Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

win32/trats.a


  • Please log in to reply

#1
ImaPane

ImaPane

    New Member

  • Member
  • Pip
  • 1 posts
can someone please help me. I am having trouble getting rid of win32/trats.a on a computer. My antivirus (zone alarm security) will find and repair or delete but it keeps coming back.
Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:28 AM, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\WinZip E-Mail Companion\loadwzco.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {30D3A944-6345-4E71-AE49-0C73A4617DE3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinZip E-Mail Companion OEAPI] "C:\Program Files\WinZip E-Mail Companion\loadwzco.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1200599628515
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7562 bytes
Uninstall list

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Blasterball 2 Remix from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Crystal Maze from Hewlett-Packard Desktops (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.5.3
HP Image Zone Plus 4.5.3
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HPIZplus450
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 2
KBD
LimeWire 4.16.2
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Works
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 3.5 magicMoments - HPD
Orbital from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
Polar Golfer from Hewlett-Packard Desktops (remove only)
PS2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Road Ready Streetwise from Hewlett-Packard Desktops (remove only)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)
SiS VGA Utilities
Sonic Express Labeler
Sonic RecordNow!
Super Granny from Hewlett-Packard Desktops (remove only)
Tradewinds from Hewlett-Packard Desktops (remove only)
U.S. Robotics Modem Identification Wizard
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Updates from HP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 11.1
WinZip E-Mail Companion
ZoneAlarm Security Suite

Combo fix log


ComboFix 08-01-21.4 - HP_Owner 2008-01-23 10:07:08.2 - NTFSx86
Running from: C:\Documents and Settings\HP_Owner.AMANDA\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 07:45 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-01-23 07:45 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-01-23 07:45 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-01-23 07:45 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-01-23 07:45 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-01-23 07:45 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-01-23 07:45 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-01-23 07:45 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-01-23 01:40 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-01-23 01:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-23 01:40 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-23 01:40 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-01-22 07:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-21 14:49 . 2008-01-21 14:49 <DIR> d--h----- C:\system.sav
2008-01-21 14:49 . 2008-01-21 14:49 <DIR> d-------- C:\sysprep
2008-01-21 14:38 . 2008-01-21 14:38 <DIR> d-------- C:\Program Files\U.S. Robotics
2008-01-19 19:07 . 2008-01-21 14:50 <DIR> d-------- C:\Program Files\Hidden Secrets - The Nightmare
2008-01-19 19:00 . 2008-01-21 14:50 <DIR> d-------- C:\Program Files\bfgclient
2008-01-18 15:14 . 2005-04-12 11:31 49,152 --a------ C:\WINDOWS\system32\SiSPower.dll
2008-01-17 21:58 . 2008-01-23 02:31 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-01-17 21:40 . 2008-01-17 21:40 1,353,016 --a------ C:\WINDOWS\system32\vete.dll
2008-01-17 21:30 . 2008-01-17 21:30 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-17 21:29 . 2008-01-17 21:29 659,456 --a------ C:\WINDOWS\system32\hphmon06 .exe
2008-01-17 21:29 . 2008-01-17 21:29 90,112 --a------ C:\WINDOWS\system32\ps2 .exe
2008-01-17 21:22 . 2008-01-17 21:54 7,211 --ahs---- C:\WINDOWS\system32\nmllm.ini2
2008-01-17 21:22 . 2008-01-17 21:55 7,211 --ahs---- C:\WINDOWS\system32\nmllm.ini
2008-01-17 21:21 . 2008-01-17 21:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-17 21:04 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-17 21:04 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-17 21:04 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-17 20:59 . 2008-01-17 21:43 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-01-17 20:10 . 2008-01-23 01:29 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-17 20:09 . 2008-01-17 21:43 <DIR> d-------- C:\Program Files\WinZip E-Mail Companion
2008-01-17 15:14 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-17 14:54 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-17 14:54 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-17 14:54 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-17 14:54 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-17 14:54 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-17 14:42 . 2004-08-04 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-17 14:42 . 2008-01-17 14:42 1,849 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PW756AA-ABA A1022N_YC_0Pavi_QMXK510_E52NAheBLU1_47_ISalmon_SASUSTek Computer INC._V1.04_B3.09_T050222_WXH2_L409_M384_J200_7AMD_8Athlon 64_92.41_#050422_N10390900_Z_G10396330.MRK
2008-01-17 14:38 . 2008-01-17 14:38 <DIR> d-------- C:\WINDOWS\system32\trayres
2008-01-17 14:38 . 2004-09-24 02:47 331,776 --a------ C:\WINDOWS\system32\sistray.exe
2008-01-17 14:38 . 2004-09-24 04:44 184,320 --------- C:\WINDOWS\system32\SiSApCom.dll
2008-01-17 14:38 . 2004-09-24 04:49 110,592 --------- C:\WINDOWS\system32\TVMode.dll
2008-01-17 14:38 . 2008-01-17 14:39 95,285 --a------ C:\WINDOWS\system32\VGAunistlog.ini
2008-01-17 14:21 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-17 14:21 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-17 14:21 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-17 14:21 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-17 14:21 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-17 14:21 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-17 14:21 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-17 14:21 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-17 14:21 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-17 13:45 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-17 13:05 . 2008-01-23 01:40 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-01-17 12:59 . 2007-02-28 04:10 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-17 12:59 . 2007-02-28 04:08 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-17 12:59 . 2007-02-28 03:38 2,057,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-17 12:59 . 2007-02-28 03:38 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-17 12:57 . 2006-05-05 04:41 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-01-17 12:57 . 2006-06-01 13:47 163,840 --------- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-01-17 12:57 . 2006-03-16 19:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-01-17 12:57 . 2006-06-01 13:47 27,648 --------- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-01-16 22:12 . 2005-04-12 11:29 7,168 --a------ C:\WINDOWS\InstFunc.dll
2008-01-16 21:29 . 2008-01-17 15:13 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-16 20:06 . 2008-01-16 20:08 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-16 15:18 . 2008-01-17 23:13 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-01-14 00:03 . 2008-01-14 00:27 <DIR> d-------- C:\Program Files\Oberon Media
2008-01-10 22:50 . 2008-01-10 22:50 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-25 22:39 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2007-12-25 22:37 . 2007-12-25 22:37 <DIR> d-------- C:\Program Files\ArcSoft
2007-12-25 21:50 . 2008-01-21 14:50 <DIR> d-------- C:\Program Files\MyDSC2
2007-12-25 20:44 . 2007-12-25 20:44 <DIR> d-------- C:\Program Files\Common Files\aolshare
2007-12-25 20:44 . 2007-12-25 20:45 <DIR> d-------- C:\Program Files\AOL 9.0
2007-12-23 16:49 . 2007-12-23 16:49 <DIR> d-------- C:\Program Files\BroadJump
2007-12-23 16:47 . 2007-12-23 16:48 <DIR> d-------- C:\Program Files\Common Files\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
<pre>
----a-w		   253,952 2008-01-18 02:29:50  C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w			61,440 2008-01-18 02:29:32  C:\hp\KBD\KBD .EXE
----a-w		   368,706 2008-01-17 00:55:17  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w			36,040 2008-01-18 02:30:03  C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
----a-w			28,738 2007-12-21 13:53:52  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind .exe
----a-w		   180,269 2008-01-18 02:29:35  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w			58,488 2008-01-17 15:36:49  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   218,240 2008-01-17 00:55:13  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
----a-w		   143,360 2007-12-21 13:53:16  C:\Program Files\Gearbox Connection Kit\bin\confsvr .exe
----a-w			68,856 2007-12-21 13:57:48  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		   171,448 2008-01-18 02:49:14  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
----a-w		   162,744 2008-01-17 15:37:15  C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier .exe
----a-w			57,344 2008-01-16 20:02:17  C:\Program Files\HP\Digital Imaging\bin\AUTOTBAR .EXE
----a-w			49,152 2007-12-21 13:53:32  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w			49,152 2008-01-18 02:29:30  C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06 .exe
----a-w		   208,946 2007-12-21 13:56:10  C:\Program Files\IncrediMail\bin\IncMail .exe
----a-w		   278,528 2008-01-18 02:29:36  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			83,608 2007-12-21 13:52:51  C:\Program Files\Java\jre1.6.0_01\bin\jusched .exe
----a-w		   132,496 2008-01-18 02:29:27  C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
----a-w		   132,496 2008-01-17 15:36:22  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		 1,694,208 2007-12-31 20:19:04  C:\Program Files\Messenger\msmsgs .exe
----a-w		   190,024 2008-01-18 02:41:25  C:\Program Files\MessengerPlus! 3\MsgPlus .exe
----a-w			24,576 2007-12-21 13:53:45  C:\Program Files\Microsoft Works\wkfud .exe
----a-w		   729,088 2007-12-21 13:53:49  C:\Program Files\Microsoft Works\WksSb .exe
----a-w		   645,120 2007-12-21 15:22:25  C:\Program Files\QuickTime\qttask   .exe
----a-w		   645,120 2007-12-21 13:51:27  C:\Program Files\QuickTime\qttask  .exe
----a-w		   645,120 2007-12-21 06:29:51  C:\Program Files\QuickTime\qttask .exe
----a-w			36,640 2007-12-21 13:54:14  C:\Program Files\SiteAdvisor\6172\SiteAdv .exe
----a-w		   184,784 2008-01-05 21:10:48  C:\Program Files\WildTangent\Apps\GameChannel .exe
----a-w		 5,724,184 2007-12-21 13:58:14  C:\Program Files\Windows Live\Messenger\msnmsgr  .exe
----a-w		 5,724,184 2007-12-21 15:22:16  C:\Program Files\Windows Live\Messenger\msnmsgr .exe
----a-w			75,136 2008-01-18 02:29:53  C:\Program Files\WinZip E-Mail Companion\loadwzco .exe
----a-w		 4,670,704 2007-12-21 00:00:06  C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w		   919,016 2007-12-21 15:15:25  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w		   663,552 2008-01-18 02:29:54  C:\WINDOWS\CREATOR\Remind_XP .exe
----a-w		   233,472 2008-01-18 02:29:37  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2008-01-18 02:29:28  C:\WINDOWS\system\hpsysdrv .exe
----a-w			15,360 2008-01-18 02:30:02  C:\WINDOWS\system32\ctfmon .exe
----a-w		   659,456 2008-01-18 02:29:32  C:\WINDOWS\system32\hphmon06 .exe
----a-w			90,112 2008-01-18 02:29:39  C:\WINDOWS\system32\ps2 .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30D3A944-6345-4E71-AE49-0C73A4617DE3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-17 21:42 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-01-17 21:43 190024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-17 21:42 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [2008-01-17 21:42 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 12:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2008-01-17 21:42 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2008-01-17 21:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2008-01-17 21:42 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-17 21:43 180269]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-17 21:43 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2008-01-17 21:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2008-01-17 21:43 90112]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2008-01-17 21:43 253952]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2008-01-17 21:43 663552]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 15:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-07-20 02:46 980752]
"WinZip E-Mail Companion OEAPI"="C:\Program Files\WinZip E-Mail Companion\loadwzco.exe" [2008-01-17 21:43 75136]
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [2003-10-01 00:30 57344]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-05 05:28:24 258048]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-02-26 13:09:19 45056]


.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 14:31:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-22 02:12:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.20.2.sxt [email protected]
"2008-01-23 06:27:40 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-01-10 08:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 10:14:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll
.
Completion time: 2008-01-23 10:16:50
ComboFix-quarantined-files.txt 2008-01-23 15:16:45
ComboFix2.txt 2008-01-22 14:26:55
.
2008-01-18 20:14:15 --- E O F ---

thakn you
Lisa

Edited by ImaPane, 26 January 2008 - 05:59 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP