Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

hello guys i need your help again many trojans in my lab top

Started by danny0 , Jan 05 2008 10:34 AM

Please log in to reply

#1
danny0

Posted 05 January 2008 - 10:34 AM

Member

Member
25 posts

i did Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:24 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\Program Files\NaviSearch\bin\nls.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\Hbtools\HBTV\HBTV.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HbTools\Bin\4.8.4.0\HbtSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RegClean\RegClean.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.sympat...m...1&mkt=en-CA
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster...omeLeftPane.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: (no name) - {03493A17-F8E7-4D02-88F6-E289B981D343} - C:\WINDOWS\system32\nnljh.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DB7E58784E2B3DC1 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: (no name) - {53044FAF-41AF-449E-92C1-521BAFB02C83} - C:\WINDOWS\system32\nnlij.dll (file missing)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {22489203-6272-4279-0ec4-c027fb3880e8} - {8e0883bf-720c-4ce0-9724-272630298422} - C:\WINDOWS\system32\xlnsxnai.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\bin2\apuc.dll (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll (file missing)
O2 - BHO: SST - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Program Files\Lycos\sst.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [lqoiuri.scr] C:\WINDOWS\System32\lqoiuri.scr
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MCCInstall] D:\Intro\AA\MCCInstall\English\MCCInstall.exe -Step=9 -Settings
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\system32\ALiUSB20.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Ubiquiti Networks\ACU.exe" -nogui
O4 - HKLM\..\Run: [HbTools] C:\Program Files\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe
O4 - HKLM\..\Run: [vbhesziu] C:\WINDOWS\system32\nbypzvcy.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [34bd3704] rundll32.exe "C:\WINDOWS\system32\sifcjicg.dll",b
O4 - HKLM\..\Run: [RegClean] C:\Program Files\RegClean\RegClean.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolba...s/v3.0/0006.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://5711137.offsh...es/99950194.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: nnnmlji - nnnmlji.dll (file missing)
O23 - Service: Super Range Cardbus Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 10683 bytes
a hijack this this ladtop has win xp my anty viras is avg and after a scan 18 viras

#2
RiP

Posted 06 January 2008 - 07:15 PM

Malware Expert

Retired Staff
8,430 posts

Hello danny0

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#3
danny0

Posted 07 January 2008 - 12:56 PM

Member

Topic Starter
Member
25 posts

[bleep] rip chain i used a.v.g and did a scan it said 18 different trojan horse like trojan horse generic 8.egl,trojan horse generic9.aaaw,trojan horse generic8.egm,virus found lop,trojan horse bho.bot,and so on it moved then to the valt and then i removed then delete so i don't no that,s going on now thank alot.AccessDirect
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Alcatel SpeedTouch USB Software
ALi USB2.0 Driver
AOL
AVG Free Edition
BitComet 0.97
Britannica Ready Reference
Broadcom Advanced Control Suite
CashBack by BargainBuddy
Conexant D480 MDC V.92 Modem
Dell Digital Jukebox Driver
Dell Solution Center
Dell Support
Digital Line Detect
DVDSentry
EA.com Matchup
EA.com Update
Fotopoint v1.7.1
HijackThis 2.0.2
Hotbar Outlook Tools
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
hp deskjet 3820 series
hp deskjet 3820 series (Remove only)
hp instant support
Intel® Extreme Graphics Driver
InterActual Player
InterVideo WinDVD
Jungle Games
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0
Microsoft .NET Framework SDK (English) 1.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Modem Helper
Musicmatch® Jukebox
Nero - Burning Rom
NetWaiting
Network Stumbler 0.4.0 (remove only)
PA090
Quicken 2002 New User Edition
QuickTime
RealPlayer Basic
RegVac Registry Cleaner 5.01 (Registered Version)
RTLSetup
Saitek Gaming Extensions
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Shopper Reports by Hotbar
SUPERAntiSpyware Free Edition
Synaptics TouchPad
The ClueFinders® Reading Adventures Ages 9-12
Ubiquiti Networks Super Range Cardbus Installation Program
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Viewpoint Media Player (Remove Only)
Windows Desktop Search 3.01
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Writer
Windows Media Format Runtime
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WordPerfect Office 2002
WordPerfect Office 2002

#4
danny0

Posted 07 January 2008 - 02:16 PM

Member

Topic Starter
Member
25 posts

rip chain a new hijack this Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:37 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [lqoiuri.scr] C:\WINDOWS\System32\lqoiuri.scr
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MCCInstall] D:\Intro\AA\MCCInstall\English\MCCInstall.exe -Step=9 -Settings
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\system32\ALiUSB20.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Ubiquiti Networks\ACU.exe" -nogui
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolba...s/v3.0/0006.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://5711137.offsh...es/99950194.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnmlji - nnnmlji.dll (file missing)
O23 - Service: Super Range Cardbus Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8233 bytes

#5
RiP

Posted 11 January 2008 - 11:43 AM

Malware Expert

Retired Staff
8,430 posts

Do you have a log from combofix?

#6
danny0

Posted 11 January 2008 - 01:07 PM

Member

Topic Starter
Member
25 posts

i was sure i sent one but i gesComboFix 08-01-07.5 - Danny Brown 2008-01-11 13:54:08.2 - NTFSx86
Running from: C:\Documents and Settings\Danny Brown\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-09 04:49 . 2008-01-09 04:49 268 --ah----- C:\sqmdata19.sqm
2008-01-09 04:49 . 2008-01-09 04:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-09 03:43 . 2008-01-09 03:43 268 --ah----- C:\sqmdata18.sqm
2008-01-09 03:43 . 2008-01-09 03:43 244 --ah----- C:\sqmnoopt18.sqm
2008-01-09 03:28 . 2008-01-09 03:28 268 --ah----- C:\sqmdata17.sqm
2008-01-09 03:28 . 2008-01-09 03:28 244 --ah----- C:\sqmnoopt17.sqm
2008-01-08 19:16 . 2008-01-08 19:16 268 --ah----- C:\sqmdata16.sqm
2008-01-08 19:16 . 2008-01-08 19:16 244 --ah----- C:\sqmnoopt16.sqm
2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Program Files\StumbleUpon
2008-01-08 19:13 . 2008-01-11 14:00 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\StumbleUpon
2008-01-08 18:07 . 2008-01-08 18:07 268 --ah----- C:\sqmdata15.sqm
2008-01-08 18:07 . 2008-01-08 18:07 244 --ah----- C:\sqmnoopt15.sqm
2008-01-08 17:00 . 2008-01-08 17:00 268 --ah----- C:\sqmdata14.sqm
2008-01-08 17:00 . 2008-01-08 17:00 244 --ah----- C:\sqmnoopt14.sqm
2008-01-08 11:17 . 2008-01-08 11:17 268 --ah----- C:\sqmdata13.sqm
2008-01-08 11:17 . 2008-01-08 11:17 244 --ah----- C:\sqmnoopt13.sqm
2008-01-08 04:44 . 2008-01-08 04:44 268 --ah----- C:\sqmdata12.sqm
2008-01-08 04:44 . 2008-01-08 04:44 244 --ah----- C:\sqmnoopt12.sqm
2008-01-08 02:23 . 2008-01-08 02:23 268 --ah----- C:\sqmdata11.sqm
2008-01-08 02:23 . 2008-01-08 02:23 244 --ah----- C:\sqmnoopt11.sqm
2008-01-07 23:49 . 2002-08-29 05:00 57,398 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpdadm.exe
2008-01-07 23:49 . 2002-08-29 05:00 45,109 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpuex.exe
2008-01-07 21:07 . 2008-01-07 21:07 268 --ah----- C:\sqmdata10.sqm
2008-01-07 21:07 . 2008-01-07 21:07 244 --ah----- C:\sqmnoopt10.sqm
2008-01-07 14:25 . 2008-01-11 13:20 268 --ah----- C:\sqmdata09.sqm
2008-01-07 14:25 . 2008-01-11 13:20 244 --ah----- C:\sqmnoopt09.sqm
2008-01-07 14:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 19:18 . 2008-01-11 04:38 268 --ah----- C:\sqmdata08.sqm
2008-01-06 19:18 . 2008-01-11 04:38 244 --ah----- C:\sqmnoopt08.sqm
2008-01-06 18:58 . 2008-01-06 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-06 18:57 . 2008-01-07 00:06 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-01-06 18:56 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-01-06 18:52 . 2008-01-07 11:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2008-01-06 18:51 . 2008-01-07 11:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-06 17:13 . 2008-01-06 17:13 <DIR> d-------- C:\Program Files\RegVac Registry Cleaner
2008-01-06 15:47 . 2008-01-06 15:47 2,560 --a------ C:\WINDOWS\SYSTEM32\bitcometres.dll
2008-01-06 15:46 . 2008-01-08 19:13 <DIR> d-------- C:\Downloads
2008-01-06 15:45 . 2008-01-06 17:07 <DIR> d-------- C:\Program Files\BitComet
2008-01-06 04:23 . 2008-01-11 03:29 268 --ah----- C:\sqmdata07.sqm
2008-01-06 04:23 . 2008-01-11 03:29 244 --ah----- C:\sqmnoopt07.sqm
2008-01-05 23:42 . 2008-01-11 00:33 268 --ah----- C:\sqmdata06.sqm
2008-01-05 23:42 . 2008-01-11 00:33 244 --ah----- C:\sqmnoopt06.sqm
2008-01-05 21:04 . 2008-01-10 18:47 268 --ah----- C:\sqmdata05.sqm
2008-01-05 21:04 . 2008-01-10 18:47 244 --ah----- C:\sqmnoopt05.sqm
2008-01-05 17:05 . 2008-01-10 15:59 268 --ah----- C:\sqmdata04.sqm
2008-01-05 17:05 . 2008-01-10 15:59 244 --ah----- C:\sqmnoopt04.sqm
2008-01-05 15:25 . 2008-01-11 10:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 15:25 . 2008-01-05 15:25 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\SUPERAntiSpyware.com
2008-01-05 15:25 . 2008-01-05 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 15:23 . 2008-01-05 15:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 11:23 . 2008-01-05 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-05 10:24 . 2008-01-05 10:39 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\RegClean
2008-01-05 01:53 . 2008-01-05 01:53 294 ---hs---- C:\WINDOWS\SYSTEM32\gcijcfis.ini
2008-01-02 12:55 . 2008-01-02 12:50 414 --ahs---- C:\WINDOWS\SYSTEM32\erynjhrv.ini
2008-01-02 11:45 . 2008-01-10 14:56 268 --ah----- C:\sqmdata03.sqm
2008-01-02 11:45 . 2008-01-10 14:56 244 --ah----- C:\sqmnoopt03.sqm
2008-01-02 11:40 . 2008-01-02 12:50 414 ---hs---- C:\WINDOWS\SYSTEM32\onurgnwn.ini
2008-01-02 11:39 . 2008-01-02 11:39 294 ---hs---- C:\WINDOWS\SYSTEM32\toytvfdd.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 05:32 --------- d-----w C:\Program Files\hbinst
2008-01-10 05:37 --------- d-----w C:\Documents and Settings\Danny Brown\Application Data\AVG7
2008-01-05 22:04 --------- d-----w C:\Program Files\CashBack
2008-01-05 20:45 --------- d-----w C:\Program Files\Ubiquiti Networks
2008-01-05 20:45 --------- d-----w C:\Program Files\Dell Modem-On-Hold
2008-01-05 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-05 08:06 --------- d-----w C:\Program Files\Windows Live
2008-01-05 08:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2003-06-07 00:13 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2008-01-07_14.41.48.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2004-08-04 07:56:41 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 07:56:41 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 07:56:41 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2007-10-11 06:13:44 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 07:56:42 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 07:56:50 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 07:56:42 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 07:56:42 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2002-08-29 10:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 07:56:42 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 07:56:42 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-10-11 06:13:44 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 07:56:42 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 07:56:42 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 07:56:50 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 07:56:42 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-10-11 06:13:44 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-10-11 06:13:44 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 07:56:42 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 07:56:53 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-10-30 10:16:33 3,058,688 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 07:56:14 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2002-08-29 10:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-10-11 06:13:45 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 07:56:44 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-10-11 06:13:45 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 07:56:46 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-10-11 06:13:45 615,424 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 07:56:46 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 07:56:46 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-10-11 06:13:45 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 23:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-02-12 21:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 23:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 23:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2002-08-29 02:39:08 175,104 ----a-w C:\WINDOWS\IME\CHSIME\APPLETS\PINTLCSA.DLL
+ 2002-08-29 02:39:08 53,760 ----a-w C:\WINDOWS\IME\CHSIME\APPLETS\PINTLCSD.DLL
+ 2002-08-29 02:39:42 97,792 ----a-w C:\WINDOWS\IME\CHTIME\Applets\CHTMBX.DLL
+ 2002-08-29 02:39:42 56,320 ----a-w C:\WINDOWS\IME\CHTIME\Applets\CHTSKDIC.DLL
+ 2002-08-29 02:39:42 173,568 ----a-w C:\WINDOWS\IME\CHTIME\Applets\CHTSKF.DLL
+ 2004-08-04 05:32:34 426,041 ----a-w C:\WINDOWS\IME\IMJP8_1\APPLETS\voicepad.dll
+ 2004-08-04 05:32:35 86,073 ----a-w C:\WINDOWS\IME\IMJP8_1\APPLETS\voicesub.dll
+ 2004-08-04 05:31:38 57,399 ----a-w C:\WINDOWS\IME\IMJP8_1\cplexe.exe
+ 2004-08-04 05:31:50 368,696 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpcic.dll
+ 2004-08-04 05:31:51 716,856 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpcus.dll
+ 2002-08-29 10:00:00 57,398 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpdadm.exe
+ 2004-08-04 05:31:52 81,976 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpdct.dll
+ 2004-08-04 05:31:53 307,257 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpdct.exe
+ 2004-08-04 05:31:54 155,705 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpdsvr.exe
+ 2004-08-04 05:31:57 196,665 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpinst.exe
+ 2004-08-04 05:31:59 208,952 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpmig.exe
+ 2004-08-04 05:32:11 233,527 ----a-w C:\WINDOWS\IME\IMJP8_1\imjprw.exe
+ 2002-08-29 10:00:00 45,109 ----a-w C:\WINDOWS\IME\IMJP8_1\imjpuex.exe
+ 2004-08-04 05:32:14 262,200 ----a-w C:\WINDOWS\IME\IMJP8_1\imjputy.exe
+ 2004-08-04 05:32:15 274,489 ----a-w C:\WINDOWS\IME\IMJP8_1\imjputyc.dll
+ 2004-08-04 06:04:32 86,016 ----a-w C:\WINDOWS\IME\IMKR6_1\APPLETS\imekrmbx.dll
+ 2004-08-04 06:04:36 106,496 ----a-w C:\WINDOWS\IME\IMKR6_1\imekrcic.dll
+ 2002-08-29 02:39:02 102,456 ----a-w C:\WINDOWS\IME\SHARED\imlang.dll
+ 2002-08-29 02:39:46 15,872 ----a-w C:\WINDOWS\IME\SHARED\RES\PADRS404.DLL
+ 2002-08-29 02:39:08 15,360 ----a-w C:\WINDOWS\IME\SHARED\RES\padrs804.dll
- 2004-08-04 07:56:41 61,440 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\SYSTEM32\admparse.dll
- 2004-08-04 07:56:41 99,840 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\SYSTEM32\advpack.dll
+ 2002-08-29 10:00:00 6,656 ----a-w C:\WINDOWS\SYSTEM32\c_is2022.dll
- 2004-08-04 07:56:41 35,328 ----a-w C:\WINDOWS\SYSTEM32\corpol.dll
+ 2007-08-13 23:42:54 17,408 ----a-w C:\WINDOWS\SYSTEM32\corpol.dll
+ 2007-08-13 23:39:20 71,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\admparse.dll
+ 2007-10-10 23:55:51 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
+ 2002-08-29 10:00:00 6,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\c_is2022.dll
+ 2002-08-29 02:39:42 97,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\chtmbx.dll
+ 2002-08-29 02:39:42 56,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\chtskdic.dll
+ 2002-08-29 02:39:42 173,568 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\chtskf.dll
+ 2004-08-04 05:31:52 198,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cintime.dll
+ 2004-08-04 05:31:54 480,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cintsetp.exe
+ 2007-08-13 23:42:54 17,408 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\corpol.dll
+ 2004-08-04 05:31:38 57,399 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cplexe.exe
+ 2007-08-13 23:54:10 33,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll
- 2007-10-11 06:13:44 357,888 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
- 2007-10-11 06:13:44 205,312 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
- 2007-10-11 06:13:44 55,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
+ 2007-08-13 23:18:02 60,416 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\hmmapi.dll
+ 2007-10-10 23:55:51 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
+ 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
+ 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
+ 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
- 2002-08-29 10:00:00 221,184 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
+ 2007-10-10 23:55:52 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
+ 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
- 2007-10-10 11:16:27 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 23:44:02 69,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
+ 2007-08-13 23:45:18 78,336 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieencode.dll
+ 2007-10-10 23:55:54 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
- 2007-10-11 06:13:44 251,392 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iepeers.dll
+ 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
+ 2007-10-10 23:55:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
+ 2007-08-13 23:39:12 55,296 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iesetup.dll
+ 2007-10-10 10:59:40 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
+ 2007-10-10 10:59:52 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
+ 2004-08-04 06:04:36 106,496 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imekrcic.dll
+ 2004-08-04 06:04:32 86,016 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imekrmbx.dll
+ 2007-08-13 23:36:06 36,352 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\imgutil.dll
+ 2004-08-04 05:31:48 811,064 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjp81k.dll
+ 2004-08-04 05:31:50 368,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpcic.dll
+ 2004-08-04 05:31:51 716,856 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpcus.dll
+ 2004-08-04 05:31:52 81,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpdct.dll
+ 2004-08-04 05:31:53 307,257 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpdct.exe
+ 2004-08-04 05:31:54 155,705 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpdsvr.exe
+ 2004-08-04 05:31:57 196,665 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpinst.exe
+ 2004-08-04 05:31:59 208,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjpmig.exe
+ 2004-08-04 05:32:11 233,527 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjprw.exe
+ 2004-08-04 05:32:14 262,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjputy.exe
+ 2004-08-04 05:32:15 274,489 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imjputyc.dll
+ 2002-08-29 02:39:02 102,456 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imlang.dll
+ 2002-08-29 02:39:06 59,392 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\imscinst.exe
- 2007-10-11 06:13:44 96,256 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\inseng.dll
- 2007-11-14 07:26:56 450,560 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
- 2007-10-11 06:13:44 16,384 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
+ 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\kbd101b.dll
+ 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\kbd101c.dll
+ 2001-08-17 19:55:56 5,632 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\kbd103.dll
+ 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\kbd106.dll
+ 2001-08-18 03:36:18 8,704 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\kbdjpn.dll
+ 2001-08-18 03:36:18 8,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\kbdkor.dll
+ 2007-08-13 23:44:18 40,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\licmgr10.dll
- 2006-08-17 12:28:27 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
+ 2007-10-10 23:55:56 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
+ 2007-08-13 23:32:30 45,568 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshta.exe
- 2007-10-30 10:16:33 3,058,688 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
- 2007-10-11 06:13:45 449,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
+ 2007-08-13 23:01:12 48,128 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmler.dll
+ 2007-08-13 23:54:10 156,160 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msls31.dll
- 2007-10-11 06:13:45 146,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
- 2007-10-11 06:13:45 532,480 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
+ 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
+ 2002-08-29 02:39:46 15,872 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\padrs404.dll
+ 2002-08-29 02:39:08 15,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\padrs804.dll
+ 2002-08-29 02:39:08 175,104 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pintlcsa.dll
+ 2002-08-29 02:39:08 53,760 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pintlcsd.dll
+ 2002-08-29 02:39:06 70,144 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pintlphr.exe
+ 2002-08-29 02:39:08 67,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pmigrate.dll
- 2007-10-11 06:13:45 39,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
- 2006-04-20 11:51:50 359,808 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
+ 2002-08-29 02:39:50 44,032 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tintlphr.exe
+ 2002-08-29 02:39:50 455,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tintsetp.exe
+ 2002-08-29 02:39:48 10,240 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tmigrate.dll
+ 2004-08-04 06:04:11 76,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\uniime.dll
+ 2007-10-10 23:55:59 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
- 2007-10-11 06:13:45 615,424 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
+ 2007-08-13 23:54:10 413,696 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vbscript.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\vgx.dll
+ 2004-08-04 05:32:34 426,041 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\voicepad.dll
+ 2004-08-04 05:32:35 86,073 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\voicesub.dll
+ 2007-10-10 23:56:00 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
- 2007-10-11 06:13:45 659,456 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
- 2007-10-11 06:13:44 357,888 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\SYSTEM32\dxtmsft.dll
- 2007-10-11 06:13:44 205,312 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\SYSTEM32\dxtrans.dll
- 2007-10-11 06:13:44 55,808 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\SYSTEM32\extmgr.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\SYSTEM32\icardie.dll
+ 2006-06-29 13:05:44 26,112 ------w C:\WINDOWS\SYSTEM32\idndl.dll
- 2004-08-04 07:56:50 34,304 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\SYSTEM32\ie4uinit.exe
- 2004-08-04 07:56:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\SYSTEM32\ieakeng.dll
- 2004-08-04 07:56:42 216,576 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\SYSTEM32\ieaksie.dll
- 2002-08-29 10:00:00 221,184 -c--a-w C:\WINDOWS\SYSTEM32\IEAKUI.DLL
+ 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\SYSTEM32\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dat
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\SYSTEM32\ieapfltr.dll
- 2004-08-04 07:56:42 323,584 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\SYSTEM32\iedkcs32.dll
- 2004-08-04 07:56:42 81,920 ----a-w C:\WINDOWS\SYSTEM32\ieencode.dll
+ 2007-08-13 23:45:18 78,336 ----a-w C:\WINDOWS\SYSTEM32\ieencode.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\SYSTEM32\ieframe.dll
- 2007-10-11 06:13:44 251,392 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\SYSTEM32\iepeers.dll
- 2004-08-04 07:56:42 48,640 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\SYSTEM32\iernonce.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\SYSTEM32\iertutil.dll
- 2004-08-04 07:56:42 62,976 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\SYSTEM32\iesetup.dll
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\SYSTEM32\ieudinit.exe
+ 2007-08-13 23:54:10 180,736 ------w C:\WINDOWS\SYSTEM32\ieui.dll
+ 2004-08-04 05:31:52 198,656 ----a-w C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTIME.DLL
+ 2004-08-04 05:31:54 480,256 ----a-w C:\WINDOWS\SYSTEM32\IME\CINTLGNT\CINTSETP.EXE
+ 2002-08-29 02:39:06 59,392 ----a-w C:\WINDOWS\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE
+ 2002-08-29 02:39:06 70,144 ----a-w C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PINTLPHR.EXE
+ 2002-08-29 02:39:08 67,584 ----a-w C:\WINDOWS\SYSTEM32\IME\PINTLGNT\PMIGRATE.DLL
+ 2002-08-29 02:39:50 44,032 ----a-w C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTLPHR.EXE
+ 2002-08-29 02:39:50 455,168 ----a-w C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE
+ 2002-08-29 02:39:48 10,240 ----a-w C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TMIGRATE.DLL
- 2004-08-04 07:56:42 35,840 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\SYSTEM32\imgutil.dll
+ 2004-08-04 05:31:48 811,064 ----a-w C:\WINDOWS\SYSTEM32\imjp81k.dll
- 2007-10-11 06:13:44 96,256 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\SYSTEM32\inseng.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\SYSTEM32\jscript.dll
- 2007-10-11 06:13:44 16,384 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\SYSTEM32\jsproxy.dll
+ 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\SYSTEM32\kbd101b.dll
+ 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\SYSTEM32\kbd101c.dll
+ 2001-08-17 19:55:56 5,632 ----a-w C:\WINDOWS\SYSTEM32\kbd103.dll
+ 2001-08-17 19:55:56 6,144 ----a-w C:\WINDOWS\SYSTEM32\kbd106.dll
+ 2001-08-18 03:36:18 8,704 ----a-w C:\WINDOWS\SYSTEM32\kbdjpn.dll
+ 2001-08-18 03:36:18 8,192 ----a-w C:\WINDOWS\SYSTEM32\kbdkor.dll
- 2004-08-04 07:56:42 22,016 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\SYSTEM32\licmgr10.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
- 2007-12-02 20:00:06 18,684,536 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\SYSTEM32\MRT.exe
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\SYSTEM32\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\SYSTEM32\msfeedsbs.dll
+ 2007-08-13 23:36:40 12,288 ------w C:\WINDOWS\SYSTEM32\msfeedssync.exe
- 2004-08-04 07:56:53 29,184 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\SYSTEM32\mshta.exe
- 2007-10-30 10:16:33 3,058,688 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
+ 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\mshtml.dll
- 2007-10-11 06:13:45 449,024 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\SYSTEM32\mshtmled.dll
- 2004-08-04 07:56:14 56,832 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\SYSTEM32\mshtmler.dll
- 2002-08-29 10:00:00 146,432 ----a-w C:\WINDOWS\SYSTEM32\MSLS31.DLL
+ 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\SYSTEM32\msls31.dll
- 2007-10-11 06:13:45 146,432 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\SYSTEM32\msrating.dll
- 2007-10-11 06:13:45 532,480 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\SYSTEM32\mstime.dll
+ 2006-06-28 22:59:26 24,576 ------w C:\WINDOWS\SYSTEM32\nlsdl.dll
+ 2006-06-29 13:05:44 23,552 ------w C:\WINDOWS\SYSTEM32\normaliz.dll
- 2004-08-04 07:56:44 96,256 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
+ 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\SYSTEM32\occache.dll
- 2007-10-11 06:13:45 39,424 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\SYSTEM32\pngfilt.dll
+ 2004-08-04 06:04:11 76,288 ----a-w C:\WINDOWS\SYSTEM32\uniime.dll
- 2004-08-04 07:56:46 37,888 ----a-w C:\WINDOWS\SYSTEM32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\SYSTEM32\url.dll
- 2007-10-11 06:13:45 615,424 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\SYSTEM32\urlmon.dll
- 2004-08-04 07:56:46 417,792 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
+ 2007-08-13 23:54:10 413,696 ----a-w C:\WINDOWS\SYSTEM32\vbscript.dll
- 2004-08-04 07:56:46 276,480 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\SYSTEM32\webcheck.dll
+ 2007-08-13 23:45:16 206,336 ------w C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
- 2007-10-11 06:13:45 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-08-16 15:19 5728112]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2002-12-13 16:05 225280]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 12:30 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 12:29 561152]
"SAITEKAUTOCONFIGURE"="C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe" [2001-01-19 16:34 45056]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-06-06 19:06 26112]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50 155648]
"lqoiuri.scr"="C:\WINDOWS\System32\lqoiuri.scr" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 03:50 188416]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2002-11-01 16:47 208560]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" [ ]
"CARPService"="carpserv.exe" [2003-01-23 15:06 4608 C:\WINDOWS\SYSTEM32\carpserv.exe]
"NaviSearch"="C:\Program Files\NaviSearch\bin\nls.exe" [ ]
"BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" [ ]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40 4341760]
"MCCInstall"="D:\Intro\AA\MCCInstall\English\MCCInstall.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 07:58 53248]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 01:57 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-05 01:57 406528]
"ALiUSBfix"="C:\WINDOWS\system32\ALiUSB20.exe" [2002-08-30 07:47 84992]
"ACU"="C:\Program Files\Ubiquiti Networks\ACU.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 01:57 219136]

C:\Documents and Settings\Danny Brown\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2003-08-28 22:46:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2003-06-06 19:06:02]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-06-06 19:03:39]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlji]
nnnmlji.dll

R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 12:00]
S1 oxmf;OXPCI Bus enumerator;C:\WINDOWS\system32\DRIVERS\oxmf.sys [2003-11-06 21:39]
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2003-11-06 21:39]
S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 22:04]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 22:04]
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-05-03 10:41]
S3 cyzport;Cyclades-Z Port Driver;C:\WINDOWS\system32\DRIVERS\cyzport.sys [2001-08-17 13:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 Oxmfuf;Filter driver for OX16PCI954 ports;C:\WINDOWS\system32\DRIVERS\oxmfuf.sys [2003-11-06 21:39]
S3 SRC;Ubiquiti Wireless SRC/XR2 Network Adapter Service;C:\WINDOWS\system32\DRIVERS\netsr.sys [2007-03-13 08:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-11 19:00:15 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-11 08:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 14:00:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 14:03:26
ComboFix-quarantined-files.txt 2008-01-11 19:03:00
ComboFix2.txt 2008-01-07 19:42:54
.
2008-01-10 08:09:24 --- E O F ---
s i didn't here it is

#7
RiP

Posted 12 January 2008 - 07:13 PM

Malware Expert

Retired Staff
8,430 posts

Hello danny0

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\SYSTEM32\gcijcfis.ini
C:\WINDOWS\SYSTEM32\erynjhrv.ini
C:\WINDOWS\SYSTEM32\onurgnwn.ini
C:\WINDOWS\SYSTEM32\toytvfdd.ini

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

Combofix.txt
A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#8
danny0

Posted 14 January 2008 - 12:52 AM

Member

Topic Starter
Member
25 posts

ComboFix 08-01-07.5 - Danny Brown 2008-01-14 1:22:26.3 - NTFSx86
Running from: C:\Documents and Settings\Danny Brown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danny Brown\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\SYSTEM32\erynjhrv.ini
C:\WINDOWS\SYSTEM32\gcijcfis.ini
C:\WINDOWS\SYSTEM32\onurgnwn.ini
C:\WINDOWS\SYSTEM32\toytvfdd.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\00A132E0.urr
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\00060CFC
C:\Program Files\MyWebSearch\bar\Cache\00062A16
C:\Program Files\MyWebSearch\bar\Cache\00A439D1.bin
C:\Program Files\MyWebSearch\bar\Cache\00A43E33.bin
C:\Program Files\MyWebSearch\bar\Cache\00A446D8.bin
C:\Program Files\MyWebSearch\bar\Cache\00A458E1.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\WINDOWS\SYSTEM32\erynjhrv.ini
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\SYSTEM32\gcijcfis.ini
C:\WINDOWS\SYSTEM32\onurgnwn.ini
C:\WINDOWS\SYSTEM32\toytvfdd.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-11 21:41 . 2008-01-11 21:41 <DIR> d-------- C:\WINDOWS\Sun
2008-01-11 21:39 . 2008-01-12 09:08 <DIR> d-------- C:\Program Files\Google
2008-01-11 21:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-11 21:36 . 2008-01-11 21:38 <DIR> d-------- C:\Program Files\Java
2008-01-11 21:33 . 2008-01-11 21:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-09 04:49 . 2008-01-09 04:49 268 --ah----- C:\sqmdata19.sqm
2008-01-09 04:49 . 2008-01-09 04:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-09 03:43 . 2008-01-13 19:36 268 --ah----- C:\sqmdata18.sqm
2008-01-09 03:43 . 2008-01-13 19:36 244 --ah----- C:\sqmnoopt18.sqm
2008-01-09 03:28 . 2008-01-13 16:08 268 --ah----- C:\sqmdata17.sqm
2008-01-09 03:28 . 2008-01-13 16:08 244 --ah----- C:\sqmnoopt17.sqm
2008-01-08 19:16 . 2008-01-13 11:40 268 --ah----- C:\sqmdata16.sqm
2008-01-08 19:16 . 2008-01-13 11:40 244 --ah----- C:\sqmnoopt16.sqm
2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Program Files\StumbleUpon
2008-01-08 19:13 . 2008-01-14 01:18 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\StumbleUpon
2008-01-08 18:07 . 2008-01-13 04:38 268 --ah----- C:\sqmdata15.sqm
2008-01-08 18:07 . 2008-01-13 04:38 244 --ah----- C:\sqmnoopt15.sqm
2008-01-08 17:00 . 2008-01-13 02:21 268 --ah----- C:\sqmdata14.sqm
2008-01-08 17:00 . 2008-01-13 02:21 244 --ah----- C:\sqmnoopt14.sqm
2008-01-08 11:17 . 2008-01-12 23:02 268 --ah----- C:\sqmdata13.sqm
2008-01-08 11:17 . 2008-01-12 23:02 244 --ah----- C:\sqmnoopt13.sqm
2008-01-08 04:44 . 2008-01-12 09:27 268 --ah----- C:\sqmdata12.sqm
2008-01-08 04:44 . 2008-01-12 09:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-08 02:23 . 2008-01-12 03:52 268 --ah----- C:\sqmdata11.sqm
2008-01-08 02:23 . 2008-01-12 03:52 244 --ah----- C:\sqmnoopt11.sqm
2008-01-07 23:49 . 2002-08-29 05:00 57,398 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpdadm.exe
2008-01-07 23:49 . 2002-08-29 05:00 45,109 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpuex.exe
2008-01-07 21:07 . 2008-01-11 16:12 268 --ah----- C:\sqmdata10.sqm
2008-01-07 21:07 . 2008-01-11 16:12 244 --ah----- C:\sqmnoopt10.sqm
2008-01-07 14:25 . 2008-01-11 13:20 268 --ah----- C:\sqmdata09.sqm
2008-01-07 14:25 . 2008-01-11 13:20 244 --ah----- C:\sqmnoopt09.sqm
2008-01-07 14:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 19:18 . 2008-01-11 04:38 268 --ah----- C:\sqmdata08.sqm
2008-01-06 19:18 . 2008-01-11 04:38 244 --ah----- C:\sqmnoopt08.sqm
2008-01-06 18:58 . 2008-01-06 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-06 18:57 . 2008-01-07 00:06 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-01-06 18:56 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-01-06 18:52 . 2008-01-07 11:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2008-01-06 18:51 . 2008-01-07 11:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-06 17:13 . 2008-01-06 17:13 <DIR> d-------- C:\Program Files\RegVac Registry Cleaner
2008-01-06 15:47 . 2008-01-06 15:47 2,560 --a------ C:\WINDOWS\SYSTEM32\bitcometres.dll
2008-01-06 15:46 . 2008-01-08 19:13 <DIR> d-------- C:\Downloads
2008-01-06 15:45 . 2008-01-06 17:07 <DIR> d-------- C:\Program Files\BitComet
2008-01-06 04:23 . 2008-01-11 03:29 268 --ah----- C:\sqmdata07.sqm
2008-01-06 04:23 . 2008-01-11 03:29 244 --ah----- C:\sqmnoopt07.sqm
2008-01-05 23:42 . 2008-01-11 00:33 268 --ah----- C:\sqmdata06.sqm
2008-01-05 23:42 . 2008-01-11 00:33 244 --ah----- C:\sqmnoopt06.sqm
2008-01-05 21:04 . 2008-01-10 18:47 268 --ah----- C:\sqmdata05.sqm
2008-01-05 21:04 . 2008-01-10 18:47 244 --ah----- C:\sqmnoopt05.sqm
2008-01-05 17:05 . 2008-01-10 15:59 268 --ah----- C:\sqmdata04.sqm
2008-01-05 17:05 . 2008-01-10 15:59 244 --ah----- C:\sqmnoopt04.sqm
2008-01-05 15:25 . 2008-01-13 13:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 15:25 . 2008-01-05 15:25 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\SUPERAntiSpyware.com
2008-01-05 15:25 . 2008-01-05 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 15:23 . 2008-01-05 15:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 11:23 . 2008-01-05 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-05 10:24 . 2008-01-05 10:39 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\RegClean
2008-01-02 11:45 . 2008-01-10 14:56 268 --ah----- C:\sqmdata03.sqm
2008-01-02 11:45 . 2008-01-10 14:56 244 --ah----- C:\sqmnoopt03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 05:32 --------- d-----w C:\Program Files\hbinst
2008-01-10 05:37 --------- d-----w C:\Documents and Settings\Danny Brown\Application Data\AVG7
2008-01-05 22:04 --------- d-----w C:\Program Files\CashBack
2008-01-05 20:45 --------- d-----w C:\Program Files\Ubiquiti Networks
2008-01-05 20:45 --------- d-----w C:\Program Files\Dell Modem-On-Hold
2008-01-05 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-05 08:06 --------- d-----w C:\Program Files\Windows Live
2008-01-05 08:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2003-06-07 00:13 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot_2008-01-11_14.02.01.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-08-16 15:19 5728112]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2002-12-13 16:05 225280]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 12:30 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 12:29 561152]
"SAITEKAUTOCONFIGURE"="C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe" [2001-01-19 16:34 45056]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-06-06 19:06 26112]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50 155648]
"lqoiuri.scr"="C:\WINDOWS\System32\lqoiuri.scr" [ ]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 03:50 188416]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2002-11-01 16:47 208560]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" [ ]
"CARPService"="carpserv.exe" [2003-01-23 15:06 4608 C:\WINDOWS\SYSTEM32\carpserv.exe]
"NaviSearch"="C:\Program Files\NaviSearch\bin\nls.exe" [ ]
"BullsEye Network"="C:\Program Files\BullsEye Network\bin\bargains.exe" [ ]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40 4341760]
"MCCInstall"="D:\Intro\AA\MCCInstall\English\MCCInstall.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 07:58 53248]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 01:57 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-05 01:57 406528]
"ALiUSBfix"="C:\WINDOWS\system32\ALiUSB20.exe" [2002-08-30 07:47 84992]
"ACU"="C:\Program Files\Ubiquiti Networks\ACU.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 01:57 219136]

C:\Documents and Settings\Danny Brown\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2003-08-28 22:46:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2003-06-06 19:06:02]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-06-06 19:03:39]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlji]
nnnmlji.dll

R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 12:00]
S1 oxmf;OXPCI Bus enumerator;C:\WINDOWS\system32\DRIVERS\oxmf.sys [2003-11-06 21:39]
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2003-11-06 21:39]
S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 22:04]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 22:04]
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-05-03 10:41]
S3 cyzport;Cyclades-Z Port Driver;C:\WINDOWS\system32\DRIVERS\cyzport.sys [2001-08-17 13:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 Oxmfuf;Filter driver for OX16PCI954 ports;C:\WINDOWS\system32\DRIVERS\oxmfuf.sys [2003-11-06 21:39]
S3 SRC;Ubiquiti Wireless SRC/XR2 Network Adapter Service;C:\WINDOWS\system32\DRIVERS\netsr.sys [2007-03-13 08:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 21:00:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-13 08:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 01:28:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 1:31:14
ComboFix-quarantined-files.txt 2008-01-14 06:30:44
ComboFix2.txt 2008-01-11 19:03:28
ComboFix3.txt 2008-01-07 19:42:54
.
2008-01-10 08:09:24 --- E O F ---

#9
danny0

Posted 14 January 2008 - 12:59 AM

Member

Topic Starter
Member
25 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:19 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [lqoiuri.scr] C:\WINDOWS\System32\lqoiuri.scr
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MCCInstall] D:\Intro\AA\MCCInstall\English\MCCInstall.exe -Step=9 -Settings
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\system32\ALiUSB20.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Ubiquiti Networks\ACU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZZ
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolba...s/v3.0/0006.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://5711137.offsh...es/99950194.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnmlji - nnnmlji.dll (file missing)
O23 - Service: Super Range Cardbus Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9967 bytes

#10
RiP

Posted 14 January 2008 - 03:16 PM

Malware Expert

Retired Staff
8,430 posts

Hello danny0,

Please download Navilog1 by IL-MAFIOSO:
http://pagesperso-or...ix/Navilog1.exe
(*Alternate download location Here)

* Save it to your Desktop.
* Double-click on Navilog1.exe to install the program.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double-click on the Navilog1 shortcut on your Desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time).
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

#11
danny0

Posted 14 January 2008 - 10:01 PM

Member

Topic Starter
Member
25 posts

Search Navipromo version 3.4.0 began on Mon 01/14/2008 at 22:51:51.20

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Updated on 09.01.2008 at 20h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.13
Filesystem type : NTFS

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Search folders in "C:\Documents and Settings\Danny Brown\application data" ***

*** Search folders in "C:\Documents and Settings\Danny Brown\STARTM~1\Programs" ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Danny Brown\local settings\application data" *

*** Search files ***

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In C:\WINDOWS\system32 :

* In "C:\Documents and Settings\Danny Brown\local settings\application data" :

3)Certificates Search :

Egroup certificate not found !

4)Search known files :

*** Search completed on Mon 01/14/2008 at 22:58:46.96 ***

#12
RiP

Posted 16 January 2008 - 02:14 PM

Malware Expert

Retired Staff
8,430 posts

Hello danny0

Using Add Or Remove Programs remove the following entries (if present): (To get into add Or Remove Programs press the START button > Control Panel > Add Or Remove Programs.)

Cashback
NaviSearch
BullsEye Network

A. Please RUN HijackThis

Click the SCAN button to produce a log.
Place a check mark beside each one of the following items:

O4 - HKLM\..\Run: [lqoiuri.scr] C:\WINDOWS\System32\lqoiuri.scr
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://www.xxxtoolba...s/v3.0/0006.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://5711137.offsh...es/99950194.cab
O20 - Winlogon Notify: nnnmlji - nnnmlji.dll (file missing)
Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\System32\lqoiuri.scr

Folder::
C:\Program Files\NaviSearch
C:\Program Files\hbinst
C:\Program Files\CashBack
C:\Program Files\BullsEye Network

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

6. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

#13
danny0

Posted 17 January 2008 - 09:46 PM

Member

Topic Starter
Member
25 posts

ComboFix 08-01-07.5 - Danny Brown 2008-01-17 22:31:55.4 - NTFSx86
Running from: C:\Documents and Settings\Danny Brown\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Danny Brown\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\CashBack
C:\Program Files\CashBack\ad.dat
C:\Program Files\CashBack\bb_auto_wider.swf
C:\Program Files\CashBack\bb_click_wider.swf
C:\Program Files\CashBack\bb_welcome.html
C:\Program Files\CashBack\bb_welcome1.swf
C:\Program Files\CashBack\blank.gif
C:\Program Files\CashBack\icon.gif
C:\Program Files\CashBack\logo.gif
C:\Program Files\CashBack\t1110847186.dec
C:\Program Files\CashBack\t1111692510.dec
C:\Program Files\CashBack\t1111698694.dec
C:\Program Files\CashBack\t1188154777.dec
C:\Program Files\CashBack\t1189837150.dec
C:\Program Files\CashBack\t1190101487.dec
C:\Program Files\CashBack\t1191570497.dec
C:\Program Files\CashBack\t1191660287.dec
C:\Program Files\CashBack\t1191684478.dec
C:\Program Files\CashBack\t1191770483.dec
C:\Program Files\CashBack\t1191872955.dec
C:\Program Files\CashBack\t1191906037.dec
C:\Program Files\CashBack\t1192087933.dec
C:\Program Files\CashBack\t1192161050.dec
C:\Program Files\CashBack\t1193696870.dec
C:\Program Files\CashBack\t1195529381.dec
C:\Program Files\CashBack\t1197729338.dec
C:\Program Files\CashBack\t1197733354.dec
C:\Program Files\CashBack\t1197736567.dec
C:\Program Files\CashBack\t1199280125.dec
C:\Program Files\CashBack\t1199515569.dec
C:\Program Files\CashBack\t1199517969.dec
C:\Program Files\CashBack\t1199541705.dec
C:\Program Files\CashBack\template.html
C:\Program Files\CashBack\template2.html
C:\Program Files\CashBack\ub.dat
C:\Program Files\hbinst

.
((((((((((((((((((((((((( Files Created from 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))
.

2008-01-14 22:44 . 2008-01-17 22:14 <DIR> d-------- C:\Program Files\Navilog1
2008-01-11 21:41 . 2008-01-11 21:41 <DIR> d-------- C:\WINDOWS\Sun
2008-01-11 21:39 . 2008-01-12 09:08 <DIR> d-------- C:\Program Files\Google
2008-01-11 21:38 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-11 21:36 . 2008-01-11 21:38 <DIR> d-------- C:\Program Files\Java
2008-01-11 21:33 . 2008-01-11 21:33 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-09 04:49 . 2008-01-14 01:41 268 --ah----- C:\sqmdata19.sqm
2008-01-09 04:49 . 2008-01-14 01:41 244 --ah----- C:\sqmnoopt19.sqm
2008-01-09 03:43 . 2008-01-13 19:36 268 --ah----- C:\sqmdata18.sqm
2008-01-09 03:43 . 2008-01-13 19:36 244 --ah----- C:\sqmnoopt18.sqm
2008-01-09 03:28 . 2008-01-13 16:08 268 --ah----- C:\sqmdata17.sqm
2008-01-09 03:28 . 2008-01-13 16:08 244 --ah----- C:\sqmnoopt17.sqm
2008-01-08 19:16 . 2008-01-13 11:40 268 --ah----- C:\sqmdata16.sqm
2008-01-08 19:16 . 2008-01-13 11:40 244 --ah----- C:\sqmnoopt16.sqm
2008-01-08 19:13 . 2008-01-08 19:13 <DIR> d-------- C:\Program Files\StumbleUpon
2008-01-08 19:13 . 2008-01-17 22:37 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\StumbleUpon
2008-01-08 18:07 . 2008-01-13 04:38 268 --ah----- C:\sqmdata15.sqm
2008-01-08 18:07 . 2008-01-13 04:38 244 --ah----- C:\sqmnoopt15.sqm
2008-01-08 17:00 . 2008-01-13 02:21 268 --ah----- C:\sqmdata14.sqm
2008-01-08 17:00 . 2008-01-13 02:21 244 --ah----- C:\sqmnoopt14.sqm
2008-01-08 11:17 . 2008-01-12 23:02 268 --ah----- C:\sqmdata13.sqm
2008-01-08 11:17 . 2008-01-12 23:02 244 --ah----- C:\sqmnoopt13.sqm
2008-01-08 04:44 . 2008-01-12 09:27 268 --ah----- C:\sqmdata12.sqm
2008-01-08 04:44 . 2008-01-12 09:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-08 02:23 . 2008-01-12 03:52 268 --ah----- C:\sqmdata11.sqm
2008-01-08 02:23 . 2008-01-12 03:52 244 --ah----- C:\sqmnoopt11.sqm
2008-01-07 23:49 . 2002-08-29 05:00 57,398 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpdadm.exe
2008-01-07 23:49 . 2002-08-29 05:00 45,109 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imjpuex.exe
2008-01-07 21:07 . 2008-01-11 16:12 268 --ah----- C:\sqmdata10.sqm
2008-01-07 21:07 . 2008-01-11 16:12 244 --ah----- C:\sqmnoopt10.sqm
2008-01-07 14:25 . 2008-01-11 13:20 268 --ah----- C:\sqmdata09.sqm
2008-01-07 14:25 . 2008-01-11 13:20 244 --ah----- C:\sqmnoopt09.sqm
2008-01-07 14:09 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 19:18 . 2008-01-11 04:38 268 --ah----- C:\sqmdata08.sqm
2008-01-06 19:18 . 2008-01-11 04:38 244 --ah----- C:\sqmnoopt08.sqm
2008-01-06 18:58 . 2008-01-06 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-06 18:57 . 2008-01-07 00:06 4,212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2008-01-06 18:56 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\SYSTEM32\SpOrder.dll
2008-01-06 18:52 . 2008-01-07 11:30 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2008-01-06 18:51 . 2008-01-07 11:30 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-01-06 17:13 . 2008-01-06 17:13 <DIR> d-------- C:\Program Files\RegVac Registry Cleaner
2008-01-06 15:47 . 2008-01-06 15:47 2,560 --a------ C:\WINDOWS\SYSTEM32\bitcometres.dll
2008-01-06 15:46 . 2008-01-08 19:13 <DIR> d-------- C:\Downloads
2008-01-06 15:45 . 2008-01-06 17:07 <DIR> d-------- C:\Program Files\BitComet
2008-01-06 04:23 . 2008-01-11 03:29 268 --ah----- C:\sqmdata07.sqm
2008-01-06 04:23 . 2008-01-11 03:29 244 --ah----- C:\sqmnoopt07.sqm
2008-01-05 23:42 . 2008-01-17 16:00 268 --ah----- C:\sqmdata06.sqm
2008-01-05 23:42 . 2008-01-17 16:00 244 --ah----- C:\sqmnoopt06.sqm
2008-01-05 21:04 . 2008-01-16 13:19 268 --ah----- C:\sqmdata05.sqm
2008-01-05 21:04 . 2008-01-16 13:19 244 --ah----- C:\sqmnoopt05.sqm
2008-01-05 17:05 . 2008-01-16 12:56 268 --ah----- C:\sqmdata04.sqm
2008-01-05 17:05 . 2008-01-16 12:56 244 --ah----- C:\sqmnoopt04.sqm
2008-01-05 15:25 . 2008-01-13 13:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-05 15:25 . 2008-01-05 15:25 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\SUPERAntiSpyware.com
2008-01-05 15:25 . 2008-01-05 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-05 15:23 . 2008-01-05 15:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-05 11:23 . 2008-01-05 11:23 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-05 10:24 . 2008-01-05 10:39 <DIR> d-------- C:\Documents and Settings\Danny Brown\Application Data\RegClean
2008-01-02 11:45 . 2008-01-16 12:14 268 --ah----- C:\sqmdata03.sqm
2008-01-02 11:45 . 2008-01-16 12:14 244 --ah----- C:\sqmnoopt03.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 05:37 --------- d-----w C:\Documents and Settings\Danny Brown\Application Data\AVG7
2008-01-05 20:45 --------- d-----w C:\Program Files\Ubiquiti Networks
2008-01-05 20:45 --------- d-----w C:\Program Files\Dell Modem-On-Hold
2008-01-05 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-05 08:06 --------- d-----w C:\Program Files\Windows Live
2008-01-05 08:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2003-06-07 00:13 207,759 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot_2008-01-11_14.02.01.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-25 03:30:28 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2007-09-25 03:30:30 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-09-25 04:31:42 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-08-16 15:19 5728112]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2002-12-13 16:05 225280]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-11 12:30 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-11 12:29 561152]
"SAITEKAUTOCONFIGURE"="C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe" [2001-01-19 16:34 45056]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2003-06-06 19:06 26112]
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 05:50 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 07:59 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 03:50 188416]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 07:59 126976]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2002-07-17 10:18 28672]
"DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [2002-11-01 16:47 208560]
"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" [ ]
"CARPService"="carpserv.exe" [2003-01-23 15:06 4608 C:\WINDOWS\SYSTEM32\carpserv.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 10:40 4341760]
"MCCInstall"="D:\Intro\AA\MCCInstall\English\MCCInstall.exe" [ ]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-15 07:58 53248]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-05 01:57 579072]
"AVG7_EMC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [2008-01-05 01:57 406528]
"ALiUSBfix"="C:\WINDOWS\system32\ALiUSB20.exe" [2002-08-30 07:47 84992]
"ACU"="C:\Program Files\Ubiquiti Networks\ACU.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-01-05 01:57 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 7.0 Tray Icon.lnk - C:\Program Files\AOL 7.0\aoltray.exe [2003-06-06 19:06:02]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2003-06-06 19:03:39]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 14:40:46]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R2 DLPortIO;DriverLINX Port I/O Driver;C:\WINDOWS\System32\DRIVERS\DLPortIO.SYS [1999-01-10 12:00]
S1 oxmf;OXPCI Bus enumerator;C:\WINDOWS\system32\DRIVERS\oxmf.sys [2003-11-06 21:39]
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys [2003-11-06 21:39]
S3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-02-04 22:04]
S3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-02-04 22:04]
S3 ADM8511;PA090 USB ETHERNET 10/100 ;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2002-01-16 15:02]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-05-03 10:41]
S3 cyzport;Cyclades-Z Port Driver;C:\WINDOWS\system32\DRIVERS\cyzport.sys [2001-08-17 13:50]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 Oxmfuf;Filter driver for OX16PCI954 ports;C:\WINDOWS\system32\DRIVERS\oxmfuf.sys [2003-11-06 21:39]
S3 SRC;Ubiquiti Wireless SRC/XR2 Network Adapter Service;C:\WINDOWS\system32\DRIVERS\netsr.sys [2007-03-13 08:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 21:00:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-14 08:30:00 C:\WINDOWS\Tasks\RegClean Scheduled Scan.job"
- C:\Program Files\RegClean\RegClean.ex
- C:\Program Files\RegClean
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 22:37:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 22:39:54
ComboFix-quarantined-files.txt 2008-01-18 03:39:23
ComboFix2.txt 2008-01-14 06:31:15
ComboFix3.txt 2008-01-11 19:03:28
ComboFix4.txt 2008-01-07 19:42:54
.
2008-01-10 08:09:24 --- E O F ---

#14
danny0

Posted 17 January 2008 - 09:49 PM

Member

Topic Starter
Member
25 posts

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:02 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MCCInstall] D:\Intro\AA\MCCInstall\English\MCCInstall.exe -Step=9 -Settings
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\system32\ALiUSB20.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Ubiquiti Networks\ACU.exe" -nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZZ
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Super Range Cardbus Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9434 bytes

#15
RiP

Posted 19 January 2008 - 10:51 PM

Malware Expert

Retired Staff
8,430 posts

Hello danny0

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report