Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware removal help


  • Please log in to reply

#1
kaya

kaya

    Member

  • Member
  • PipPip
  • 12 posts
I am new to this whole vireus removal so im hoping you can help. ive read the you must read this section and have scanned my computer twice with the avg programs. twice with superantispyware( plus about 15-20 times before starting your process.) and the panda software. Unfornuately i cant find find the logs i guess i just thought i saved... but i have the very last one and some prior combofixes so i will post those now and hope they wil give you enough info.. i will post the hijack and unistall list with the antispyware log in this topic and combofix in the next for it is too long for one. Here the hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:09:56 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
F:\qttask.exe
C:\WINDOWS\system32\nvsvc32.exe
F:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
f:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {5b6797bc-d26b-605a-cc24-08a8bca45bd1} - {1db54acb-8a80-42cc-a506-b62dcb7976b5} - C:\WINDOWS\system32\yegeotrx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F43F2AD2-8EC5-42E6-A424-F1442BC08182} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "F:\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [MICROS~1] "C:\WINDOWS\Mircosoft Network.exe"
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Zvgre] "C:\Documents and Settings\Darrin\My Documents\W?nSxS\m?iexec.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188071570782
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188071526858
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.fubar.com...geUploader4.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://media.gameriv...ames/axhost.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoe...ggPublisher.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) - http://67.15.101.3/g...le_2_0_0_34.cab
O16 - DPF: {C428CBD7-5D46-46D5-9924-12ECE969A70B} (MediaAccelerator Installer Control) - http://files.freeban...Accelerator.ocx
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/...outLauncher.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/...WebLauncher.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://zone.msn.com/...sh.1.0.0.94.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 7559 bytes
The hijack uninstall list:
32 Bit HP CIO Components Installer
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
All Video to VCD SVCD DVD Creator & Burner 1.9
AOL Instant Messenger
Audio Terminator 1.10
AVG Anti-Spyware 7.5
AVI DivX MPEG to DVD Converter & Burner Pro 1.6
AviSynth 2.5
BitLord 1.1
BurnRight! CD & DVD
CoffeeCup Flash Photo Gallery - Registered
DFX for Windows Media Player
DiscWizard for Windows
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Free WMA to MP3 Converter 1.16
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPSSupply
iriver Music Manager
iRiver Updater
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Java™ SE Runtime Environment 6 Update 1
LimeWire 4.12.6
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver 8
Macromedia Flash Player 8
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Motorola iMega Pack (remove only)
Motorola mobile PhoneTools
Motorola PST
Motorola Service Software version 3.5.8 Full Edition Prerelease
Movie DVD Maker 1.4.6
Mozilla Firefox (1.0PR)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero - Burning Rom
Norton AntiVirus 2003
Norton WMI Update
NVIDIA Drivers
Panda ActiveScan
PokerStars
PowerDVD
ProSavageDDR and Utilities
Quake III Arena
QuickTime
Recover My Files
R-Linux v1.0
S3Display
S3Gamma2
S3Info2
S3Overlay
Sandlot Games Client Services
Sansa Connect Device Recovery
Sansa Media Converter
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sothink Movie DVD Maker
Sun CD/DVD Burner
SUPERAntiSpyware Free Edition
Turbo File Uneraser 1.1
Ulead COOL 3D 3.5
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast Ethernet Adapter
WIBU-KEY Setup (WIBU-KEY Remove)
WinAce Archiver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinISO 5.3
WinZip

Active scan log
Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Darrin\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
Adware:adware/superbar Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\MySearch
Adware:adware/searchexe Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:Adware/Yazzle Not disinfected C:\6A9.tmp
Virus:Trj/Downloader.RBV Disinfected C:\6AD.tmp
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Darrin\Application Data\Flock\Browser\Profiles\vhplz1hw.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Darrin\Application Data\Flock\Browser\Profiles\vhplz1hw.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Darrin\Application Data\Mozilla\Profiles\default\5kttmw51.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Darrin\Application Data\Mozilla\Profiles\default\5kttmw51.slt\cookies.txt[.hypercount.com/]
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Darrin\Application Data\Mozilla\Profiles\default\5kttmw51.slt\cookies.txt[.kinghost.com/]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Darrin\Application Data\Sun\Java\Deployment\cache\6.0\31\1799bd9f-34f048b9[Dummy.class]
Virus:Trj/ClassLoader.W Disinfected C:\Documents and Settings\Darrin\Application Data\Sun\Java\Deployment\cache\6.0\31\1799bd9f-34f048b9[VerifierBug.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@atdmt[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@fastclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@statse.webtrendslive[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Darrin\Cookies\darrin@zedo[1].txt
Adware:Adware/Trymedia Not disinfected C:\Downloads\CakeManiaSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\DinerDashSetup-dm[1].exe
Adware:Adware/Zango Not disinfected C:\Program Files\Motorola iMega Pack\Mozilla Firefox\plugins\npclntax.dll
  • 0

Advertisements


#2
kaya

kaya

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
First combofix
ComboFix 07-12-21.4 - Darrin 2007-12-27 20:36:24.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.484 [GMT -6:00]
Running from: D:\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-21 11:31 . 2007-12-21 11:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-21 10:48 . 2007-12-21 11:52 <DIR> d-------- C:\VundoFix Backups
2007-12-20 19:47 . 2007-12-20 20:28 7,134 --ahs---- C:\WINDOWS\system32\rtutv.ini
2007-12-16 08:19 . 2007-12-16 08:19 <DIR> d-------- C:\WINDOWS\komr
2007-12-16 08:19 . 2007-12-16 10:25 <DIR> d-------- C:\Program Files\Common Files\komr
2007-12-09 16:46 . 2007-12-09 18:54 <DIR> d-------- C:\tmpMovieDVDMaker
2007-12-09 16:46 . 2007-12-09 16:46 <DIR> d-------- C:\MovieDVDMaker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 00:32 --------- d-----w C:\Program Files\PokerStars
2007-12-27 13:44 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-01 03:44 --------- d-----w C:\Documents and Settings\Darrin\Application Data\Image Zone Express
2007-11-22 00:19 --------- d-----w C:\Program Files\Movie DVD Maker
2007-11-22 00:14 --------- d-----w C:\Program Files\sunburner
2007-11-22 00:10 --------- d-----w C:\Program Files\All Video to VCD SVCD DVD Creator & Burner
2007-11-21 03:04 --------- d-----w C:\Documents and Settings\Darrin\Application Data\SUPERAntiSpyware.com
2007-11-21 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 03:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 04:05 --------- d-----w C:\Program Files\SanDisk
2007-11-20 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-20 01:03 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 01:03 --------- d-----w C:\Documents and Settings\Darrin\Application Data\Lavasoft
2007-11-19 23:36 --------- d-----w C:\Program Files\ewido anti-malware
2007-11-19 23:33 --------- d-----w C:\Program Files\WIBUKEY
2007-11-19 23:33 --------- d-----w C:\Program Files\S3
2007-11-19 23:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:26 --------- d-----w C:\Program Files\Java
2007-01-03 01:41 337 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb1942.dat
2007-01-02 20:06 49 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb41.dat
2007-01-02 18:55 20,480 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb4827.dat
2007-01-02 18:54 9,216 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb8467.dat
2007-01-02 18:54 0 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb6334.dat
2007-01-02 18:54 0 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb5436.dat
2004-07-11 01:16 978,369 ----a-w C:\Documents and Settings\Darrin\areslite181.exe
2004-07-08 19:48 32 --sha-w C:\WINDOWS\{CACD467F-0A51-4C79-883B-6A9D34E6577C}.dat
2007-01-25 01:19 11,894 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-07-08 19:48 32 --sha-w C:\WINDOWS\system32\{F66DB868-E09F-4423-B615-0E9691AEBF64}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_20.17.36.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1db54acb-8a80-42cc-a506-b62dcb7976b5}]
C:\WINDOWS\system32\yegeotrx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" []
"MICROS~1"="C:\WINDOWS\Mircosoft Network.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="F:\qttask.exe" [2007-02-16 09:54]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ :\WINDOWS\system3

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c5a0533]
rundll32.exe C:\WINDOWS\system32\aljwfgon.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\areslite]
C:\Program Files\Ares Lite Edition\AresLite.exe -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zvgre]
C:\Documents and Settings\Darrin\My Documents\W?nSxS\m?iexec.exe

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 00:45]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 15:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2007-12-27 23:23:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 20:42:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-27 20:44:39 - machine was rebooted [Darrin]
C:\ComboFix2.txt ... 2007-12-22 22:24
C:\ComboFix3.txt ... 2007-12-22 20:19
.
2007-12-13 09:04:38 --- E O F ---

Second Combofix
ComboFix 07-12-23.1 - Darrin 2007-12-22 22:13:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.403 [GMT -6:00]
Running from: C:\Documents and Settings\Darrin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-21 11:31 . 2007-12-21 11:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-21 10:48 . 2007-12-21 11:52 <DIR> d-------- C:\VundoFix Backups
2007-12-20 19:47 . 2007-12-20 20:28 7,134 --ahs---- C:\WINDOWS\system32\rtutv.ini
2007-12-16 08:19 . 2007-12-16 08:19 <DIR> d-------- C:\WINDOWS\komr
2007-12-16 08:19 . 2007-12-16 10:25 <DIR> d-------- C:\Program Files\Common Files\komr
2007-12-09 16:46 . 2007-12-09 18:54 <DIR> d-------- C:\tmpMovieDVDMaker
2007-12-09 16:46 . 2007-12-09 16:46 <DIR> d-------- C:\MovieDVDMaker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 02:42 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-22 08:03 --------- d-----w C:\Program Files\PokerStars
2007-12-01 03:44 --------- d-----w C:\Documents and Settings\Darrin\Application Data\Image Zone Express
2007-11-22 00:19 --------- d-----w C:\Program Files\Movie DVD Maker
2007-11-22 00:14 --------- d-----w C:\Program Files\sunburner
2007-11-22 00:10 --------- d-----w C:\Program Files\All Video to VCD SVCD DVD Creator & Burner
2007-11-21 03:04 --------- d-----w C:\Documents and Settings\Darrin\Application Data\SUPERAntiSpyware.com
2007-11-21 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 03:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 04:05 --------- d-----w C:\Program Files\SanDisk
2007-11-20 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-20 01:03 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 01:03 --------- d-----w C:\Documents and Settings\Darrin\Application Data\Lavasoft
2007-11-19 23:36 --------- d-----w C:\Program Files\ewido anti-malware
2007-11-19 23:33 --------- d-----w C:\Program Files\WIBUKEY
2007-11-19 23:33 --------- d-----w C:\Program Files\S3
2007-11-19 23:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:26 --------- d-----w C:\Program Files\Java
2007-01-03 01:41 337 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb1942.dat
2007-01-02 20:06 49 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb41.dat
2007-01-02 18:55 20,480 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb4827.dat
2007-01-02 18:54 9,216 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb8467.dat
2007-01-02 18:54 0 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb6334.dat
2007-01-02 18:54 0 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb5436.dat
2004-07-11 01:16 978,369 ----a-w C:\Documents and Settings\Darrin\areslite181.exe
2004-07-08 19:48 32 --sha-w C:\WINDOWS\{CACD467F-0A51-4C79-883B-6A9D34E6577C}.dat
2007-01-25 01:19 11,894 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-07-08 19:48 32 --sha-w C:\WINDOWS\system32\{F66DB868-E09F-4423-B615-0E9691AEBF64}.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_20.17.36.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1db54acb-8a80-42cc-a506-b62dcb7976b5}]
C:\WINDOWS\system32\yegeotrx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 16:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" []
"MICROS~1"="C:\WINDOWS\Mircosoft Network.exe" []
"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"Zvgre"="C:\Documents and Settings\Darrin\My Documents\W?nSxS\m?iexec.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="F:\qttask.exe" [2007-02-16 09:54]
"9c5a0533"="C:\WINDOWS\system32\aljwfgon.dll" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ :\WINDOWS\system3

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 00:45]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 15:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exe
"2007-12-23 03:20:31 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 22:22:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 22:24:48 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-22 20:19
.
2007-12-13 09:04:38 --- E O F ---


Last combofix
ComboFix 07-12-23.1 - Darrin 2007-12-22 20:05:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.381 [GMT -6:00]
Running from: C:\Documents and Settings\Darrin\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Darrin\Application Data\macromedia\Flash Player\#SharedObjects\95QMAZAM\www.broadcaster.com
C:\Documents and Settings\Darrin\Application Data\macromedia\Flash Player\#SharedObjects\95QMAZAM\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Darrin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Darrin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Darrin\Application Data\RACLE~1
C:\Documents and Settings\Darrin\Application Data\WinTouch
C:\Documents and Settings\Darrin\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Darrin\My Documents\WNSXS~1
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\fnts~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\racle~1\?racle\
C:\WINDOWS\b.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\gcaiilrh.ini
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gjllm.ini2
C:\WINDOWS\system32\nogfwjla.ini
C:\WINDOWS\system32\orutv.ini
C:\WINDOWS\system32\orutv.ini2
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\stutv.ini
C:\WINDOWS\system32\stutv.ini2
C:\WINDOWS\system32\vsftmcem.ini
C:\WINDOWS\system32\yybeg.ini
C:\WINDOWS\system32\yybeg.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-21 11:31 . 2007-12-21 11:31 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-12-21 10:48 . 2007-12-21 11:52 <DIR> d-------- C:\VundoFix Backups
2007-12-20 19:47 . 2007-12-20 20:28 7,134 --ahs---- C:\WINDOWS\system32\rtutv.ini
2007-12-16 08:19 . 2007-12-16 08:19 <DIR> d-------- C:\WINDOWS\komr
2007-12-16 08:19 . 2007-12-16 10:25 <DIR> d-------- C:\Program Files\Common Files\komr
2007-12-09 16:46 . 2007-12-09 18:54 <DIR> d-------- C:\tmpMovieDVDMaker
2007-12-09 16:46 . 2007-12-09 16:46 <DIR> d-------- C:\MovieDVDMaker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 21:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-12-22 08:03 --------- d-----w C:\Program Files\PokerStars
2007-12-01 03:44 --------- d-----w C:\Documents and Settings\Darrin\Application Data\Image Zone Express
2007-11-22 00:19 --------- d-----w C:\Program Files\Movie DVD Maker
2007-11-22 00:14 --------- d-----w C:\Program Files\sunburner
2007-11-22 00:10 --------- d-----w C:\Program Files\All Video to VCD SVCD DVD Creator & Burner
2007-11-21 03:04 --------- d-----w C:\Documents and Settings\Darrin\Application Data\SUPERAntiSpyware.com
2007-11-21 03:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-21 03:03 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 04:05 --------- d-----w C:\Program Files\SanDisk
2007-11-20 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-20 01:03 --------- d-----w C:\Program Files\Lavasoft
2007-11-20 01:03 --------- d-----w C:\Documents and Settings\Darrin\Application Data\Lavasoft
2007-11-19 23:36 --------- d-----w C:\Program Files\ewido anti-malware
2007-11-19 23:33 --------- d-----w C:\Program Files\WIBUKEY
2007-11-19 23:33 --------- d-----w C:\Program Files\S3
2007-11-19 23:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 02:26 --------- d-----w C:\Program Files\Java
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-01-03 01:41 337 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb1942.dat
2007-01-02 20:06 49 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb41.dat
2007-01-02 18:55 20,480 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb4827.dat
2007-01-02 18:54 9,216 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb8467.dat
2007-01-02 18:54 0 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb6334.dat
2007-01-02 18:54 0 ----a-w C:\Documents and Settings\Darrin\Application Data\internaldb5436.dat
2004-07-11 01:16 978,369 ----a-w C:\Documents and Settings\Darrin\areslite181.exe
2003-04-08 20:14 38,656 ----a-w C:\WINDOWS\inf\p2k.sys
2004-07-08 19:48 32 --sha-w C:\WINDOWS\{CACD467F-0A51-4C79-883B-6A9D34E6577C}.dat
2007-01-25 01:19 11,894 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2004-07-08 19:48 32 --sha-w C:\WINDOWS\system32\{F66DB868-E09F-4423-B615-0E9691AEBF64}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1db54acb-8a80-42cc-a506-b62dcb7976b5}]
C:\WINDOWS\system32\yegeotrx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2004-04-27 16:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" []
"MICROS~1"="C:\WINDOWS\Mircosoft Network.exe" []
"areslite"="C:\Program Files\Ares Lite Edition\AresLite.exe" []
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"Zvgre"="C:\Documents and Settings\Darrin\My Documents\W?nSxS\m?iexec.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 01:56 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="F:\qttask.exe" [2007-02-16 09:54]
"9c5a0533"="C:\WINDOWS\system32\aljwfgon.dll" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-07-09 04:53:35]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 02:15:54]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ :\WINDOWS\system3

R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 00:45]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]
S2 CoachCap;Concord Eye-Q Duo 2000 USB Video Capture V1.01;C:\WINDOWS\system32\drivers\CoachCap.sys [2002-03-03 15:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NAVW32.exeG/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca
"2007-12-22 23:20:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 20:17:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 20:19:12
.
2007-12-13 09:04:38 --- E O F ---



Any help would be greatly appreciated... if you anything jsut let me know and i will do my best.


Thanks.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP