File: zickp.dll
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 2c208db37ad5da43287fe05fe64a39e2
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
Scan taken on 10 Feb 2007 21:02:41 (GMT)
AntiVir Found ADSPY/PurityScan.AK.161 adware
ArcaVir Found Adware.Purityscan.Ak
Avast Found Win32:Agent-RY
AVG Antivirus Found Generic.TKQ
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak (4, 1, 400)
Fortinet Found Adware/Purityscan
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.PurityScan.ak
NOD32 Found a variant of Win32/Adware.PurityScan application
Norman Virus Control Found W32/PurityScan.dam
VirusBuster Found nothing
VBA32 Found AdWare.Win32.PurityScan.ak
Statistics
Last file scanned at least one scanner reported something about: wise.exe (MD5: 1984814a6471a3dbf7ea6d1f471e3389), detected by:
Scanner Malware name
AntiVir TR/Crypt.XPACK.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender Generic.Malware.GSI!Fdld.BCAA4D74
ClamAV X
Dr.Web WIN.IRC.WORM.Virus
F-Prot Antivirus Possibly a new variant of W32/CrazyCrunch-based!Maximus
F-Secure Anti-Virus Backdoor.Win32.Wisdoor.ar
Fortinet X
Kaspersky Anti-Virus Backdoor.Win32.Wisdoor.ar
NOD32 a variant of Win32/Wisdoor
Norman Virus Control Sandbox: W32/Malware
VirusBuster X
VBA32 X
"Owner" - 07-02-07 15:14:47 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Owner\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\f4j20e1oeh.dll
C:\WINDOWS\system32\guard.tmp
Granting SeDebugPrivilege to Administrators ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\teller2.chk
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\a.exe
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\DOCUME~1\NETWOR~1\Application Data\NetMon
C:\DOCUME~1\Owner\Application Data\SearchToolbarCorp
C:\Program Files\Batty2
C:\Program Files\cmfibula
C:\Program Files\CMFibula
C:\Program Files\Cowabanga
C:\Program Files\Deskbar
C:\Program Files\Network Monitor
C:\Program Files\OIN Search
C:\Program Files\Outerinfo
C:\Program Files\outlook
C:\Program Files\TheSearchAccelerator
C:\Program Files\winupdates
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Owner
C:\qoobox\purity\DOCUME~1\Owner\Application Data
C:\qoobox\purity\DOCUME~1\Owner\My Documents
C:\qoobox\purity\DOCUME~1\Owner\Application Data\ASEMBL~1
C:\qoobox\purity\DOCUME~1\Owner\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\Owner\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\Owner\My Documents\PPPATC~1
C:\qoobox\purity\DOCUME~1\Owner\My Documents\SKS~1
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\ati2evxx.exe
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0000
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0001
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0002
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0003
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0004
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0005
C:\qoobox\purity\DOCUME~1\Owner\My Documents\YSTEM~1\?ystem\ctxad-493.0006
C:\qoobox\purity\Program Files\DOBE~1
C:\qoobox\purity\Program Files\ICROSO~1
C:\qoobox\purity\Program Files\MANTEC~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\ECURIT~1
C:\qoobox\purity\Program Files\Common Files\PPATCH~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1\CROSOF~1
C:\qoobox\purity\Program Files\Common Files\CROSOF~1\spool32.exe
C:\qoobox\purity\WINDOWS\SMBOLS~1
C:\qoobox\purity\WINDOWS\system32\MBOLS~1
C:\qoobox\purity\WINDOWS\system32\STEM32~1
C:\qoobox\purity\WINDOWS\system32\MBOLS~1\m?iexec.exe
((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))
2007-02-07 00:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-06 22:24 <DIR> d-------- C:\WINDOWS\pss
2007-01-28 22:13 <DIR> d-------- C:\Downloads
2007-01-28 18:35 <DIR> d-------- C:\Program Files\BitTorrent
2007-01-28 18:35 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\BitTorrent
2007-01-27 14:28 60,416 --a------ C:\WINDOWS\system32\zickp.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-04 18:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\bittorrent
2007-01-31 23:21 -------- dr-h----- C:\Documents and Settings\Owner\Application Data\yahoo!
2007-01-31 23:21 -------- d-------- C:\Program Files\yahoo!
2007-01-31 23:18 -------- d-------- C:\Program Files\java
2007-01-31 23:09 -------- d-------- C:\Program Files\kodak
2007-01-31 23:07 -------- d-------- C:\Program Files\limewire
2007-01-31 12:26 -------- d-------- C:\Program Files\quicktime
2007-01-27 14:28 2 --a------ C:\WINDOWS\system32\wnsapiit.exe
2007-01-22 00:35 -------- d---s---- C:\Documents and Settings\Owner\Application Data\microsoft
2007-01-08 13:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\walgreens
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-07 11:21 -------- d-------- C:\Program Files\google
2006-11-07 21:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Tbsa"="\"C:\\PROGRA~1\\COMMON~1\\CROSOF~1\\spool32.exe\" -vt yazr"
"Eoraqw"="C:\\WINDOWS\\system32\\??mbols\\m?iexec.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ac84341-5880-11db-ac2f-806d6172696f}]
Shell\AutoRun\command D:\Launch.exe
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.netscanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-07 15:27:23
Logfile of HijackThis v1.99.1
Scan saved at 15:32, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c...rch/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://ie.redirect.h...a...o&pf=laptopR3 - URLSearchHook: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {AD422F94-C126-CBA9-5520-9D1BC5041297} - C:\WINDOWS\system32\zickp.dll
O3 - Toolbar: (no name) - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Tbsa] "C:\PROGRA~1\COMMON~1\CROSOF~1\spool32.exe" -vt yazr
O4 - HKCU\..\Run: [Eoraqw] C:\WINDOWS\system32\??mbols\m?iexec.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://toolbar.imageshack.usO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Adobe Flash Player 9 ActiveX
BitTorrent 5.0.5
Broadcom 802.11 Driver
Conexant AC-Link Audio
HijackThis 1.99.1
HP Help and Support
Intel® Extreme Graphics 2 Driver
iTunes
MSXML 4.0 SP2 (KB927978)
MySpaceIM
OIN Search
Outerinfo
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
SoftV92 Data Fax Modem with SmartCP
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Install Manager
Yahoo! Messenger
Zone Deluxe Games
Edited by sweft, 10 February 2007 - 03:34 PM.