Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Detect.htm error and Live Safety Center icon on desktop

Started by jollyroger , Nov 17 2007 07:25 PM

  • This topic is locked This topic is locked
No replies to this topic

#1 jollyroger

jollyroger

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 17 November 2007 - 07:25 PM

Just starting this morning, I have been getting a series of malware alerts on my taskbar, along with a couple of new security related icons. I have been struggling with popup related problems for the last month or so, and running Adaware or Symantec multiple times before that hadn't helped matters in slightest bit. I was finally rid of them after I downloaded and ran combofix last week. This new string of alerts however looks like there has been a bit of a relapse.

I hate to inundate you with my problems on a Saturday afternoon, but any help is really appreciated! I have attached my HJT and ComboFix logs.

Many thanks!


*******************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:24 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Annaaa\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\uugmlkpx.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sen] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\nopdb.exe" -vt yazb
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: wxvault.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6908 bytes


**************************************
ComboFix 07-11-08.1 - Annaaa 2007-11-15 10:41:59.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.599 [GMT -6:00]
Running from: C:\Documents and Settings\Annaaa\Desktop\ComboFix.exe
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Annaaa\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Annaaa\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Annaaa\Favorites\Online Security Guide.lnk
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\Program Files\Windows NT\cewuenykahd.html
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\uugmlkpx.dllbox
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-15 10:10 85,056 --a------ C:\WINDOWS\system32\hesqaelv.dll
2007-11-15 10:07 79,936 --a------ C:\WINDOWS\system32\okfudpgu.dll
2007-11-15 10:02 145,984 --a------ C:\WINDOWS\system32\uugmlkpx.dll
2007-11-15 10:01 145,984 --a------ C:\WINDOWS\system32\tnnosqdw.dll
2007-11-12 00:41 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-11-12 00:19 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-12 00:17 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-12 00:17 31,488 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-12 00:04 <DIR> d-------- C:\Documents and Settings\Annaaa\Application Data\SpyGuardPro
2007-11-12 00:03 <DIR> d-------- C:\Program Files\SpyGuardPro
2007-11-12 00:03 <DIR> d-------- C:\Program Files\Common Files\SpyGuardPro
2007-11-12 00:03 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-12 00:02 125,444 --a------ C:\WINDOWS\system32\vvgeowbv.exe
2007-11-12 00:02 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-12 00:02 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-11 23:58 <DIR> d-------- C:\WINDOWS\system32\rMa02yy
2007-11-11 23:58 <DIR> d-------- C:\Temp\abW9
2007-11-11 23:58 36,352 --a------ C:\WINDOWS\system32\cbxywvt.dll
2007-11-11 23:58 35,840 --a------ C:\WINDOWS\mrofinu77.exe
2007-11-11 23:58 35,840 --a------ C:\WINDOWS\mrofinu1000106.exe
2007-11-11 02:30 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-04 21:51 <DIR> d-------- C:\Program Files\Skype
2007-11-04 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-10-28 22:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-10-25 15:01 10,619 --a------ C:\WINDOWS\system32\vqwbhump.dll
2007-10-24 09:59 10,598 --a------ C:\WINDOWS\system32\ddjosywk.dll
2007-10-23 23:58 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-23 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-23 23:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-23 20:47 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-23 20:47 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-10-23 20:47 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-23 20:47 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-23 20:47 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-23 20:47 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-23 20:47 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-23 20:47 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-23 20:45 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-10-23 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-23 15:42 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-23 15:33 16,161 --a------ C:\WINDOWS\system32\instdump.zip
2007-10-23 14:58 <DIR> d-------- C:\Program Files\Symantec
2007-10-23 14:57 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-23 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-23 14:55 <DIR> d-------- C:\SAVCE101
2007-10-22 20:09 <DIR> d-------- C:\Documents and Settings\Annaaa\Application Data\McAfee
2007-10-22 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-10-22 19:58 <DIR> d-------- C:\Documents and Settings\Annaaa\Application Data\AdwareAlert
2007-10-22 19:56 <DIR> d-------- C:\Program Files\Rabio
2007-10-22 19:56 880,968 --a------ C:\WINDOWS\system32\RabioSetup.exe
2007-10-22 19:56 17,408 --a------ C:\psapi.dll
2007-10-22 17:09 <DIR> d-------- C:\WINDOWS\system32\ehgvjcfi
2007-10-22 17:09 <DIR> d-------- C:\Program Files\Rrzndqih
2007-10-22 17:09 <DIR> d-------- C:\Program Files\Pqecqcml
2007-10-22 17:09 <DIR> d-------- C:\Program Files\lefipabm
2007-10-22 17:09 102,400 --a------ C:\WINDOWS\system32\drvhol.dll
2007-10-22 17:09 13,824 --a------ C:\WINDOWS\plite731.exe
2007-10-22 17:09 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-22 17:08 <DIR> d-------- C:\Temp
2007-10-20 16:14 <DIR> d-------- C:\Documents and Settings\Annaaa\Application Data\gtk-2.0
2007-10-20 16:14 <DIR> d-------- C:\Documents and Settings\Annaaa\.thumbnails
2007-10-20 16:09 <DIR> d-------- C:\Documents and Settings\Annaaa\.gimp-2.2
2007-10-20 16:08 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-10-20 16:07 <DIR> d-------- C:\Program Files\Common Files\GTK
2007-10-19 22:16 <DIR> d-------- C:\Program Files\Veoh Networks
2007-10-18 23:17 <DIR> d-------- C:\Program Files\DivX
2007-10-15 18:01 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 16:46 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\BitTorrent DNA
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 05:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-23 02:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-20 04:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-11 04:29 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\Windows Desktop Search
2007-10-11 04:27 --------- d-----w C:\Program Files\Windows Desktop Search
2007-10-09 04:25 --------- d-----w C:\Program Files\Real
2007-10-09 04:25 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-09 04:25 --------- d-----w C:\Program Files\Common Files\Real
2007-10-06 07:12 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\vlc
2007-10-06 04:28 --------- d-----w C:\Program Files\VideoLAN
2007-10-01 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-30 02:13 29,696 ----a-w C:\WINDOWS\mickey32.dll
2007-09-30 02:13 232,784 ----a-w C:\WINDOWS\Matrix Code.scr
2007-09-30 02:13 2,285,222 ----a-w C:\WINDOWS\Matrix Code.exe
2007-09-29 05:32 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-29 05:30 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\BitTorrent
2007-09-29 01:13 --------- d-----w C:\Program Files\Ares
2007-09-29 01:02 --------- d-----w C:\Program Files\MSN Messenger
2007-09-28 13:00 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\Apple Computer
2007-09-28 12:49 --------- d-----w C:\Program Files\QuickTime
2007-09-28 12:49 --------- d-----w C:\Program Files\iTunes
2007-09-28 12:49 --------- d-----w C:\Program Files\iPod
2007-09-28 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-28 12:48 --------- d-----w C:\Program Files\Apple Software Update
2007-09-28 12:47 --------- d-----w C:\Program Files\Common Files\Apple
2007-09-28 12:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-28 04:53 --------- d-----w C:\Program Files\BitTorrent_DNA
2007-09-28 04:53 --------- d-----w C:\Program Files\BitTorrent
2007-09-28 03:47 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\CyberLink
2007-09-28 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-28 02:52 --------- d-----w C:\Program Files\Microsoft.NET
2007-09-28 02:52 --------- d-----w C:\Program Files\Microsoft Works
2007-09-28 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2007-09-28 01:49 --------- d-----w C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2007-09-27 21:01 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\McAfee.com Personal Firewall
2007-09-27 21:01 --------- d-----w C:\Documents and Settings\Annaaa\Application Data\Dell
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\TTC.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-11_ 2.34.08.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-12 06:17:54 29,696 ----a-w C:\WINDOWS\system32\acespy\systune.exe
+ 2006-09-19 22:28:50 5,632 ----a-w C:\WINDOWS\system32\KU_RUSS.dll
- 2007-11-11 08:26:57 60,892 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-15 16:33:52 60,892 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-11 08:26:57 403,304 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-15 16:33:52 403,304 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-07 18:25:18 32,768 ----a-w C:\WINDOWS\system32\rMa02yy\rMa02yy1099.exe
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021D548B-EE8B-4C98-BA6C-E9E021EE358D}]
2007-08-02 07:43 282624 --a------ C:\Program Files\Messenger\tecogop555077.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0220e30d-5cb0-4025-8054-b6e500a75609}]
2007-11-15 10:07 79936 --a------ C:\WINDOWS\system32\okfudpgu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17DFCFA6-14E4-47B8-BB87-6DF2B5C19900}]
2007-08-02 07:43 282624 --a------ C:\Program Files\Messenger\tecogop83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F785BDC-5854-4ACE-53AC-8FD02DFE3515}]
C:\Program Files\Windows NT\xunazaqoj386.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
2007-11-11 23:58 36352 --a------ C:\WINDOWS\system32\cbxywvt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{794F8311-A15E-48EF-9393-3D01B3AEFFE2}]
2007-08-02 07:43 282624 --a------ C:\Program Files\Messenger\tecogop4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-15 10:02 145984 --a------ C:\WINDOWS\system32\uugmlkpx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
2007-11-12 00:02 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\uugmlkpx.dll [2007-11-15 10:02 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 11:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 15:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 15:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 15:45]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 16:48]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 16:35]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 15:30 C:\WINDOWS\stsystra.exe]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-09-08 07:32]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 11:29]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-08 22:25]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 18:05]
"{CE-E5-57-79-ZN}"="C:\Documents and Settings\Annaaa\Local Settings\Temp\T0CHD001.exe" []
"2cdce5d6"="C:\WINDOWS\system32\hesqaelv.dll" [2007-11-15 10:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 01:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-27 22:53]
"Sen"="C:\PROGRA~1\COMMON~1\ICROSO~1.NET\nopdb.exe" []
"Idovya"="C:\Documents and Settings\Annaaa\Application Data\??crosoft\e?plorer.exe" []

C:\Documents and Settings\Annaaa\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 19:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-10 02:39:52]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2006-08-25 08:45:30]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\cbxywvt.dll [2007-11-11 23:58 36352]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxywvt]
cbxywvt.dll 2007-11-11 23:58 36352 C:\WINDOWS\system32\cbxywvt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\uugmlkpx]
uugmlkpx.dll 2007-11-15 10:02 145984 C:\WINDOWS\system32\uugmlkpx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbug32]
winbug32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32]
winopn32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\gebcy.dll

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R3 guardian2;guardian2;C:\WINDOWS\system32\Drivers\oz776.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-31 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
"2007-11-14 04:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-15 10:49:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-15 10:51:11 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-12 00:47
C:\ComboFix3.txt ... 2007-11-11 02:35
.
--- E O F ---

Attached Files


Edited by jollyroger, 17 November 2007 - 07:33 PM.

    Advertisements

Register to Remove

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·