Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups Galore!


  • This topic is locked This topic is locked
9 replies to this topic

#1 ajusted

ajusted

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 09 October 2007 - 03:38 PM

Hello I have a computer with many pop ups. I have run VundoFix, combofix then ran hijackthis. Logs from each are posted below. The computer now appears to be running normally but would appreciate a review of the logs to see if problems still remain.

Thanks much,
Wayne

===============================================================================



VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 2:16:59 PM 10/9/2007

Listing files found while scanning....

C:\WINDOWS\system32\ldttusno.ini
C:\WINDOWS\system32\onsuttdl.dll
C:\WINDOWS\system32\yluwpkwa.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ldttusno.ini
C:\WINDOWS\system32\ldttusno.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\onsuttdl.dll
C:\WINDOWS\system32\onsuttdl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yluwpkwa.dll
C:\WINDOWS\system32\yluwpkwa.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 2:26:43 PM 10/9/2007

Listing files found while scanning....

No infected files were found.

=============================================================================

ComboFix 07-10-09.3 - Channie 2007-10-09 14:33:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.139 [GMT -4:00]
Running from: C:\Documents and Settings\Channie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.bak2
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\hwrkgdku.dll
C:\WINDOWS\system32\itlepfpk.dll
C:\WINDOWS\system32\kpfpelti.ini
C:\WINDOWS\system32\kvfsqaro.dll
C:\WINDOWS\system32\onccekso.dll
C:\WINDOWS\system32\oraqsfvk.ini
C:\WINDOWS\system32\oskeccno.ini
C:\WINDOWS\system32\sklcwoex.ini
C:\WINDOWS\system32\xeowclks.dll
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y1\gb83122.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 14:16 <DIR> d-------- C:\VundoFix Backups
2007-10-07 00:37 <DIR> d-------- C:\WINDOWS\pss
2007-10-06 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 12:25 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-01 01:07 <DIR> d-------- C:\WINDOWS\system32\zip1
2007-10-01 01:07 <DIR> d-------- C:\WINDOWS\system32\vbs9
2007-10-01 01:07 <DIR> d-------- C:\WINDOWS\system32\driv2
2007-10-01 01:06 <DIR> d-------- C:\WINDOWS\system32\vMW10a
2007-10-01 01:06 <DIR> d-------- C:\Temp\xOe
2007-10-01 01:06 <DIR> d-------- C:\Temp
2007-10-01 01:06 36,352 --a------ C:\WINDOWS\system32\nnnmlmk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 18:25 --------- d-----w C:\Program Files\LogMeIn
2007-10-09 17:37 --------- d-----w C:\Program Files\Trend Micro
2007-10-07 04:32 --------- d-----w C:\Program Files\Windows Plus
2007-09-30 18:22 --------- d-----w C:\Documents and Settings\Channie\Application Data\Image Zone Express
2007-09-09 22:05 --------- d-----w C:\Documents and Settings\Channie\Application Data\AdobeUM
2007-08-16 18:37 --------- d-----w C:\Program Files\support.com
2007-08-16 18:35 --------- d-----w C:\Program Files\Common Files\SupportSoft
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{205885D1-5A52-4714-BE76-3BF866451E1E}]
C:\Program Files\Windows Plus\hope83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D055505-5B04-43EF-698E-789EAD77CB80}]
C:\Program Files\Messenger\labumu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7EDAE2A8-3A41-4592-B484-C67BC864C147}]
C:\Program Files\Windows Plus\hope4444.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-16 09:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"LogMeIn GUI"="C:\Program Files\LogMeIn\LogMeInSystray.exe" [2006-08-11 17:04]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-19 19:37]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 22:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2006-08-11 17:04 11496 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnmlmk]
nnnmlmk.dll 2007-10-01 01:06 36352 C:\WINDOWS\system32\nnnmlmk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup


R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\RaInfo.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-09 14:42:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 14:44:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 14:44
.
--- E O F ---

============================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:54:47 PM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {205885D1-5A52-4714-BE76-3BF866451E1E} - C:\Program Files\Windows Plus\hope83122.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: 0 - {7D055505-5B04-43EF-698E-789EAD77CB80} - C:\Program Files\Messenger\labumu.dll (file missing)
O2 - BHO: (no name) - {7EDAE2A8-3A41-4592-B484-C67BC864C147} - C:\Program Files\Windows Plus\hope4444.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-1721121198-563123253-1990466120-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1721121198-563123253-1990466120-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnmlmk - C:\WINDOWS\SYSTEM32\nnnmlmk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8737 bytes

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 17 October 2007 - 10:20 AM

Hello and welcome to BC. :thumbsup:

Sorry for the delayed response. Scan with HijackThis log and put a checkmark against the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {205885D1-5A52-4714-BE76-3BF866451E1E} - C:\Program Files\Windows Plus\hope83122.dll (file missing)
O2 - BHO: 0 - {7D055505-5B04-43EF-698E-789EAD77CB80} - C:\Program Files\Messenger\labumu.dll (file missing)
O2 - BHO: (no name) - {7EDAE2A8-3A41-4592-B484-C67BC864C147} - C:\Program Files\Windows Plus\hope4444.dll (file missing)
O20 - Winlogon Notify: nnnmlmk - C:\WINDOWS\SYSTEM32\nnnmlmk.dll


Close all browsers/windows other than HijackThis and click on "fix checked".

==============================

Discard the copy(ies) of Combofix you have and

Please download ComboFix

Note: It is important that it is saved directly to your desktop.

Close all browsers.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log for you. Post that log in your next reply and a fresh HijackThis log please.
  • Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.


#3 ajusted

ajusted
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 23 October 2007 - 08:33 PM

ComboFix 07-10-23.1 - Channie 2007-10-23 21:21:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.128 [GMT -4:00]
Running from: C:\Documents and Settings\Channie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\system32\LMIinit.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\system32\vMW10a\vMW10a1099.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.

2007-10-21 22:04 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-10-21 22:04 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-10-21 19:25 <DIR> d-------- C:\Program Files\Sony
2007-10-09 17:22 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 14:16 <DIR> d-------- C:\VundoFix Backups
2007-10-07 00:37 <DIR> d-------- C:\WINDOWS\pss
2007-10-04 12:25 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-01 01:07 <DIR> d-------- C:\WINDOWS\system32\zip1
2007-10-01 01:07 <DIR> d-------- C:\WINDOWS\system32\vbs9
2007-10-01 01:07 <DIR> d-------- C:\WINDOWS\system32\driv2
2007-10-01 01:06 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 15:42 --------- d-----w C:\Program Files\LogMeIn
2007-10-09 17:37 --------- d-----w C:\Program Files\Trend Micro
2007-10-07 04:32 --------- d-----w C:\Program Files\Windows Plus
2007-09-30 18:22 --------- d-----w C:\Documents and Settings\Channie\Application Data\Image Zone Express
2007-09-09 22:05 --------- d-----w C:\Documents and Settings\Channie\Application Data\AdobeUM
.

((((((((((((((((((((((((((((( snapshot@2007-10-09_14.43.49.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-08-20 10:02:09 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 10:02:11 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 10:02:09 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:12:34 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:24:57 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 10:02:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 10:02:10 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:12:35 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 10:02:10 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 10:02:11 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 10:02:11 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 10:02:11 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 10:02:11 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 10:02:11 1,161,728 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 10:02:11 232,960 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 10:02:11 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
- 2007-09-28 13:06:08 135,168 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 10:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2004-08-10 10:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-10 10:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-10 10:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2007-06-15 08:12:28 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-06-15 08:12:28 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-06-15 08:12:28 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-10 10:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-10 10:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-10 10:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-10 10:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-10 10:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-10 10:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-06-14 10:32:36 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-10 10:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-06-15 08:12:28 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-10 10:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-10 10:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-10 10:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-10 10:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-06-15 08:12:28 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-06-15 08:12:28 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-10 10:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-10 10:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-06-15 08:12:29 3,064,320 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-06-15 08:12:29 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-10 10:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-10 10:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-06-15 08:12:29 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-06-15 08:12:29 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-10 10:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-06-15 08:12:29 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 22:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 22:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 21:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 21:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-10 10:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-06-15 08:12:30 616,960 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-10 10:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-10 10:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-06-26 14:35:54 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 22:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2007-08-13 22:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-08-13 22:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2007-08-13 22:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-08-13 22:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-08-13 22:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-08-13 22:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-08-13 21:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-02-12 20:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat
+ 2007-07-11 16:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-08-13 22:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-08-13 22:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-08-13 22:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-08-13 22:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-08-13 22:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-08-13 22:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-08-13 22:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-08-13 22:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-08-13 22:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-08-13 22:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-08-13 22:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-08-13 22:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-08-13 22:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-08-13 22:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-08-13 22:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-08-13 22:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-08-13 22:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-08-13 22:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
- 2004-08-10 10:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 22:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2004-08-10 10:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2004-08-10 10:00:00 35,328 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 22:42:54 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
+ 2007-08-13 22:39:20 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-20 10:04:34 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-13 22:42:54 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
+ 2007-08-13 22:54:10 33,792 ------w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-06-15 08:12:28 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 22:18:02 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-20 10:04:34 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dat
+ 2007-08-20 10:04:35 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-06-14 10:32:36 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:44:02 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 22:45:18 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-20 10:04:37 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-06-15 08:12:28 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-08-13 22:39:12 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-17 10:20:54 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-08-17 10:21:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 22:36:06 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-15 08:12:28 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 22:44:18 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-20 10:04:39 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-08-13 22:32:30 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-06-15 08:12:29 3,064,320 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-15 08:12:29 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 22:01:12 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 22:54:10 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-06-15 08:12:29 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-15 08:12:29 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-06-15 08:12:29 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-20 10:04:42 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
- 2007-06-15 08:12:30 616,960 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 22:54:10 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-08-20 10:04:42 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-06-26 14:35:54 665,600 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-08-11 21:04:48 8,040 ----a-w C:\WINDOWS\system32\drivers\LMImirr.sys
+ 2007-04-17 18:00:28 10,144 ----a-w C:\WINDOWS\system32\drivers\LMImirr.sys
- 2007-06-15 08:12:28 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 22:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-15 08:12:28 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-06-15 08:12:28 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 12:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2004-08-10 10:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-10 10:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-10 10:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-10 10:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-10 10:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2004-08-10 10:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 22:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-15 08:12:28 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 22:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-10 10:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2004-08-10 10:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 22:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 22:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2004-08-10 10:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 22:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-15 08:12:28 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 22:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 22:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-15 08:12:28 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-10-03 19:36:27 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2007-10-17 14:45:14 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
- 2004-08-10 10:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 22:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2006-08-11 21:04:36 23,016 ----a-w C:\WINDOWS\system32\LMImirr.dll
+ 2007-05-25 19:22:06 24,000 ----a-w C:\WINDOWS\system32\LMImirr.dll
- 2006-08-11 21:04:38 9,576 ----a-w C:\WINDOWS\system32\LMImirr2.dll
+ 2007-05-25 19:22:08 10,304 ----a-w C:\WINDOWS\system32\LMImirr2.dll
- 2006-08-11 21:04:40 13,032 ----a-w C:\WINDOWS\system32\LMIport.dll
+ 2007-05-25 19:22:10 26,176 ----a-w C:\WINDOWS\system32\LMIport.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 22:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2004-08-10 10:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 22:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-06-15 08:12:29 3,064,320 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-15 08:12:29 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-10 10:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 22:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-10 10:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 22:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-06-15 08:12:29 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-15 08:12:29 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 21:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 12:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2004-08-10 10:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
- 2007-06-15 08:12:29 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 22:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-10 10:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2006-08-11 21:04:42 14,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2007-05-25 19:22:12 16,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinter.dll
- 2006-08-11 21:04:44 15,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
+ 2007-05-25 19:22:14 16,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2006-08-11 21:04:44 15,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-05-25 19:22:14 16,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2006-08-11 21:04:42 14,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-05-25 19:22:12 16,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinter.dll
- 2006-08-11 21:04:44 15,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-05-25 19:22:14 16,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterdat.dll
- 2006-08-11 21:04:44 15,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterui.dll
+ 2007-05-25 19:22:14 16,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2006-08-11 21:04:46 25,832 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-05-25 19:22:18 30,784 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-06 21:43:16 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-10-05 14:07:31 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-04-02 18:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
- 2004-08-10 10:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-15 08:12:30 616,960 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-10 10:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 22:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2004-08-10 10:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 22:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-06-26 14:35:54 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-16 09:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-19 19:37]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 22:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
Debugger="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup


R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 21:26:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 21:29:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 14:44
C:\ComboFix2.txt ... 2007-10-09 14:44
.
--- E O F ---

========================================================================





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:37 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1721121198-563123253-1990466120-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1721121198-563123253-1990466120-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8631 bytes

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 24 October 2007 - 09:31 AM

Hi,

Open notepad (it must be notepad, not wordpad, or it won't work) and copy/paste the text in the code box below into it, starting from Folder::.....:

Folder:: 
C:\WINDOWS\system32\zip1 
C:\WINDOWS\system32\vbs9 
C:\WINDOWS\system32\driv2 
C:\Temp

Save this as CFScript.txt

Posted Image

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


=======================================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop in txt format.
Copy and paste that information from Kapersky in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

==================================

Please post back the combofix.txt, Kaspersky scan results and a fresh HijackThis log and also let me know how the computer is running now.

#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 24 October 2007 - 10:17 AM

Also, your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Click Start>Run, type in appwiz.cpl and press Enter.
  • Remove all entries of Runtime Environment (J2SE or JRE) that are listed.
  • Now reboot your computer.
  • Download the latest version of Java Runtime Environment, and install it to your computer.


#6 ajusted

ajusted
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 26 October 2007 - 04:37 PM

Thanks for all your help. The logs are below. At noon today during the scheduled run of Trend Micro Pc Cillin antivirus the virus program detected and quarantined seven viruses. I think those show in the Kaspersky log. Thanks again for your help and look forward to your reply. Wayne

ComboFix 07-10-27.1 - Channie 2007-10-26 16:11:46.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.208 [GMT -4:00]Running from: C:\Documents and Settings\Channie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Channie\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp
C:\WINDOWS\system32\driv2
C:\WINDOWS\system32\vbs9
C:\WINDOWS\system32\zip1

.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.

2007-10-21 22:04 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-10-21 22:04 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-10-21 19:25 <DIR> d-------- C:\Program Files\Sony
2007-10-09 17:22 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 14:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-09 14:16 <DIR> d-------- C:\VundoFix Backups
2007-10-07 00:37 <DIR> d-------- C:\WINDOWS\pss
2007-10-06 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-04 12:25 <DIR> d--h----- C:\WINDOWS\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-27 20:11 --------- d-----w C:\Program Files\LogMeIn
2007-10-17 14:45 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-10-09 17:37 --------- d-----w C:\Program Files\Trend Micro
2007-10-07 04:32 --------- d-----w C:\Program Files\Windows Plus
2007-09-30 18:22 --------- d-----w C:\Documents and Settings\Channie\Application Data\Image Zone Express
2007-09-09 22:05 --------- d-----w C:\Documents and Settings\Channie\Application Data\AdobeUM
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-13 22:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 22:54 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2007-08-13 22:54 33,792 ------w C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-13 22:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-13 22:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 22:54 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
2007-08-13 22:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 22:45 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
2007-08-13 22:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-13 22:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 22:44 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
2007-08-13 22:42 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
2007-08-13 22:42 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
2007-08-13 22:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-13 22:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 22:39 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
2007-08-13 22:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 22:39 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
2007-08-13 22:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-08-13 22:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-13 22:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 22:36 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
2007-08-13 22:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-13 22:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 22:32 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
2007-08-13 22:18 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
2007-08-13 22:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-08-13 22:01 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.

((((((((((((((((((((((((((((( snapshot_2007-10-23_21.28.59.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 10:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-26 13:51:17 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-04-02 18:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 22:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 03:45]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 12:48]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 C:\WINDOWS\stsystra.exe]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-06-16 09:46]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-19 19:37]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe" [2006-03-08 13:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 22:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
Debugger="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup


R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 LMImirr;LMImirr;C:\WINDOWS\system32\DRIVERS\LMImirr.sys
S3 AngelUsb;Angel USB MPEG Device;C:\WINDOWS\system32\DRIVERS\AngelUsb.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\D:\INSTAL~E\Core\BVRPMPR5.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command - E:\setup.exe

.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 16:14:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-27 16:14:50
.
--- E O F ---


======================================================================

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 27, 2007 5:26:52 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/10/2007
Kaspersky Anti-Virus database records: 419248
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 52458
Number of viruses found: 7
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 00:40:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\Channie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Channie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Channie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Channie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Channie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Channie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Channie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Channie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.Agent.dpq skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\13.tmp Infected: Trojan-Downloader.Win32.Agent.dpq skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\180.tmp Infected: Trojan-Downloader.Win32.Small.fwb skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\213.tmp Infected: Trojan-Downloader.Win32.Small.fwb skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\48A.tmp Infected: Trojan.Win32.Pakes.eb skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\48B.tmp Infected: Trojan.Win32.Pakes.fr skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\B.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D.tmp Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D2.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\D5.tmp Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\F.tmp Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vMW10a\vMW10a1099.exe.vir Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0040867.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E2DD463C-493E-4437-849C-DE86D7307CCA}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


=======================================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:30:48 PM, on 10/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1721121198-563123253-1990466120-1006\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-21-1721121198-563123253-1990466120-1006\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LogMeInRemoteUser')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8698 bytes

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 28 October 2007 - 08:02 AM

Hi,

Sorry for getting back to you a little late. I have been very busy the last couple of days.

Please empty the quarantine folder of Trend Micro Internet Security.

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine<====== contents of this folder, but not the folder itself.

==========================

All looking good except one file that we need to return to its original location.

Please go to Start > Run and type cmd, click OK
Carefully type (or cut & paste) the following command into the command window and
press Enter on your keyboard.

Note: You can copy from this post by highlighting the command and pressing Ctrl+C
but you have to paste in the command window by right-clicking and selecting 'paste'


copy C:\Qoobox\Quarantine\C\WINDOWS\system32\LMIinit.dll.vir C:\WINDOWS\system32\LMIinit.dll

exit

==========================

Before we go ahead with the final step, please let me know how the system is running now.

#8 ajusted

ajusted
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:31 AM

Posted 28 October 2007 - 06:58 PM

Amateur,

I have emptied the Trend Micro quarantine folder and replaced the LMIinit.dll file. The time I spent on the computer it seems to be running fine. It is not actually my computer but belongs to a niece. I have asked her to let me know if anything unusual occurs. You said that you have one final thing you want me to do on the computer. Just let me know. Thanks again for all your help it is much appreciated.

Ajusted.

#9 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 28 October 2007 - 07:14 PM

Hi,

Nice feedback. Thank you. If all is well, this is the final procedure to clean up:
  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK. Notice the space between the x and the /u

    Posted Image

    This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.
Below are some steps to make her surfing more secure in future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site http://windowsupdate.microsoft.com/ to get the critical updates.

If you are running Microsoft, or any portion thereof, go to the Microsoft's Office Update site http://office.microsoft.com/officeupdate/m...g.aspx?lc=en-us and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already):
AdAwareA tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial43.html
Spybot A tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial43.html
Windows Defender here

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster A tutorial on installing & using this product can be found here: http://www.bleepingcomputer.com/forums/tutorial49.html
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet. A tutorial on Firewalls and a listing of some available ones can be found here:
http://forum.malwareremoval.com/viewtopic.php?p=56#56
http://www.bleepingcomputer.com/forums/tutorial60.html

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, e.g. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing. To provide privacy, select disable advanced features when installing.

IE-SPYAD This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer. A tutorial on installing this product can be found here: http://www.spywarewarrior.com/uiuc/resource.htm

SiteHound by Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable.
This product can be downloaded from here: here:

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

Ccleaner is a useful utility to clean the temporary files and cookies on a regular basis. Tutorial for CCleaner will explain how to use it. Note: Don't use the Registry (formerly Issues) block as it deals with the registry and can be dangerous.

But above all, keep all your software UP-TO-DATE at all time!!

A colleague of ours has excellent information and tips on the prevention of malware here and more on improving speed/system performance after malware removal here .

If you want to fight back the Malware Writers, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing! :thumbsup:

#10 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:31 AM

Posted 05 November 2007 - 02:06 PM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread, and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users