Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virtumonde


  • Please log in to reply
11 replies to this topic

#1 2bleepo2

2bleepo2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 25 December 2007 - 04:52 AM

help i cant remove this virus it says its running so cant be deleted how do i re move it HELP Heres my log







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:27 p.m., on 25/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\updater\explorer.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS\system32\updater\explorer .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Free Download Manager\fdm .exe
C:\DOCUME~1\user\LOCALS~1\Temp\ir_ext_temp_4\autorun.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mumble\mumble.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\sstqn.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A1FF447-FBBD-4B2E-9D59-2876AB5E6710} - C:\WINDOWS\system32\sstqn.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\urqooli.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Updater] C:\WINDOWS\system32\updater\explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?67f02ae0e03f456184d7d11364fa989d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?67f02ae0e03f456184d7d11364fa989d
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: urqooli - C:\WINDOWS\SYSTEM32\urqooli.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10557 bytes

Thanks 4 taking ur time to read this please help me as soon as possible

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:11 PM

Posted 25 December 2007 - 06:08 AM

Hi 2bleepo2!

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible. I'm in Hijackthis school and Teachers will check my posts.
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:11 PM

Posted 25 December 2007 - 11:23 AM

Hi!

Step one

Please visit Virustotal
* Click the Browse... button
* Navigate to the file C:\WINDOWS\system32\updater\explorer.exe
* Click the Open button
* Click the Send button
* Copy and paste the results back here

Step two

Please download Combofix to your desktop.
Doubleclick comboFix.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.

Step three

Open HijackThis.
- Click the Config... button, then go to the Misc Tools section.
- Click on Open Uninstall Manager. You'll see a list of programs.
- Click on Save List...

The file "uninstall_list.txt" will be created. Copy and paste the contents of this file to your next reply.

Step Four

Please post a fresh HijackThis log, Combofix log, Virustotal results and Uninstall_list.txt back here :thumbsup:
Posted Image

#4 2bleepo2

2bleepo2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 25 December 2007 - 10:52 PM

Hello. Thanks for your time.

ComboFix 07-12-21.4 - user 2007-12-26 16:47:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.699 [GMT 13:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-26 to 2007-12-26 )))))))))))))))))))))))))))))))
.

2007-12-26 11:58 . 2007-12-26 11:58 326,656 --a------ C:\WINDOWS\system32\RCX4E.tmp
2007-12-26 11:51 . 2007-12-26 12:02 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-26 11:51 . 2007-12-26 11:51 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-26 11:50 . 2007-12-26 11:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-26 11:50 . 2007-12-26 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-26 11:50 . 2007-12-26 16:49 3,101,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 11:50 . 2007-12-26 16:39 45,512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 11:50 . 2007-12-26 16:48 14,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-26 11:50 . 2007-12-26 16:39 3,296 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-26 11:45 . 2007-12-26 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-26 11:44 . 2007-12-26 11:44 326,656 --a------ C:\WINDOWS\system32\RCX4B.tmp
2007-12-25 23:28 . 2007-12-25 23:28 326,656 --a------ C:\WINDOWS\system32\RCX37.tmp
2007-12-25 23:16 . 2007-12-25 23:16 326,656 --a------ C:\WINDOWS\system32\RCX36.tmp
2007-12-25 22:21 . 2007-12-25 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 21:58 . 2007-12-25 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 19:26 . 2007-12-26 12:03 6,641 --ahs---- C:\WINDOWS\system32\nqtss.ini2
2007-12-25 19:25 . 2007-12-25 19:25 326,656 --a------ C:\WINDOWS\system32\RCX31.tmp
2007-12-25 15:40 . 2007-12-25 15:40 326,656 --a------ C:\WINDOWS\system32\RCX30.tmp
2007-12-25 15:40 . 2007-12-26 12:03 6,601 --ahs---- C:\WINDOWS\system32\nqtss.ini
2007-12-25 14:36 . 2007-12-25 14:36 326,656 --a------ C:\WINDOWS\system32\RCX2F.tmp
2007-12-25 14:13 . 2007-12-25 14:13 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-12-25 12:13 . 2007-12-25 23:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-25 12:13 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-25 12:01 . 2007-12-25 12:01 326,656 --a------ C:\WINDOWS\system32\RCX24.tmp
2007-12-24 18:04 . 2006-09-18 21:41 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-12-24 18:04 . 2006-09-18 21:41 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2007-12-24 17:49 . 2007-12-24 17:49 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-24 14:51 . 2007-12-24 14:51 326,656 --a------ C:\WINDOWS\system32\RCX2B.tmp
2007-12-24 14:39 . 2007-12-24 14:40 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-24 14:35 . 2007-12-24 14:37 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-24 13:35 . 2007-12-24 13:35 326,656 --a------ C:\WINDOWS\system32\RCX2A.tmp
2007-12-23 20:28 . 2007-12-26 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 20:27 . 2007-12-26 11:58 352,256 --a------ C:\WINDOWS\system32\JMRaidTool .exe
2007-12-23 20:27 . 2007-12-23 20:27 326,656 --a------ C:\WINDOWS\system32\RCX29.tmp
2007-12-21 13:34 . 2007-12-23 17:46 2,665 --a------ C:\WINDOWS\SwSys2.bmp
2007-12-21 13:34 . 2007-12-23 17:46 2,665 --a------ C:\WINDOWS\SwSys1.bmp
2007-12-21 13:33 . 2007-12-21 13:33 <DIR> d-------- C:\Program Files\Xplosiv
2007-12-21 13:32 . 2007-12-21 13:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-20 19:34 . 2007-12-20 19:34 <DIR> d-------- C:\Documents and Settings\user\Application Data\TVU Networks
2007-12-18 00:44 . 2007-12-18 00:44 219,664 --a------ C:\WINDOWS\system32\klogon.dll
2007-12-18 00:43 . 2007-12-18 00:43 23,396 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 13:28 . 2007-12-13 13:28 24,592 --a------ C:\WINDOWS\system32\drivers\klim5.sys
2007-12-03 10:50 . 2007-12-13 17:33 <DIR> d-------- C:\Program Files\Mumble
2007-11-30 16:22 . 2007-11-30 16:22 <DIR> d-------- C:\Program Files\Windows Live Favorites

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 03:46 --------- d-----w C:\Program Files\BitTorrent
2007-12-26 03:26 --------- d-----w C:\Program Files\Free Download Manager
2007-12-25 23:22 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-12-25 22:58 --------- d-----w C:\Program Files\QuickTime
2007-12-25 22:58 --------- d-----w C:\Documents and Settings\user\Application Data\BitTorrent
2007-12-25 10:39 --------- d-----w C:\Program Files\Google
2007-12-24 23:39 --------- d-----w C:\Program Files\MSN Messenger
2007-12-24 22:39 --------- d-----w C:\Program Files\CCleaner
2007-12-24 01:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-23 00:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 01:48 --------- d-----w C:\Program Files\Tremulous
2007-12-12 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-30 03:22 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 06:45 --------- d-----w C:\Program Files\Microsoft Encarta
2007-11-07 03:37 --------- d-----w C:\Program Files\LimeWire
2007-10-31 00:41 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-26 23:08 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2004-10-01 02:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BC2FE8E-312F-40F3-A591-FD5998855928}]
C:\WINDOWS\system32\sstqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58E7F7D1-5473-42A1-8C34-EA07E7FD3E19}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" [2007-12-26 11:58]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"PowerBar"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent .exe" [2007-12-26 11:58]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" [2007-12-26 11:57]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-02-03 23:11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqooli]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\Theme\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 16:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 16:39]
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 09:53]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-26 02:51:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-26 16:49:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-26 16:49:40
.
2007-12-25 01:13:50 --- E O F ---






File explorer.exe received on 12.01.2007 00:39:57 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.12.1.0 2007.11.30 -
AntiVir 7.6.0.34 2007.11.30 -
Authentium 4.93.8 2007.11.30 -
Avast 4.7.1074.0 2007.11.30 -
AVG 7.5.0.503 2007.11.30 -
BitDefender 7.2 2007.12.01 -
CAT-QuickHeal 9.00 2007.11.30 -
ClamAV 0.91.2 2007.11.30 -
DrWeb 4.44.0.09170 2007.11.30 -
eSafe 7.0.15.0 2007.11.29 -
eTrust-Vet 31.3.5340 2007.11.30 -
Ewido 4.0 2007.11.30 -
FileAdvisor 1 2007.12.01 -
Fortinet 3.14.0.0 2007.11.30 -
F-Prot 4.4.2.54 2007.11.30 -
F-Secure 6.70.13030.0 2007.11.30 -
Ikarus T3.1.1.12 2007.11.30 -
Kaspersky 7.0.0.125 2007.12.01 -
McAfee 5175 2007.11.30 -
Microsoft 1.3007 2007.12.01 -
NOD32v2 2696 2007.11.30 error - password-protected file
Norman 5.80.02 2007.11.30 -
Panda 9.0.0.4 2007.11.29 -
Prevx1 V2 2007.12.01 -
Rising 20.20.40.00 2007.11.30 -
Sophos 4.23.0 2007.11.30 -
Sunbelt 2.2.907.0 2007.12.01 -
Symantec 10 2007.11.30 -
TheHacker 6.2.9.146 2007.11.30 -
VBA32 3.12.2.5 2007.11.30 -
VirusBuster 4.3.26:9 2007.11.30 -
Webwasher-Gateway 6.6.2 2007.11.30 -

Additional information
File size: 1440354 bytes
MD5: 13670f7583c9985ffbfdc08cd0490628
SHA1: ebf511b7c2309299d30490d8f4652936f8cd81d1
packers: ZIP
packers: PE_Patch







Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
AsusUpdate
ATI - Software Uninstall Utility
ATI Display Driver
BitTorrent 5.0.9
CCleaner (remove only)
DVD Solution
EPSON Printer Software
Google SketchUp 6
Google SketchUp 6
Google Toolbar for Internet Explorer
Gunbound Revolution
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
ijji Auto Installer
ioUrbanTerror 1.0
J2SE Runtime Environment 5.0 Update 3
JMB36X Raid Configurer
Kaspersky Internet Security 7.0
Kaspersky Internet Security 7.0
LimeWire PRO 4.14.10
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Microsoft .NET Framework 2.0
Microsoft Age of Empires Gold
Microsoft Encarta Encyclopedia Standard 2001 - WE
Microsoft Office 2000 Premium
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.8)
MSN
Multimedia Launcher
Mumble and Murmur
Nero OEM
OneCare Advisor (Windows Live Toolbar)
PCI SoftV92 Modem
Popup Blocker (Windows Live Toolbar)
PowerDVD
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB936509)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Shockwave
SoundMAX
Spybot - Search & Destroy
Symantec KB-DocID:2003093015493306
Tabbed Browsing (Windows Live Toolbar)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb943597)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Word 2007 (KB934173)
Urban Terror 4.0
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Yahoo! Toolbar







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:52:10 p.m., on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BC2FE8E-312F-40F3-A591-FD5998855928} - C:\WINDOWS\system32\sstqn.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58E7F7D1-5473-42A1-8C34-EA07E7FD3E19} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe" /tray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent .exe" --force_start_minimized
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/229?67f02ae0e03f456184d7d11364fa989d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-nz\msntabres.dll.mui/230?67f02ae0e03f456184d7d11364fa989d
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: urqooli - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7410 bytes

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:11 PM

Posted 26 December 2007 - 03:46 AM

Hi,

Sorry to jump in, but I see you had IntelligentAdvisor installed. However, it is suddenly gone and I see no traces of it in your logs anymore.
Could you give me more info if you uninstalled that one in between - and do you know how it was installed? Did you install PlayMP3Z as well previously?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 2bleepo2

2bleepo2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 26 December 2007 - 04:20 AM

yup sum how i got PlayMP3Z on the same day so i deleted it and then uninstalled intelligent advisor as it kept producing pop ups

i think i tried to uninstall it through the programs list im not sure if its properly unistalled

im also un sure of how i got PlayMP3Z
it some how appeared in my programs list and i found it suspicious because it had not been there before
so there fore i unistalled it through the programmes list when u click start
then i found the intelligent advisor folder in programmes files through my computer and that seemed suspicious as well as it wasnt there before so i unistalled it by clicking on the unistall file in the folder
i believe i got both PlayMP3Z and intelligent advisor on the same day

Edited by 2bleepo2, 26 December 2007 - 04:39 AM.


#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:11 PM

Posted 26 December 2007 - 07:33 AM

Thank you very much for the feedback on this :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:11 PM

Posted 29 December 2007 - 03:38 AM

Hi!

Step #1

Combofix has been updated. Please delete your old Combofix.exe and download a fresh Combofix.exe from Here.
  • Double click on Combofix.exe & follow the prompts.
  • When the scan has finished, it shall produce a log for you. Post that log in your next reply
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Step #2
  • Download RenV.exe by sUBs to your desktop
  • Double click on t to run it
  • It will search your system drive looking for any modified .exe file and will produce a log for you. Post also that report in your next reply
Step #3

Please post a fresh HijackThis log, Combofix log and RenV.exe log
Posted Image

#9 2bleepo2

2bleepo2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 December 2007 - 01:16 AM

ComboFix 07-12-21.4 - user 2007-12-30 19:04:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.553 [GMT 13:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-30 )))))))))))))))))))))))))))))))
.

2007-12-27 17:30 . 2007-12-27 17:30 <DIR> d-------- C:\Program Files\Xplosiv
2007-12-26 17:02 . 2007-12-26 17:10 3,788 --a------ C:\WINDOWS\imsins.BAK
2007-12-26 17:01 . 2007-10-11 12:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-26 17:01 . 2007-07-01 16:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-26 17:01 . 2007-07-01 16:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-26 17:01 . 2007-10-11 12:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-26 17:01 . 2007-10-11 12:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-26 17:01 . 2007-10-11 12:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-26 17:01 . 2007-10-11 12:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-26 17:01 . 2007-10-11 12:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-26 17:01 . 2007-10-10 23:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-26 11:51 . 2007-12-26 12:02 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-26 11:51 . 2007-12-26 11:51 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-26 11:50 . 2007-12-26 11:50 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-26 11:50 . 2007-12-30 18:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-26 11:50 . 2007-12-30 19:10 5,153,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-26 11:50 . 2007-12-30 19:10 77,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-26 11:50 . 2007-12-30 15:24 71,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-26 11:50 . 2007-12-30 15:24 9,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-26 11:45 . 2007-12-26 11:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-12-25 22:21 . 2007-12-25 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-25 21:58 . 2007-12-25 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-25 19:26 . 2007-12-26 12:03 6,641 --ahs---- C:\WINDOWS\system32\nqtss.ini2
2007-12-25 15:40 . 2007-12-26 12:03 6,601 --ahs---- C:\WINDOWS\system32\nqtss.ini
2007-12-25 12:13 . 2007-12-25 23:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-25 12:13 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-24 18:04 . 2006-09-18 21:41 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-12-24 18:04 . 2006-09-18 21:41 56,832 --a------ C:\WINDOWS\system32\iyvu9_32.dll
2007-12-24 17:49 . 2007-12-24 17:49 <DIR> d-------- C:\Program Files\Microsoft Games
2007-12-24 14:39 . 2007-12-24 14:40 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-24 14:35 . 2007-12-24 14:37 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-12-23 20:28 . 2007-12-26 11:58 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-23 20:27 . 2007-12-26 11:58 352,256 --a------ C:\WINDOWS\system32\JMRaidTool .exe
2007-12-21 13:34 . 2007-12-27 18:36 2,665 --a------ C:\WINDOWS\SwSys2.bmp
2007-12-21 13:34 . 2007-12-27 18:36 2,665 --a------ C:\WINDOWS\SwSys1.bmp
2007-12-21 13:32 . 2007-12-21 13:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-20 19:34 . 2007-12-20 19:34 <DIR> d-------- C:\Documents and Settings\user\Application Data\TVU Networks
2007-12-18 00:44 . 2007-12-18 00:44 219,664 --a------ C:\WINDOWS\system32\klogon.dll
2007-12-18 00:43 . 2007-12-18 00:43 23,396 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 13:28 . 2007-12-13 13:28 24,592 --a------ C:\WINDOWS\system32\drivers\klim5.sys
2007-12-03 10:50 . 2007-12-13 17:33 <DIR> d-------- C:\Program Files\Mumble
2007-11-30 16:22 . 2007-11-30 16:22 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-22 20:11 . 2007-12-26 22:38 <DIR> d-------- C:\Program Files\QuickTime
2007-11-18 19:51 . 2007-11-18 19:51 244 --ah----- C:\sqmnoopt09.sqm
2007-11-18 19:51 . 2007-11-18 19:51 232 --ah----- C:\sqmdata09.sqm
2007-11-18 19:03 . 2007-11-18 19:03 244 --ah----- C:\sqmnoopt08.sqm
2007-11-18 19:03 . 2007-11-18 19:03 232 --ah----- C:\sqmdata08.sqm
2007-11-18 18:54 . 2007-11-18 18:54 244 --ah----- C:\sqmnoopt07.sqm
2007-11-18 18:54 . 2007-11-18 18:54 232 --ah----- C:\sqmdata07.sqm
2007-11-18 18:34 . 2007-11-18 18:34 244 --ah----- C:\sqmnoopt06.sqm
2007-11-18 18:34 . 2007-11-18 18:34 232 --ah----- C:\sqmdata06.sqm
2007-11-08 19:45 . 2007-11-08 19:45 <DIR> d-------- C:\Program Files\Microsoft Encarta
2007-11-07 16:34 . 2007-12-26 12:04 <DIR> d-------- C:\WINDOWS\system32\updater
2007-11-07 16:34 . 2007-11-07 16:34 9 --a------ C:\boot.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-29 23:44 --------- d-----w C:\Program Files\UrbanTerror
2007-12-26 21:51 --------- d-----w C:\Documents and Settings\user\Application Data\LimeWire
2007-12-26 04:32 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-26 04:10 --------- d-----w C:\Program Files\BitTorrent
2007-12-26 04:06 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 04:06 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-12-26 04:05 --------- d-----w C:\Program Files\Google
2007-12-25 22:58 --------- d-----w C:\Documents and Settings\user\Application Data\BitTorrent
2007-12-24 23:39 --------- d-----w C:\Program Files\MSN Messenger
2007-12-24 22:39 --------- d-----w C:\Program Files\CCleaner
2007-12-24 01:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-23 00:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 01:48 --------- d-----w C:\Program Files\Tremulous
2007-12-12 08:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 03:37 --------- d-----w C:\Program Files\LimeWire
2007-10-31 00:41 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 04:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-26 23:08 692,224 ----a-w C:\WINDOWS\system32\ijjiSetup.exe
2004-10-01 02:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-26_16.38.15.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-02-28 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2006-02-28 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2006-02-28 12:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2007-10-11 06:13:44 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-10-11 06:13:44 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-10-11 06:13:44 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2006-02-28 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2006-02-28 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2006-02-28 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2006-02-28 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2006-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2006-02-28 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2006-02-28 12:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-10-11 06:13:44 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2006-02-28 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2006-02-28 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2006-02-28 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2006-02-28 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-10-11 06:13:44 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-10-11 06:13:44 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2006-02-28 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2006-02-28 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-10-30 10:16:33 3,058,688 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-10-11 06:13:45 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2006-02-28 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2006-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-10-11 06:13:45 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-10-11 06:13:45 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2006-02-28 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-10-11 06:13:45 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 05:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 05:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 04:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 04:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-02-28 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-10-11 06:13:45 615,424 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2006-02-28 12:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2006-02-28 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-10-11 06:13:45 659,456 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 05:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 05:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\advpack.dll
+ 2007-08-13 05:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\dxtrans.dll
+ 2007-08-13 05:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\extmgr.dll
+ 2007-08-13 05:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\icardie.dll
+ 2007-08-13 05:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ie4uinit.exe
+ 2007-08-13 05:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakeng.dll
+ 2007-08-13 05:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieaksie.dll
+ 2007-08-13 04:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieakui.dll
+ 2007-02-12 03:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dat
+ 2007-07-10 23:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieapfltr.dll
+ 2007-08-13 05:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iedkcs32.dll
+ 2007-08-13 05:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieframe.dll
+ 2007-08-13 05:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iernonce.dll
+ 2007-08-13 05:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iertutil.dll
+ 2007-08-13 05:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\ieudinit.exe
+ 2007-08-13 05:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe
+ 2007-08-13 05:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\jsproxy.dll
+ 2007-08-13 05:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeeds.dll
+ 2007-08-13 05:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msfeedsbs.dll
+ 2007-08-13 05:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtml.dll
+ 2007-08-13 05:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mshtmled.dll
+ 2007-08-13 05:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\msrating.dll
+ 2007-08-13 05:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\mstime.dll
+ 2007-08-13 05:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\occache.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
+ 2007-06-30 20:22:56 371,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\updspapi.dll
+ 2007-08-13 05:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\url.dll
+ 2007-08-13 05:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\urlmon.dll
+ 2007-08-13 05:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\webcheck.dll
+ 2007-08-13 05:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
+ 2007-12-27 04:31:17 45,056 ----a-r C:\WINDOWS\Installer\{F62C8B8B-1365-44DA-A538-E3EEA6885320}\ARPPRODUCTICON.exe
+ 2007-12-27 04:31:17 45,056 ----a-r C:\WINDOWS\Installer\{F62C8B8B-1365-44DA-A538-E3EEA6885320}\Cricket.exe1_F62C8B8B136544DAA538E3EEA6885320.exe
+ 2007-12-27 04:31:17 45,056 ----a-r C:\WINDOWS\Installer\{F62C8B8B-1365-44DA-A538-E3EEA6885320}\Cricket.exe11_F62C8B8B136544DAA538E3EEA6885320.exe
+ 2007-12-27 04:31:17 131,072 ----a-r C:\WINDOWS\Installer\{F62C8B8B-1365-44DA-A538-E3EEA6885320}\NewShortcut1_1F87C53569D24183A2C4DA09B6248368.exe
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2006-02-28 12:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 05:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2006-02-28 12:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2006-02-28 12:00:00 61,440 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2007-08-13 05:39:20 71,680 -c--a-w C:\WINDOWS\system32\dllcache\admparse.dll
- 2006-02-28 12:00:00 99,840 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-02-28 12:00:00 28,672 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 05:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
- 2007-10-11 06:13:44 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-13 05:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-10-11 06:13:44 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-10-11 06:13:44 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-02-28 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2007-08-13 05:18:02 60,416 -c--a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
- 2006-02-28 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2006-02-28 12:00:00 139,264 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00 216,576 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2006-02-28 12:00:00 323,584 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-10-10 11:16:27 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 05:44:02 69,120 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-02-28 12:00:00 81,920 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 05:45:18 78,336 -c--a-w C:\WINDOWS\system32\dllcache\ieencode.dll
- 2007-10-11 06:13:44 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-13 05:54:10 191,488 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-02-28 12:00:00 48,640 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2006-02-28 12:00:00 62,976 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2007-08-13 05:39:12 55,296 -c--a-w C:\WINDOWS\system32\dllcache\iesetup.dll
- 2006-02-28 12:00:00 93,184 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2006-02-28 12:00:00 35,840 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 05:36:06 36,352 -c--a-w C:\WINDOWS\system32\dllcache\imgutil.dll
- 2007-10-11 06:13:44 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 05:39:02 92,672 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2007-11-14 07:26:56 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-08-13 05:38:04 491,520 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-10-11 06:13:44 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00:00 22,016 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 05:44:18 40,960 -c--a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00:00 29,184 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2007-08-13 05:32:30 45,568 -c--a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2007-10-30 10:16:33 3,058,688 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-10-30 16:12:30 3,590,656 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-10-11 06:13:45 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
+ 2007-08-13 05:01:12 48,128 -c--a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2006-02-28 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 05:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
- 2007-10-11 06:13:45 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-10-11 06:13:45 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-02-28 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-10-11 06:13:45 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-13 05:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2006-02-28 12:00:00 37,888 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-10-11 06:13:45 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-02-28 12:00:00 417,792 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 05:54:10 413,696 -c--a-w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-02-28 12:00:00 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
+ 2006-03-24 04:37:50 49,152 -c--a-w C:\WINDOWS\system32\dllcache\wdigest.dll
- 2006-02-28 12:00:00 276,480 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-10-11 06:13:45 659,456 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-10-11 06:13:44 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 05:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-10-11 06:13:44 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-10-10 23:55:51 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2007-10-11 06:13:44 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 132,608 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-28 19:05:44 26,112 ------w C:\WINDOWS\system32\idndl.dll
- 2006-02-28 12:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-10-10 10:59:40 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2006-02-28 12:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-10-10 23:55:51 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2006-02-28 12:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-10-10 23:55:51 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2006-02-28 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-10-10 05:46:55 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2006-02-28 12:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-10-10 23:55:52 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2006-02-28 12:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-08-13 05:45:18 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
+ 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-10-11 06:13:44 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 05:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-02-28 12:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2006-02-28 12:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 05:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 05:54:10 180,736 ------w C:\WINDOWS\system32\ieui.dll
- 2006-02-28 12:00:00 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 05:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2007-10-11 06:13:44 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 05:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 05:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-10-11 06:13:44 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-10-10 23:55:56 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2006-02-28 12:00:00 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 05:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 05:36:40 12,288 ------w C:\WINDOWS\system32\msfeedssync.exe
- 2006-02-28 12:00:00 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 05:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2007-10-30 10:16:33 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-10-30 16:12:30 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-10-11 06:13:45 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-10-10 23:55:58 478,208 ------w C:\WINDOWS\system32\mshtmled.dll
- 2006-02-28 12:00:00 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 05:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2006-02-28 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 05:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2007-10-11 06:13:45 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-10-10 23:55:58 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-10-11 06:13:45 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-10-10 23:55:59 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 04:59:26 24,576 ------w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-28 19:05:44 23,552 ------w C:\WINDOWS\system32\normaliz.dll
- 2006-02-28 12:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-10-10 23:55:59 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2007-10-11 06:13:45 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 05:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\system32\shell32.dll
- 2006-02-28 12:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-10-11 06:13:45 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2006-02-28 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-08-13 05:54:10 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2006-02-28 12:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2006-02-28 12:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 05:45:16 206,336 ------w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-10-11 06:13:45 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ------w C:\WINDOWS\system32\xmllite.dll
- 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BC2FE8E-312F-40F3-A591-FD5998855928}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58E7F7D1-5473-42A1-8C34-EA07E7FD3E19}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr .exe" [2007-12-25 12:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-02-03 23:11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqooli]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
D:\Theme\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 16:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 16:39]
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-05 09:53]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-30 19:10:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-30 19:13:22
C:\ComboFix2.txt ... 2007-12-26 16:49
.
2007-12-26 05:46:00 --- E O F ---





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:49 p.m., on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3BC2FE8E-312F-40F3-A591-FD5998855928} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58E7F7D1-5473-42A1-8C34-EA07E7FD3E19} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr .Exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: wbsys.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: urqooli - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6389 bytes






Ran on Sun 30/12/2007 - 19:15:49.81

----a-w		   925,696 2007-12-25 22:57:59  C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w		   716,800 2007-12-25 22:57:59  C:\Program Files\Analog Devices\SoundMAX\Smax4						   .exe
----a-w			68,856 2007-12-25 22:58:04  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w			31,016 2007-12-25 22:58:01  C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
----a-w		 5,674,352 2007-12-24 23:39:17  C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w		 1,460,560 2007-12-25 22:58:12  C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w			15,360 2007-12-25 22:58:04  C:\WINDOWS\system32\ctfmon .exe
----a-w		   352,256 2007-12-25 22:58:01  C:\WINDOWS\system32\JMRaidTool .exe
----a-w		 1,440,354 2007-12-25 22:44:36  C:\WINDOWS\system32\updater\explorer .exe

 Entries:				9  (9)
 Directories:			0  Files:			 9
 Bytes:		 10,685,250  Blocks:	   20,872


#10 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:11 PM

Posted 01 January 2008 - 08:30 AM

Hi!

Please click your Start button then Click on Run and type in the following without the quotes: "notepad" Then copy (Ctrl C) and paste (Ctrl V) the following text in the codebox,

C:\Program Files\Analog Devices\Core\smax4pnp .exe
C:\Program Files\Analog Devices\SoundMAX\Smax4						   .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\MSN Messenger\MsnMsgr .Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\JMRaidTool .exe
C:\WINDOWS\system32\updater\explorer .exe

Please save this as Log.txt, and place it along with where you have RenV.exe located.

Posted Image

Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a new log for you. Post that log in your next reply.
Posted Image

#11 2bleepo2

2bleepo2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 06 January 2008 - 05:02 AM

hi soz my bandwidth ran out took ages to load page thanks 4 help

#12 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:11 PM

Posted 06 January 2008 - 07:07 AM

That's Ok. Post the logs back here when you have time... ;)

Edited by Baabiouz, 06 January 2008 - 07:07 AM.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users