Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help To Remove Trojan.


  • This topic is locked This topic is locked
1 reply to this topic

#1 kevink2008

kevink2008

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 04 September 2008 - 10:46 AM

HijLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:15 AM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\comcasttoolbar.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [ac19f53e] rundll32.exe "C:\WINDOWS\system32\qfnuyfpf.dll",b
O4 - HKLM\..\Run: [BMaf2ac6a2] Rundll32.exe "C:\WINDOWS\system32\hwiedabg.dll",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1167182608143
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/TrueInstall.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: ekuxxk.dll qwhrpg.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe

--
End of file - 5818 bytesComboFix 08-09-03.01 - Kevin 2008-09-03 18:02:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.175 [GMT -4:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\#SharedObjects\74S4VL8K\interclick.com
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\#SharedObjects\74S4VL8K\interclick.com\ud.sol
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Kevin\My Documents\My Documents.url
C:\Documents and Settings\Kevin\My Documents\My Music\My Music.url
C:\Documents and Settings\Kevin\My Documents\My Videos\My Video.url
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\WINDOWS\BMaf2ac6a2.txt
C:\WINDOWS\BMaf2ac6a2.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bmuxkg.dll
C:\WINDOWS\system32\bpmskovo.dll
C:\WINDOWS\system32\DfNTstwa.ini
C:\WINDOWS\system32\DfNTstwa.ini2
C:\WINDOWS\system32\EeKRrtwa.ini
C:\WINDOWS\system32\EeKRrtwa.ini2
C:\WINDOWS\system32\hgGvvurq.dll
C:\WINDOWS\system32\irqkwvxr.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ovoksmpb.ini
C:\WINDOWS\system32\pmnkIXNd.dll
C:\WINDOWS\system32\pqptcrel.dll
C:\WINDOWS\system32\rlmmdixa.ini

.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-09-03 18:19 . 2008-09-03 18:20 498 --ahs---- C:\WINDOWS\system32\DfNTstwa.ini
2008-09-03 14:48 . 2004-08-04 00:56 96,768 -----c--- C:\WINDOWS\system32\dllcache\dpcdll.dll
2008-09-03 14:47 . 2004-08-04 00:56 380,416 --a------ C:\WINDOWS\system32\irprops.cpl
2008-09-03 14:47 . 2004-08-04 00:56 162,304 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-09-03 13:10 . 2008-09-03 10:10 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-09-03 11:19 . 2008-09-03 11:19 <DIR> d-------- C:\Program Files\AdwareAlert
2008-09-03 11:19 . 2008-09-03 11:20 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\AdwareAlert
2008-09-03 10:10 . 2008-09-03 13:09 <DIR> d-------- C:\Documents and Settings\Kevin\.housecall6.6
2008-09-03 09:15 . 2004-08-03 22:31 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-09-03 09:14 . 2001-08-23 17:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-03 09:13 . 2001-08-23 17:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-03 09:12 . 2001-08-23 17:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-03 09:11 . 2001-08-17 22:36 312,832 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_aqueue.dll
2008-09-03 09:10 . 2001-08-23 17:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-09-03 09:10 . 2001-08-23 17:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-09-03 09:10 . 2001-08-23 17:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-09-03 09:10 . 2001-08-23 17:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2008-09-03 09:10 . 2001-08-23 17:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-09-03 09:10 . 2001-08-23 17:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-09-03 09:10 . 2001-08-23 17:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-09-03 09:05 . 2008-09-03 09:05 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-03 09:05 . 2008-09-03 09:05 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-03 09:05 . 2008-09-03 09:05 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-03 09:05 . 2008-09-03 09:05 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-03 09:05 . 2008-09-03 09:05 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-03 09:05 . 2008-09-03 09:05 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-03 09:03 . 2004-08-04 00:56 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2008-09-03 09:01 . 2004-08-04 00:56 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2008-09-03 09:01 . 2004-08-04 00:56 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2008-09-03 09:01 . 2004-08-04 00:56 68,608 --a------ C:\WINDOWS\system32\access.cpl
2008-09-03 08:57 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2008-09-03 08:57 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-09-03 08:56 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-09-03 08:55 . 2001-08-17 12:11 66,591 --a------ C:\WINDOWS\system32\drivers\el90xbc5.sys
2008-09-03 08:54 . 2004-08-03 23:01 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2008-09-03 08:54 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-09-03 08:54 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-09-03 08:54 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-09-03 08:51 . 2002-08-29 02:30 1,086,182 -ra------ C:\WINDOWS\SET3A.tmp
2008-09-02 21:58 . 2008-09-02 21:58 0 --a------ C:\WINDOWS\VPC32.INI
2008-09-02 21:43 . 2008-09-02 21:44 <DIR> d-------- C:\Program Files\Symantec
2008-09-02 21:43 . 2008-09-02 21:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-02 21:43 . 2002-09-25 17:00 123,619 --a------ C:\WINDOWS\system32\SYMEVNT.386
2008-09-02 21:43 . 2002-09-25 17:00 83,672 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-02 21:43 . 2002-09-25 17:00 73,224 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-02 20:39 . 2008-09-02 20:39 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-02 20:04 . 2008-09-02 20:11 <DIR> d-------- C:\DoD-CERT(2)
2008-09-02 17:26 . 2008-09-02 20:04 <DIR> d-------- C:\Program Files\Mozilla Firefox(3)
2008-09-01 23:03 . 2008-09-02 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-09-01 23:01 . 2008-09-01 23:01 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-09-01 23:01 . 2008-09-02 20:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-09-01 20:37 . 2008-09-02 20:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec(5)
2008-09-01 16:15 . 2008-09-01 16:15 311,296 --a------ C:\WINDOWS\system32\awtsTNfD.dll
2008-09-01 14:16 . 2008-09-01 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-08-31 11:14 . 2008-08-31 11:14 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-08-31 11:13 . 2008-08-31 11:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-31 11:13 . 2008-08-31 11:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-30 22:29 . 2008-08-31 11:13 <DIR> d-------- C:\Program Files\Mozilla Firefox(2)
2008-08-30 11:31 . 2008-08-31 11:13 <DIR> d-------- C:\Program Files\Apple Software Update(2)
2008-08-29 13:26 . 2008-08-31 11:14 <DIR> d-------- C:\Program Files\Adobe Media Player(2)
2008-08-26 14:39 . 2008-08-26 15:25 <DIR> d-------- C:\My apartment
2008-08-18 14:18 . 2008-08-18 16:42 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\ICQ
2008-08-18 12:05 . 2008-08-18 16:43 <DIR> d-------- C:\Program Files\ICQ6
2008-08-17 22:20 . 2008-08-18 08:41 <DIR> d-------- C:\Program Files\ICQ610_55_47
2008-08-17 20:21 . 2008-08-17 20:21 0 --a------ C:\WINDOWS\system32\R8DJ2mj6.exe.a_a
2008-08-17 20:00 . 2008-08-18 08:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\COMCASTTOOLBAR
2008-08-17 11:39 . 2008-08-17 11:39 0 --a------ C:\WINDOWS\system32\0VlH6NIM.exe.a_a
2008-08-08 23:24 . 2008-08-28 20:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-08 23:24 . 2008-08-08 23:24 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 21:32 --------- d-----w C:\Documents and Settings\Kevin\Application Data\ComcastToolbar
2008-09-03 18:57 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Skype
2008-09-03 15:04 --------- d-----w C:\Program Files\ComcastToolbar
2008-09-03 15:02 --------- d-----w C:\Program Files\Common Files\Scanner
2008-09-03 03:38 --------- d-----w C:\Program Files\NavNT
2008-09-03 01:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-03 00:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-03 00:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-03 00:04 --------- d-----w C:\Program Files\Java
2008-09-02 02:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-18 20:28 --------- d-----w C:\Program Files\ICQLite
2008-08-15 23:17 --------- d-----w C:\Documents and Settings\Kevin\Application Data\LimeWire
2008-08-02 23:57 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-07-29 00:01 --------- d-----w C:\Program Files\napster
2008-07-27 14:52 --------- d-----w C:\Program Files\PestPatrol
2008-07-13 03:04 --------- d-----w C:\Program Files\Trend Micro
2008-07-12 13:28 --------- d-----w C:\Documents and Settings\Kevin\Application Data\AVG7
2008-07-12 13:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-07-10 00:23 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-08 22:35 --------- d-----w C:\Program Files\Netscape
2008-07-08 01:28 --------- d-----w C:\Program Files\SpywareDetector
2008-07-07 01:47 --------- d-----w C:\Documents and Settings\Kevin\Application Data\ErrorSmart
2008-07-05 17:44 --------- d-----w C:\Program Files\AOD
2008-07-05 12:34 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-05 12:02 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-04 18:05 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-07-04 03:31 --------- d-----w C:\Program Files\Google
2008-05-17 02:35 237,568 ----a-w C:\Program Files\Uninstall Morpheus Toolbar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{060c4c41-67ea-4c05-a752-561ec950d22b}]
2008-09-03 18:20 119808 --a------ C:\WINDOWS\system32\gluzfx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{129FBD6B-DE15-4B41-913E-10DE67A7D097}]
2008-09-01 16:15 311296 --a------ C:\WINDOWS\system32\awtsTNfD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [2008-08-21 9098480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-08-06 155648]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-01-17 684032]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 497376]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"vptray"="C:\PROGRA~1\NavNT\vptray.exe" [2002-09-23 73728]
"BMaf2ac6a2"="C:\WINDOWS\system32\svyahina.dll" [2008-09-03 89600]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 00:56 628224 C:\WINDOWS\system32\catsrvut.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awtsTNfD
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DcomLaunch"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\kav\\kav7\\setup.exe"=

R3 es1969;ESS 1969 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es1969.sys [2001-08-17 72192]
R3 S3SAVAGE4M;S3SAVAGE4M;C:\WINDOWS\system32\DRIVERS\s3sav4m.sys [2001-08-17 77824]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 10664]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ac19f53e - C:\WINDOWS\system32\bpmskovo.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\ayqw4jd7.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 18:18:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\DfNTstwa.ini 498 bytes
C:\WINDOWS\system32\svyahina.dll 89600 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\awtsTNfD.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\awtsTNfD.dll
-> C:\WINDOWS\system32\svyahina.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-09-03 18:23:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 22:23:03

Pre-Run: 68,319,047,680 bytes free
Post-Run: 68,674,084,864 bytes free

226 --- E O F --- 2008-07-08 03:37:05

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:02:39 AM

Posted 06 September 2008 - 08:42 PM

Please stick with our thread at techsupport guy. Thanks
Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users