481-17D7A1CEED27} - C:\WINDOWS\system32\comdlg32.ocx
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file) (HKCU)
O16 - DPF: Mah Jong Garden by pogo -
http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo -
http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo -
http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.game...s/y/mjst3_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) -
http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) -
http://www.parallelg.../cortvrml10.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....204&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
https://objects.aol....83/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1199481226109
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) -
http://www.cortona3d...in/cortvrml.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) -
http://www.qatrainin...t/lab/msrdp.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) -
http://offers.e-cent...bin/actxcab.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadbl...ivex/sabspx.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
https://objects.aol....,20/McGDMgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...298/mcfscan.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: vtuvvsr - vtuvvsr.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\SERA 3.0\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: VPN 5000 Service 1.00.00 (VPN5000Service) - Unknown owner - C:\Program Files\IntraPort Client\vpn5000service.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9970 bytes
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
