Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Torjandownload.xs

Started by selvi , Jun 14 2008 10:53 AM

  • Please log in to reply

#1
selvi
Posted 14 June 2008 - 10:53 AM

selvi

    New Member

  • Member
  • Pip
  • 1 posts
Hi

My Laptop is infected with Torjandownload.xs. I have no clue as of how to remove it. I have currently Mcfee virus scan running, XP as OS.
I have pasted below log of ComboFix log and Hijackthis log. Can anyone Plz help me.

ComboFix 08-06-12.2 - ezhil 2008-06-14 12:37:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.493 [GMT -4:00]
Running from: C:\Documents and Settings\ezhil\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht
C:\Documents and Settings\All Users\Start Menu\Programs\Zango
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Weather.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Uninstall Instructions.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk
C:\Documents and Settings\ezhil\Application Data\ShoppingReport
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\ezhil\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\ezhil\Application Data\WeatherDPA
C:\Documents and Settings\ezhil\Application Data\WeatherDPA\Weather\WeatherStartup.xml
C:\Documents and Settings\ezhil\Application Data\Zango
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\3893642.sdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\17040
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\277907
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\455563
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\67469
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744260
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\753335
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\dynamic\ustat\36a1.dat
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\avatar.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\components.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\cursors.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\default.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\icons2.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\progress.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\progress.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
C:\Documents and Settings\ezhil\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
C:\Documents and Settings\mani\Application Data\ShoppingReport
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\mani\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\bostrupd.exe
C:\Program Files\QdrPack\QdrPack17.exe
C:\Program Files\zango
C:\Program Files\zango\bin\10.3.37.0\HostOE.dll.vir
C:\setup.exe
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

----- BITS: Possible infected sites -----

hxxp://80.93.48.89
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-14 11:44 . 2008-06-14 11:44 <DIR> d-------- C:\Program Files\Uniblue
2008-06-14 11:44 . 2008-06-14 11:44 <DIR> d-------- C:\Documents and Settings\ezhil\Application Data\Uniblue
2008-06-14 11:44 . 2008-06-14 11:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-14 10:25 . 2008-06-14 10:25 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_10_25_37.dmp
2008-06-14 10:22 . 2008-06-14 10:22 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_10_22_28.dmp
2008-06-14 10:12 . 2008-06-14 10:12 <DIR> d-------- C:\Program Files\GetPack
2008-06-14 10:08 . 2008-06-14 10:08 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_10_8_47.dmp
2008-06-14 10:04 . 2008-06-14 10:04 <DIR> d-------- C:\Program Files\iCheck
2008-06-14 10:04 . 2008-06-14 10:05 <DIR> d-------- C:\Program Files\GetModule
2008-06-14 10:04 . 2008-06-14 10:04 114,688 --a------ C:\Documents and Settings\All Users\Application Data\svytedap.dll
2008-06-14 10:03 . 2008-06-14 10:03 114,688 --a------ C:\WINDOWS\svytedap.dll
2008-06-14 10:02 . 2008-06-14 10:02 90,073 --a------ C:\WINDOWS\system32\iftuyszv.exe
2008-06-14 10:01 . 2008-06-14 10:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-14 10:01 . 2008-06-14 10:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-14 05:13 . 2008-06-14 05:13 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_14_5_13_22.dmp
2008-06-12 07:03 . 2008-06-12 07:03 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_12_7_3_48.dmp
2008-06-11 08:48 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 08:48 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 18:58 . 2008-06-09 18:58 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_9_18_58_46.dmp
2008-06-07 06:30 . 2008-06-07 06:30 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_7_6_30_50.dmp
2008-06-01 16:09 . 2008-06-01 16:09 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_6_1_16_9_5.dmp
2008-05-31 18:55 . 2008-05-31 18:56 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_31_18_55_57.dmp
2008-05-31 04:50 . 2008-05-31 04:50 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_31_4_50_29.dmp
2008-05-30 21:08 . 2008-05-30 21:08 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_21_8_35.dmp
2008-05-30 19:01 . 2008-05-30 19:01 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_19_1_7.dmp
2008-05-30 12:29 . 2008-05-30 12:29 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_12_29_14.dmp
2008-05-30 05:21 . 2008-05-30 05:21 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_30_5_21_23.dmp
2008-05-29 20:21 . 2008-05-29 20:21 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_29_20_21_47.dmp
2008-05-29 20:15 . 2008-05-29 20:16 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_29_20_15_47.dmp
2008-05-29 06:11 . 2008-05-29 06:11 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_29_6_11_19.dmp
2008-05-28 06:47 . 2008-05-28 06:47 14,444 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_28_6_47_20.dmp
2008-05-27 05:26 . 2008-05-27 05:26 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_27_5_26_15.dmp
2008-05-26 13:53 . 2008-05-26 13:53 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_26_13_53_51.dmp
2008-05-26 05:22 . 2008-05-26 05:22 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_26_5_22_25.dmp
2008-05-23 17:44 . 2008-05-23 17:44 <DIR> d-------- C:\Program Files\Skype
2008-05-23 17:44 . 2008-05-23 17:44 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-23 17:44 . 2008-05-25 08:55 <DIR> d-------- C:\Documents and Settings\ezhil\Application Data\skypePM
2008-05-23 17:44 . 2008-05-23 17:44 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-19 14:12 . 2004-06-10 10:31 135,168 -ra------ C:\WINDOWS\UNDPX2A.exe
2008-05-19 14:12 . 2004-06-10 10:34 53,693 -ra------ C:\WINDOWS\UNDPX2A.sys
2008-05-19 14:12 . 2004-06-09 19:42 15,429 -ra------ C:\WINDOWS\system32\drivers\Sacm2A.sys
2008-05-18 16:18 . 2008-05-18 16:18 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_18_16_18_16.dmp
2008-05-18 16:16 . 2008-05-18 16:16 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_18_16_16_22.dmp
2008-05-18 08:57 . 2008-05-18 08:57 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_18_8_57_27.dmp
2008-05-17 11:07 . 2008-05-17 11:07 <DIR> d-------- C:\Program Files\TVAnts
2008-05-17 04:54 . 2008-05-17 04:54 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_17_4_54_41.dmp
2008-05-16 18:52 . 2008-05-16 18:52 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_16_18_52_35.dmp
2008-05-16 16:09 . 2008-05-16 16:09 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_16_16_9_34.dmp
2008-05-16 05:02 . 2008-05-16 05:02 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_16_5_2_9.dmp
2008-05-14 18:55 . 2008-05-14 18:55 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_18_55_35.dmp
2008-05-14 16:47 . 2008-05-14 16:47 15,318 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_16_47_27.dmp
2008-05-14 09:34 . 2008-05-14 09:34 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_9_34_45.dmp
2008-05-14 05:33 . 2008-05-14 05:33 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_5_14_5_33_34.dmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 16:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-14 15:25 --------- d-----w C:\Program Files\Trend Micro
2008-06-07 16:52 --------- d-----w C:\Program Files\lx_cats
2008-06-06 21:47 --------- d-----w C:\Documents and Settings\ezhil\Application Data\dvdcss
2008-05-25 14:11 --------- d-----w C:\Documents and Settings\ezhil\Application Data\Skype
2008-05-25 13:03 --------- d-----w C:\Program Files\VoipCheapCom
2008-05-23 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-09 15:18 --------- d-----w C:\Program Files\Java
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 17:00 --------- d-----w C:\Program Files\SopCast
2008-04-27 14:07 --------- d-----w C:\Program Files\Google
2008-04-25 19:46 --------- d-----w C:\Program Files\DivX
2008-04-24 11:54 --------- d-----w C:\Documents and Settings\ezhil\Application Data\U3
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-17 22:38 --------- d-----w C:\Program Files\Xvid
2008-04-16 19:52 --------- d-----w C:\Program Files\Badongo
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2007-06-12 14:14 630,784 ----a-w C:\Documents and Settings\ezhil\GoToAssist_chat2way__317_en.exe
2006-11-09 10:08 0 -c--a-w C:\Documents and Settings\ezhil\Application Data\wklnhst.dat
2006-11-27 00:01 88 -csh--r C:\WINDOWS\system32\D8594F537C.sys
2007-08-13 16:25 88 -csh--r C:\WINDOWS\system32\F58E27CB22.sys
2007-08-13 18:25 6,216 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e50c47ff-bd5a-4267-b628-f8d0fcd61ada}]
2008-06-14 10:04 114688 --a------ C:\Documents and Settings\All Users\Application Data\svytedap.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= "C:\Program Files\NetProject\wamdl.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-11-06 20:51 3810544]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-03 16:02 68856]
"GetModule18"="C:\Program Files\GetModule\GetModule18.exe" [2008-06-09 17:40 351744]
"GetPack18"="C:\Program Files\GetPack\GetPack18.exe" [2008-06-10 05:08 350208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 09:08 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-03 19:51 1032192]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48 761947]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 09:00 94208]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 04:55 131072]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-22 22:52 98304]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 13:45 286720]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 01:10 98304]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 04:11 290816]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 14:38 65536]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22 3739648]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-10-22 22:49:41 24576]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM

R2 BMFMySQL;BMFMySQL;"C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe" --defaults-file="C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\my.ini" BMFMySQL []
R2 LogWatch;Event Log Watch;C:\CA_LIC\LogWatNT.exe [2006-10-17 08:29]
R2 OracleFormsServer-Forms60Server;Oracle Forms Server [Forms60Server];C:\orant\bin\ifsrv60.exe [2002-11-26 20:57]
R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\product\10.2.0\db_4\BIN\TNSLSNR []
R2 OracleServiceORCLKAUS;OracleServiceORCLKAUS;c:\oracle\product\10.2.0\db_4\bin\ORACLE.EXE ORCLKAUS []
R2 paldrv;paldrv;C:\WINDOWS\system32\pal_drv.sys [2007-02-11 23:19]
S0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys []
S2 OracleDBConsoleorclkaus;OracleDBConsoleorclkaus;C:\oracle\product\10.2.0\db_4\bin\nmesrvc.exe [2005-08-16 12:21]
S2 OracleJobSchedulerORCLKAUS;OracleJobSchedulerORCLKAUS;c:\oracle\product\10.2.0\db_4\Bin\extjob.exe ORCLKAUS []
S3 CA_LIC_CLNT;CA License Client;"C:\CA_LIC\\lic98rmt.exe" [2006-10-17 08:28]
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE [2002-11-26 20:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6d7e2ac-9447-11db-835d-0015c5b705c3}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - ENTDRV51
*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
*Newly Created Service* - IKSYSSEC
*Newly Created Service* - MCHINJDRV
*Newly Created Service* - PROCEXP111
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 16:19:27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2008-06-14 16:19:25 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 12:42:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="C:\oracle\product\10.2.0\db_4\BIN\TNSLSNR "
.
Completion time: 2008-06-14 12:44:54
ComboFix-quarantined-files.txt 2008-06-14 16:44:39

Pre-Run: 51,393,024,000 bytes free
Post-Run: 54,479,216,640 bytes free

478 --- E O F --- 2008-06-12 03:40:09



-------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:39 PM, on 6/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Quest Software\Benchmark Factory for Databases\Repository\MySQL\bin\mysqld-max-nt.exe
C:\CA_LIC\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\orant\bin\ifsrv60.exe
C:\oracle\product\10.2.0\db_4\bin\isqlplussvc.exe
C:\oracle\product\10.2.0\db_4\BIN\TNSLSNR.exe
c:\oracle\product\10.2.0\db_4\bin\ORACLE.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\oracle\product\10.2.0\db_4\jdk\bin\java.exe
C:\orant\bin\ifweb60.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\iftuyszv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\GetModule\GetModule18.exe
C:\Program Files\GetPack\GetPack18.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\DAP\DAP.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pimpmysea...l?gname=Kausika
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061022
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202946228.dll (file missing)
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll (file missing)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e50c47ff-bd5a-4267-b628-f8d0fcd61ada} - C:\Documents and Settings\All Users\Application Data\svytedap.dll
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [GetModule18] "C:\Program Files\GetModule\GetModule18.exe"
O4 - HKCU\..\Run: [GetPack18] "C:\Program Files\GetPack\GetPack18.exe"
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP