Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virtumonde won't go away, iexplore.exe acting up [RESOLVED]

Started by Cozined Indigo , Apr 14 2008 05:37 PM

  • This topic is locked This topic is locked

#1
Cozined Indigo
Posted 14 April 2008 - 05:37 PM

Cozined Indigo

    New Member

  • Member
  • Pip
  • 4 posts
I am a Firefox user; I rarely if ever use IE.
Whenever I'm having trouble or my computer is running slowly, I open up the "processes" tab of my task manager. Usually, I'm familiar with the names of most if not all of the processes running, I know around how high their mem usages should be, etc.

Recently, however, iexplore.exe keeps appearing and taking around 40,000K of my virtual memory. There is never an IE window open, just the task manager claiming that the process is running. Sometimes, strange sound files play from my speakers - a conversation between two guys about March Madness, sometimes a song, sometimes a thunder-and-lightning -like sound. I've found that whenever this is happening, if I open my task manager and kill the iexplore.exe process, the sound stops. Soon, though, iexplore opens itself right back up again. There are also various processes that are keysmashed letters which I don't recognize as of late.

A scan with all the various anti-spyware programs says that I've got a couple of different tracking cookies, a password guesser (?), and virtumonde. I attempted to get rid of virtumonde with the VundoFix program, but after rebooting it still remained. I cannot run a Panda scan because IE refuses to stay open as a window for very long and the scan does not work in Firefox, but other than that I've run all the other prequisite programs/scans and I'm still getting these processes and the iexplore.exe weirdness, and the virtumonde bug keeps showing up.

Any help you could give would be so, so appreciated.

:) Thanks!
-Jenna


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:07 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Documents and Settings\Jenna\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080118
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3080118
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {727A5AAE-CD1A-454D-AA9B-7197F7038857} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7A565482-EBB4-4B2A-B626-5A933335B9EE} - C:\WINDOWS\system32\ssqQhijj.dll (file missing)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [OmmqJ3Gsnx] C:\Documents and Settings\All Users\Application Data\klqvodap\kdelkxsd.exe
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-1101981337-3384166658-3402748760-1006\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - S-1-5-21-1101981337-3384166658-3402748760-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-1101981337-3384166658-3402748760-1006 Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jenna\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ActiveGS.cab - http://www.virtualap...rg/activegs.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O20 - AppInit_DLLs: secuload.dll,c:\progra~1\google\google~2\goec62~1.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: wvUllJBr - C:\WINDOWS\
O21 - SSODL: PrxDrv - {7530e3e8-934a-4c66-bf5a-daf5a2fffb39} - C:\WINDOWS\Installer\{7530e3e8-934a-4c66-bf5a-daf5a2fffb39}\PrxDrv.dll
O21 - SSODL: zip - {6ee7b969-4b76-4a06-bcbd-348fa3b24f36} - C:\WINDOWS\Installer\{6ee7b969-4b76-4a06-bcbd-348fa3b24f36}\zip.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 13157 bytes
  • 0

Advertisements

#2
greyknight17
Posted 14 April 2008 - 07:20 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Jenna and welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {727A5AAE-CD1A-454D-AA9B-7197F7038857} - (no file)
O2 - BHO: (no name) - {7A565482-EBB4-4B2A-B626-5A933335B9EE} - C:\WINDOWS\system32\ssqQhijj.dll (file missing)
O2 - BHO: (no name) - {8E1BFC0E-8AD2-424D-AC8A-06038481516E} - (no file)
O4 - HKLM\..\Policies\Explorer\Run: [OmmqJ3Gsnx] C:\Documents and Settings\All Users\Application Data\klqvodap\kdelkxsd.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jenna\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O20 - Winlogon Notify: wvUllJBr - C:\WINDOWS\
O21 - SSODL: PrxDrv - {7530e3e8-934a-4c66-bf5a-daf5a2fffb39} - C:\WINDOWS\Installer\{7530e3e8-934a-4c66-bf5a-daf5a2fffb39}\PrxDrv.dll
O21 - SSODL: zip - {6ee7b969-4b76-4a06-bcbd-348fa3b24f36} - C:\WINDOWS\Installer\{6ee7b969-4b76-4a06-bcbd-348fa3b24f36}\zip.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\Documents and Settings\All Users\Application Data\klqvodap\
C:\Documents and Settings\Jenna\Start Menu\Programs\IMVU\
C:\WINDOWS\Installer\{7530e3e8-934a-4c66-bf5a-daf5a2fffb39}\
C:\WINDOWS\Installer\{6ee7b969-4b76-4a06-bcbd-348fa3b24f36}\

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Cozined Indigo
Posted 15 April 2008 - 01:03 PM

Cozined Indigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you so much for your help!
Had to reboot entirely in order to get the /Installer/ folders to delete, and ComboFix took a long while to go through, but it's all finished now. :) Here's the ComboFix log:

ComboFix 08-04-13.3 - Jenna 2008-04-14 23:40:15.1 - NTFSx86

Running from: C:\Documents and Settings\Jenna\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jenna\Desktopblackbird.jpg
C:\Documents and Settings\Jenna\DesktopEditorFKWP1.5.exe
C:\Documents and Settings\Jenna\DesktopEditorFKWP2.0.exe
C:\Documents and Settings\Jenna\Desktopfilemanagerclient.exe
C:\Documents and Settings\Jenna\Desktopfkwp1.5.exe
C:\Documents and Settings\Jenna\Desktopfkwp2.0.exe
C:\Documents and Settings\Jenna\Desktopfwebd.exe
C:\Documents and Settings\Jenna\DesktopFWebdEditor.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\Installer\{6ee7b969-4b76-4a06-bcbd-348fa3b24f36}
C:\WINDOWS\Installer\{6ee7b969-4b76-4a06-bcbd-348fa3b24f36}\zip.dll
C:\WINDOWS\Installer\{7530e3e8-934a-4c66-bf5a-daf5a2fffb39}
C:\WINDOWS\Installer\{7530e3e8-934a-4c66-bf5a-daf5a2fffb39}\PrxDrv.dll
C:\WINDOWS\system32\jjihQqss.ini
C:\WINDOWS\system32\jjihQqss.ini2
C:\WINDOWS\system32\kxucwyke.ini
C:\WINDOWS\system32\ovotkisc.ini
C:\WINDOWS\system32\x64
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-14 15:56 . 2008-04-14 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 15:55 . 2008-04-14 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-14 15:55 . 2008-04-14 15:55 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\SUPERAntiSpyware.com
2008-04-14 15:39 . 2008-04-14 15:39 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Malwarebytes
2008-04-14 15:38 . 2008-04-14 15:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 15:38 . 2008-04-14 15:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-14 15:38 . 2008-04-14 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 15:34 . 2008-04-14 15:34 3,648 --a------ C:\WINDOWS\system32\rtjloyln.dll
2008-04-14 15:22 . 2008-04-14 15:22 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-04-14 15:19 . 2008-04-14 15:26 <DIR> d-------- C:\VundoFix Backups
2008-04-14 14:46 . 2008-04-14 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-04-14 01:32 . 2008-04-14 01:32 3,648 --a------ C:\WINDOWS\system32\cujqgrlg.dll
2008-04-13 01:40 . 2007-04-29 23:24 61,440 --a------ C:\WINDOWS\system32\digitbox.ocx
2008-04-13 01:32 . 2008-04-13 01:32 3,648 --a------ C:\WINDOWS\system32\jduewupp.dll
2008-04-12 23:02 . 2008-04-12 23:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 23:02 . 2008-04-12 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-12 23:01 . 2008-04-14 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 20:59 . 2008-04-12 20:59 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Tenebril
2008-04-12 20:51 . 2008-04-12 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-04-12 18:59 . 2008-04-12 18:59 <DIR> d-------- C:\Program Files\vixy.net
2008-04-12 01:32 . 2008-04-12 01:32 3,648 --a------ C:\WINDOWS\system32\rraoexxo.dll
2008-04-11 21:03 . 2008-04-11 21:03 0 --a------ C:\WINDOWS\iplayer.INI
2008-04-11 20:58 . 2008-04-11 21:00 <DIR> d-------- C:\Program Files\InterActual
2008-04-11 06:56 . 2008-04-11 06:56 <DIR> d-------- C:\Program Files\Smallvideosoft
2008-04-11 06:56 . 2008-04-11 06:56 <DIR> d-------- C:\Mp3 Output
2008-04-11 06:56 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-04-11 06:56 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-04-11 02:28 . 2008-04-14 15:24 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-04-11 02:27 . 2008-04-11 02:27 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2008-04-11 02:27 . 2008-04-11 02:27 <DIR> d-------- C:\Program Files\SpyCatcher
2008-04-11 02:27 . 2007-05-07 11:39 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2008-04-11 02:27 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2008-04-11 02:27 . 2007-05-07 11:39 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2008-04-11 02:27 . 2007-05-07 11:42 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2008-04-11 02:13 . 2008-04-11 02:13 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Uniblue
2008-04-11 01:32 . 2008-04-11 01:32 3,648 --a------ C:\WINDOWS\system32\ovuiuxxv.dll
2008-04-10 01:29 . 2008-04-10 01:29 3,648 --a------ C:\WINDOWS\system32\jbcpmthu.dll
2008-04-09 01:28 . 2008-04-09 01:28 3,648 --a------ C:\WINDOWS\system32\crygxyjd.dll
2008-04-07 15:35 . 2008-04-09 01:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 15:35 . 2008-04-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 01:54 . 2008-04-07 01:54 <DIR> d-------- C:\Deckard
2008-04-07 00:26 . 2008-04-14 15:25 <DIR> d-------- C:\Program Files\Opera
2008-04-06 19:20 . 2008-04-06 19:20 <DIR> d-------- C:\ie-spyad_zo
2008-04-06 19:09 . 2008-04-06 19:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-06 19:09 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-06 18:52 . 2008-04-06 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 15:59 . 2008-04-14 19:12 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-04-06 15:40 . 2008-04-06 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-06 15:36 . 2008-04-06 15:52 92,544 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2008-04-06 15:30 . 2007-06-06 05:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-04-06 15:30 . 2008-04-06 15:30 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-04-06 15:29 . 2008-04-06 15:29 216,072 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-04-06 15:29 . 2008-04-06 15:29 1,092 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-04-06 15:28 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2008-04-06 15:28 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2008-04-06 15:28 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2008-04-06 15:28 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2008-04-06 15:27 . 2008-04-06 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-04-06 15:27 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2008-04-06 15:27 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2008-04-06 15:27 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-04-06 15:27 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2008-04-06 15:16 . 2008-04-06 15:16 <DIR> d-------- C:\Program Files\Audacity
2008-04-06 13:56 . 2008-02-15 23:39 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 13:56 . 2008-02-15 23:39 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-06 13:56 . 2008-02-15 23:39 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-06 13:52 . 2008-04-06 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-06 13:51 . 2008-04-06 13:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 13:38 . 2008-04-06 13:39 <DIR> d-------- C:\Documents and Settings\Jenna\.housecall6.6
2008-04-06 13:33 . 2008-04-06 13:33 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-04-06 13:33 . 2007-07-12 08:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-04-06 13:33 . 2007-05-23 10:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-04-06 13:20 . 2008-04-06 16:30 <DIR> d-------- C:\Program Files\Panda Security
2008-04-05 16:46 . 2008-04-07 17:36 <DIR> d-------- C:\Program Files\Onyx
2008-03-28 20:50 . 2008-03-28 20:50 <DIR> d-------- C:\Program Files\TotalAudioConverter
2008-03-28 20:50 . 2008-03-28 20:50 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Softplicity
2008-03-17 15:52 . 2008-03-25 19:56 <DIR> d-------- C:\Program Files\Snood 4
2008-03-17 15:47 . 2008-03-17 15:47 <DIR> d-------- C:\Program Files\WOMGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-14 23:11 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 03:49 --------- d-----w C:\Documents and Settings\Jenna\Application Data\LimeWire
2008-04-07 05:54 --------- d-----w C:\Program Files\Dell
2008-04-07 05:53 --------- d-----w C:\Program Files\FrostWire
2008-04-06 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-06 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 17:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 00:40 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-27 23:53 --------- d-----w C:\Program Files\DVDVideoSoft
2008-03-24 08:31 --------- d-----w C:\Documents and Settings\Jenna\Application Data\mIRC
2008-03-24 08:28 --------- d-----w C:\Program Files\mIRC
2008-03-20 18:24 2,788 ----a-w C:\Documents and Settings\Jenna\Application Data\wklnhst.dat
2008-03-09 23:49 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-08 22:20 --------- d-----w C:\Program Files\HydraIRC
2008-03-08 21:07 --------- d-----w C:\Documents and Settings\Jenna\Application Data\yoclient
2008-03-08 03:46 --------- d-----w C:\Program Files\Three Rings Design
2008-03-03 06:09 --------- d-----w C:\Program Files\Freesky Video Joiner
2008-02-28 12:01 --------- d-----w C:\Program Files\LimeWire
2008-02-28 06:41 --------- d-----w C:\Program Files\Shareaza Applications
2008-02-28 06:41 --------- d-----w C:\Documents and Settings\Jenna\Application Data\Shareaza
2008-02-23 20:04 --------- d-----w C:\Program Files\MagicDVDRipper
2008-02-22 03:27 --------- d-----w C:\Documents and Settings\Jenna\Application Data\Template
2008-02-21 05:06 --------- d-----w C:\Documents and Settings\Jenna\Application Data\FrostWire
2008-02-20 22:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-20 22:38 --------- d-----w C:\Program Files\MSBuild
2008-02-20 21:42 --------- d-----w C:\Program Files\BitLord
2008-02-17 02:28 --------- d-----w C:\Documents and Settings\Jenna\Application Data\Nexon
2008-02-17 02:27 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-16 22:44 --------- d-----w C:\Documents and Settings\Jenna\Application Data\CyberLink
2008-02-16 03:39 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 03:39 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-02-16 03:39 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-02-16 03:39 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-02-16 03:39 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-02-15 21:07 --------- d-----w C:\Documents and Settings\Jenna\Application Data\IMVU
2008-01-08 03:51 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{727A5AAE-CD1A-454D-AA9B-7197F7038857}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1BFC0E-8AD2-424D-AC8A-06038481516E}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 17:48 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 20:56 202544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 16:20 851968]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-06 17:30 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-06 17:30 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-06 17:30 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-05-09 16:59 1392640]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 16:23 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 17:28 405504 C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-18 15:26 1862144]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 09:03 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 05:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 20:57 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 17:39 189736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-10-16 12:05 103864]

C:\Documents and Settings\Jenna\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe [2008-04-11 02:27:43 86133]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-01-18 15:27:56 7168]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-18 15:18:48 50688]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2008-04-11 02:27:43 91576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUllJBr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll,c:\progra~1\google\google~2\goec62~1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 20:29]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 20:56]
R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-04-15 00:04]
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 14:31]
S3 DellAMBrokerService;DellAMBrokerService;"C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe" [2007-10-11 11:49]
S3 PTproct;PTproct;C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 18:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 18:18:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 00:01:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.40.exe
C:\de6485058fa9c2637b6e84246a886b\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-15 0:06:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 04:06:41

Pre-Run: 121,884,643,328 bytes free
Post-Run: 121,703,247,872 bytes free
.
2008-04-13 05:28:54 --- E O F ---
  • 0

#4
greyknight17
Posted 15 April 2008 - 08:49 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\rtjloyln.dll
C:\WINDOWS\system32\cujqgrlg.dll
C:\WINDOWS\system32\digitbox.ocx
C:\WINDOWS\system32\jduewupp.dll
C:\WINDOWS\system32\rraoexxo.dll
C:\WINDOWS\system32\ovuiuxxv.dll
C:\WINDOWS\system32\jbcpmthu.dll
C:\WINDOWS\system32\crygxyjd.dll

Folder::
C:\Documents and Settings\All Users\Application Data\SecTaskMan

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{727A5AAE-CD1A-454D-AA9B-7197F7038857}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E1BFC0E-8AD2-424D-AC8A-06038481516E}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUllJBr]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#5
Cozined Indigo
Posted 15 April 2008 - 08:57 PM

Cozined Indigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Here's the next log:



ComboFix 08-04-13.3 - Jenna 2008-04-15 22:54:09.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1095 [GMT -4:00]
Running from: C:\Documents and Settings\Jenna\Desktop\spyware\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jenna\Desktop\spyware\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\crygxyjd.dll
C:\WINDOWS\system32\cujqgrlg.dll
C:\WINDOWS\system32\digitbox.ocx
C:\WINDOWS\system32\jbcpmthu.dll
C:\WINDOWS\system32\jduewupp.dll
C:\WINDOWS\system32\ovuiuxxv.dll
C:\WINDOWS\system32\rraoexxo.dll
C:\WINDOWS\system32\rtjloyln.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\SecTaskMan
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109010090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109020090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109110000000000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109110000000000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109440090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109510090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109511090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109610090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109711090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109810090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109910090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109A10090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109B10090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109C20090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109E60090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109F10090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109F100A0C00000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002109F100C0400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002119910000000000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002119910000000000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002159FA0090400000000000F01FEC
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_00002159FA0090400000000000F01FEC.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_01E4D47B330100000000000000000010.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0B79C053C7D38EE4AB9A00CB3B5D2472.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_0E23E40C6140D434FA9B96967D309AFE.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2C478CE6059FE7B45A7B1B60D6B647AA
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_2C478CE6059FE7B45A7B1B60D6B647AA.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_34CE1E53CF4DA4E4AA3B02DD2AE7B80B
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_34CE1E53CF4DA4E4AA3B02DD2AE7B80B.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_393793D005B925c4485D773E4482F978
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_393793D005B925c4485D773E4482F978.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3950C99C84B39D144BF2E630B5234094
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_3950C99C84B39D144BF2E630B5234094.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4301AEBD288588A40833184CFEC0AF92
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4301AEBD288588A40833184CFEC0AF92.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_470FEDB9E020D854DA5CF86FE8C0B965
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_470FEDB9E020D854DA5CF86FE8C0B965.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4C7BB6329144DF244090E152A7523ED4
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_4C7BB6329144DF244090E152A7523ED4.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_55EEFB3E2E930EB49B6698EF8583221C
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_55EEFB3E2E930EB49B6698EF8583221C.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_56A968A049C8C7F45A7C79D2C3C8DEE9.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A0100000030
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_68AB67CA7DA73301B7448A0100000030.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6DB1FB74CACDF8640ADA5EEDCC22113C.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6E42C4F24DBCCAA45BF69CDF44ED6586
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_6E42C4F24DBCCAA45BF69CDF44ED6586.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7475C687330100005BE8000000000010
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7475C687330100005BE8000000000010.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7CFCFF386C886c14782559A85423C528
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_7CFCFF386C886c14782559A85423C528.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_804C25D6A90B0254B98174B5183D391F
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_804C25D6A90B0254B98174B5183D391F.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8473A36FD39B0634A94D0B4684A1C5B7
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8473A36FD39B0634A94D0B4684A1C5B7.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8767879E33010000E876000000000010
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8767879E33010000E876000000000010.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510006
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D510006.dll
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003
C:\Documents and Settings\All Users\Application Data\SecTaskMan\icn_8A0F842331866D117AB7000B0D610003.dll
C:\WINDOWS\system32\crygxyjd.dll
C:\WINDOWS\system32\cujqgrlg.dll
C:\WINDOWS\system32\digitbox.ocx
C:\WINDOWS\system32\jbcpmthu.dll
C:\WINDOWS\system32\jduewupp.dll
C:\WINDOWS\system32\ovuiuxxv.dll
C:\WINDOWS\system32\rraoexxo.dll
C:\WINDOWS\system32\rtjloyln.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
.

2008-04-15 22:47 . 2008-04-15 22:47 <DIR> d-------- C:\Program Files\DialIdol.com
2008-04-14 15:56 . 2008-04-14 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 15:55 . 2008-04-14 19:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-14 15:55 . 2008-04-14 15:55 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\SUPERAntiSpyware.com
2008-04-14 15:39 . 2008-04-14 15:39 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Malwarebytes
2008-04-14 15:38 . 2008-04-14 15:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 15:38 . 2008-04-14 15:38 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-14 15:38 . 2008-04-14 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 15:22 . 2008-04-14 15:22 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-04-14 15:19 . 2008-04-14 15:26 <DIR> d-------- C:\VundoFix Backups
2008-04-12 23:02 . 2008-04-12 23:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-12 23:02 . 2008-04-12 23:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-12 23:01 . 2008-04-14 15:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 20:59 . 2008-04-12 20:59 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Tenebril
2008-04-12 20:51 . 2008-04-12 20:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2008-04-12 18:59 . 2008-04-12 18:59 <DIR> d-------- C:\Program Files\vixy.net
2008-04-11 21:03 . 2008-04-11 21:03 0 --a------ C:\WINDOWS\iplayer.INI
2008-04-11 20:58 . 2008-04-11 21:00 <DIR> d-------- C:\Program Files\InterActual
2008-04-11 06:56 . 2008-04-11 06:56 <DIR> d-------- C:\Program Files\Smallvideosoft
2008-04-11 06:56 . 2008-04-11 06:56 <DIR> d-------- C:\Mp3 Output
2008-04-11 06:56 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-04-11 06:56 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-04-11 02:28 . 2008-04-14 15:24 <DIR> d-------- C:\Program Files\a-squared HiJackFree
2008-04-11 02:27 . 2008-04-11 02:27 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2008-04-11 02:27 . 2008-04-11 02:27 <DIR> d-------- C:\Program Files\SpyCatcher
2008-04-11 02:27 . 2007-05-07 11:39 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2008-04-11 02:27 . 2005-10-12 23:10 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2008-04-11 02:27 . 2007-05-07 11:39 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2008-04-11 02:27 . 2007-05-07 11:42 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2008-04-11 02:13 . 2008-04-11 02:13 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Uniblue
2008-04-07 15:35 . 2008-04-09 01:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 15:35 . 2008-04-07 18:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-07 01:54 . 2008-04-07 01:54 <DIR> d-------- C:\Deckard
2008-04-07 00:26 . 2008-04-14 15:25 <DIR> d-------- C:\Program Files\Opera
2008-04-06 19:20 . 2008-04-06 19:20 <DIR> d-------- C:\ie-spyad_zo
2008-04-06 19:09 . 2008-04-06 19:09 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-06 19:09 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-06 18:52 . 2008-04-06 18:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 15:59 . 2008-04-15 00:04 13,880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2008-04-06 15:40 . 2008-04-06 15:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-04-06 15:36 . 2008-04-06 15:52 92,544 --a------ C:\WINDOWS\system32\drivers\av5flt.sys
2008-04-06 15:30 . 2007-06-06 05:43 83,640 --a------ C:\WINDOWS\system32\drivers\pavdrv51.sys
2008-04-06 15:30 . 2008-04-06 15:30 261 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-04-06 15:29 . 2008-04-06 15:29 216,072 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-04-06 15:29 . 2008-04-06 15:29 1,092 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-04-06 15:28 . 2007-07-11 11:39 191,672 --a------ C:\WINDOWS\system32\drivers\idsflt.sys
2008-04-06 15:28 . 2007-05-11 09:33 51,256 --a------ C:\WINDOWS\system32\drivers\dsaflt.sys
2008-04-06 15:28 . 2007-05-11 09:33 37,304 --a------ C:\WINDOWS\system32\drivers\smsflt.sys
2008-04-06 15:28 . 2007-05-11 09:33 30,648 --a------ C:\WINDOWS\system32\drivers\wnmflt.sys
2008-04-06 15:27 . 2008-04-06 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-04-06 15:27 . 2007-05-11 09:33 132,920 --a------ C:\WINDOWS\system32\drivers\NETFLTDI.SYS
2008-04-06 15:27 . 2007-05-11 09:33 71,736 --a------ C:\WINDOWS\system32\drivers\APPFLT.SYS
2008-04-06 15:27 . 2007-03-15 19:38 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2008-04-06 15:27 . 2007-05-11 09:33 22,072 --a------ C:\WINDOWS\system32\drivers\fnetmon.sys
2008-04-06 15:16 . 2008-04-06 15:16 <DIR> d-------- C:\Program Files\Audacity
2008-04-06 13:56 . 2008-02-15 23:39 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-06 13:56 . 2008-02-15 23:39 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-06 13:56 . 2008-02-15 23:39 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-06 13:52 . 2008-04-06 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-06 13:51 . 2008-04-06 13:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-06 13:38 . 2008-04-06 13:39 <DIR> d-------- C:\Documents and Settings\Jenna\.housecall6.6
2008-04-06 13:33 . 2008-04-06 13:33 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-04-06 13:33 . 2007-07-12 08:49 178,872 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2008-04-06 13:33 . 2007-05-23 10:40 38,968 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2008-04-06 13:20 . 2008-04-06 16:30 <DIR> d-------- C:\Program Files\Panda Security
2008-04-05 16:46 . 2008-04-07 17:36 <DIR> d-------- C:\Program Files\Onyx
2008-03-28 20:50 . 2008-03-28 20:50 <DIR> d-------- C:\Program Files\TotalAudioConverter
2008-03-28 20:50 . 2008-03-28 20:50 <DIR> d-------- C:\Documents and Settings\Jenna\Application Data\Softplicity
2008-03-17 15:52 . 2008-03-25 19:56 <DIR> d-------- C:\Program Files\Snood 4
2008-03-17 15:47 . 2008-03-17 15:47 <DIR> d-------- C:\Program Files\WOMGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 21:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-15 04:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-14 03:49 --------- d-----w C:\Documents and Settings\Jenna\Application Data\LimeWire
2008-04-07 05:54 --------- d-----w C:\Program Files\Dell
2008-04-07 05:53 --------- d-----w C:\Program Files\FrostWire
2008-04-06 20:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-06 19:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 17:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 00:40 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-27 23:53 --------- d-----w C:\Program Files\DVDVideoSoft
2008-03-24 08:31 --------- d-----w C:\Documents and Settings\Jenna\Application Data\mIRC
2008-03-24 08:28 --------- d-----w C:\Program Files\mIRC
2008-03-20 18:24 2,788 ----a-w C:\Documents and Settings\Jenna\Application Data\wklnhst.dat
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-09 23:49 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-08 22:20 --------- d-----w C:\Program Files\HydraIRC
2008-03-08 21:07 --------- d-----w C:\Documents and Settings\Jenna\Application Data\yoclient
2008-03-08 03:46 --------- d-----w C:\Program Files\Three Rings Design
2008-03-03 06:09 --------- d-----w C:\Program Files\Freesky Video Joiner
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-28 12:01 --------- d-----w C:\Program Files\LimeWire
2008-02-28 06:41 --------- d-----w C:\Program Files\Shareaza Applications
2008-02-28 06:41 --------- d-----w C:\Documents and Settings\Jenna\Application Data\Shareaza
2008-02-23 20:04 --------- d-----w C:\Program Files\MagicDVDRipper
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-22 03:27 --------- d-----w C:\Documents and Settings\Jenna\Application Data\Template
2008-02-21 05:06 --------- d-----w C:\Documents and Settings\Jenna\Application Data\FrostWire
2008-02-20 22:38 --------- d-----w C:\Program Files\MSBuild
2008-02-20 21:42 --------- d-----w C:\Program Files\BitLord
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-17 02:28 --------- d-----w C:\Documents and Settings\Jenna\Application Data\Nexon
2008-02-17 02:27 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-02-16 22:44 --------- d-----w C:\Documents and Settings\Jenna\Application Data\CyberLink
2008-02-16 03:39 65,936 ----a-w C:\WINDOWS\system32\drivers\tmtdi.sys
2008-02-16 03:39 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-02-16 03:39 333,328 ----a-w C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-02-16 03:39 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-02-16 03:39 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-08 03:51 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.

((((((((((((((((((((((((((((( snapshot@2008-04-15_ 0.06.27.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-16 02:47:39 60,558 ----a-r C:\WINDOWS\Installer\{0DF801A5-0667-4F86-9610-B9A1BF8FF7DC}\controlPanelIcon.exe
+ 2008-04-06 02:56:22 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-04-14 19:58:31 54,682 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-15 04:04:38 54,682 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-14 19:58:31 385,164 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-15 04:04:38 385,164 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 12:15 50528]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 17:48 68856]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-10-09 20:56 202544]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04 1415824]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 16:20 851968]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-06 17:30 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-06 17:30 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-06 17:30 138008]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-05-09 16:59 1392640]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 16:23 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 17:28 405504 C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-18 15:26 1862144]
"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2007-05-24 09:03 17920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 05:06 40048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 20:57 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 17:39 189736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.exe" [2007-07-23 18:30 406832]
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" [2007-07-11 15:17 27952]
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-10-16 12:05 103864]

C:\Documents and Settings\Jenna\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Scheduler.lnk - C:\Program Files\SpyCatcher\Scheduler daemon.exe [2008-04-11 02:27:43 86133]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-01-18 15:27:56 7168]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-01-18 15:18:48 50688]
SpyCatcher Protector.lnk - C:\Program Files\SpyCatcher\Protector.exe [2008-04-11 02:27:43 91576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll,c:\progra~1\google\google~2\goec62~1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;C:\WINDOWS\system32\DRIVERS\datunidr.sys [2007-08-23 20:29]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-10-09 20:56]
R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [2008-04-15 00:04]
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 14:31]
S3 DellAMBrokerService;DellAMBrokerService;"C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe" [2007-10-11 11:49]
S3 PTproct;PTproct;C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys [2006-10-05 18:07]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-14 18:18:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 22:55:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-15 22:56:00
ComboFix-quarantined-files.txt 2008-04-16 02:55:52
ComboFix2.txt 2008-04-15 04:06:46

Pre-Run: 121,721,626,624 bytes free
Post-Run: 121,706,909,696 bytes free
.
2008-04-15 04:07:18 --- E O F ---
  • 0

#6
greyknight17
Posted 15 April 2008 - 09:06 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Delete the following:

C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
C:\WINDOWS\Installer\{0DF801A5-0667-4F86-9610-B9A1BF8FF7DC}\

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and copy/paste Combofix /u and hit OK to remove Combofix. You should be set to go.
  • 0

#7
Cozined Indigo
Posted 15 April 2008 - 09:12 PM

Cozined Indigo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Oh, god, finally. Thank you so much for your help!
  • 0

#8
greyknight17
Posted 15 April 2008 - 10:14 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP