Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help me with HijackThis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help me with HijackThis

Unread postby carrotgal » October 9th, 2007, 2:17 pm

Please help me fix my crazy computer.

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:12:11 AM, on 10/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\SUZIEP~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\SUZIEP~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/uwin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BounceBack Setup] "C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\kixfxqeh.dll",sitypnow
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6797354358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6799513718
O20 - AppInit_DLLs: wxvault.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm
Advertisement
Register to Remove

Unread postby random/random » October 10th, 2007, 4:42 pm

First of all, you are using an older version of HijackThis. Please do the following to download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:
  1. Save HJTInstall.exe to your desktop.
  2. Double-click on HJTInstall.exe to run the program.
  3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
  4. Accept the license agreement by clicking the "I Accept" button.
  5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  6. Click "Save log" to save the log file and then the log will open in Notepad.
  7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  8. Come back here to this thread and paste the log in your next reply.
  9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


You may delete the older version once you have successfully downloaded and installed the latest version of HijackThis v2.0.2.

Then please upload this file:

C:\WINDOWS\system32\wxvault.dll

To either jotti or virustotal & post the results as a reply to this topic
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby carrotgal » October 10th, 2007, 5:53 pm

Thank you so much for your help. I have downloaded the newer HijackTHis and this is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:00 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/uwin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BounceBack Setup] "C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\gtdcbsun.dll",sitypnow
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6797354358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6799513718
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10302 bytes
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby carrotgal » October 10th, 2007, 6:30 pm

These are the results of the Jotti Scan:
Scan taken on 10 Oct 2007 22:28:42 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby random/random » October 11th, 2007, 12:28 pm

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby carrotgal » October 12th, 2007, 12:52 am

Unfortunately I am not able to run this software. I get an error message:

Freeware implementation of REG.EXE has encountered a problem and needs to close. We are sorry for the inconvenience.
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby carrotgal » October 12th, 2007, 1:06 am

Another error message that pops up after I close is "The instruction at 0x0047312a" references memory at "0x00b60de2". The memory could not be read.
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby carrotgal » October 12th, 2007, 2:09 am

Hello, I installed an update for Windows Defender and rebooted my computer and tried the combofix again. This time it worked. INterestingly, I have not gotten any popups in the last few minutes and my IE is running faster than before instead of having the lag. I don't know if the update helped to fix my problem? Anyway, here is the file from the combofix:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\dixynuhs.dll
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\gifrfggb.dll
C:\WINDOWS\system32\iowaqigm.dll
C:\WINDOWS\system32\jkhhe.dll
C:\WINDOWS\system32\mgiqawoi.ini
C:\WINDOWS\system32\peepyirt.dll
C:\WINDOWS\system32\shunyxid.ini
C:\WINDOWS\system32\vtuttqp.dll
C:\WINDOWS\system32\vtuuuvv.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-11 21:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 14:38 6,976 --a------ C:\WINDOWS\system32\qpuyiavb.dll
2007-10-10 14:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-09 14:08 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 17:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-08 12:05 <DIR> d-------- C:\Program Files\UWICK
2007-10-08 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-08 10:22 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-10-08 10:20 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-08 10:20 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-08 10:20 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-10-08 10:20 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-10-08 10:20 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-08 10:19 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 10:19 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 09:47 <DIR> d-------- C:\Documents and Settings\Suzie Pun\Application Data\Lavasoft
2007-10-07 12:26 <DIR> d-------- C:\quarantine
2007-10-06 12:44 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-05 09:57 <DIR> d-------- C:\WINDOWS\system32\vMW02a
2007-10-05 09:57 <DIR> d-------- C:\Temp\xOe
2007-09-15 13:46 <DIR> dr-h----- C:\Documents and Settings\Suzie Pun\Application Data\SecuROM
2007-09-15 13:14 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-15 11:29 <DIR> d-------- C:\Program Files\Ubisoft
2007-09-15 11:28 1 --a------ C:\WINDOWS\system32\SI.bin
2007-09-14 08:01 <DIR> d-------- C:\Program Files\iPod
2007-09-14 07:58 <DIR> d-------- C:\Program Files\QuickTime
2007-09-14 07:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-14 07:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-14 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 12:08 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\Wave Systems Corp
2007-10-08 19:17 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\U3
2007-10-08 19:06 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\SSH
2007-10-08 17:23 --------- d-----w C:\Program Files\Network Associates
2007-10-08 16:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:01 --------- d-----w C:\Program Files\iTunes
2007-09-14 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-14 14:53 --------- d-----w C:\Program Files\Apple Software Update
2007-09-05 19:57 --------- d-----w C:\Program Files\CambridgeSoft
2007-09-05 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CambridgeSoft
2007-09-04 17:53 --------- d-----w C:\Program Files\Infotriever
2003-02-13 13:16 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2003-02-13 13:15 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2003-02-13 13:02 35,190 ----a-w C:\WINDOWS\inf\i386\M5623_24.bin
2003-02-13 13:02 151,552 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2003-02-13 13:02 148,469 ----a-w C:\WINDOWS\inf\i386\M5623_24.dll
2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 10:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 14:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 14:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 14:45]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 06:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"BounceBack Setup"="C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2003-02-14 06:13]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 05:06]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 11:43]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2006-02-14 02:32]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-15 08:52:28]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-30 15:21:13]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 09:11:42]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2006-08-30 15:30:27]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 17:48:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\jkhhe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WinDrvr.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
S2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b716936-3e26-11db-899d-0015c5455e12}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5815557a-5e4a-11dc-8bdd-0016cf282806}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 15:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-12 05:35:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 23:03:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 23:04:38 - machine was rebooted
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby carrotgal » October 12th, 2007, 2:12 am

And, here is the latest Hijackthis file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:16 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/uwin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BounceBack Setup] "C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6797354358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6799513718
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10469 bytes
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby random/random » October 12th, 2007, 3:07 pm

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: Select all
    DirLook::
    C:\quarantine
    C:\WINDOWS\system32\vMW02a
    C:\Temp\xOe
    C:\WINDOWS\SxsCaPendDel
    C:\Program Files\UWICK
    File::
    C:\WINDOWS\system32\qpuyiavb.dll
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b716936-3e26-11db-899d-0015c5455e12}]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby carrotgal » October 12th, 2007, 7:04 pm

Hello! I have followed your instructions and here are the logs:

FILE::
C:\WINDOWS\system32\qpuyiavb.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\qpuyiavb.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 )))))))))))))))))))))))))))))))
.

2007-10-12 15:39 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-11 21:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 14:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-09 14:08 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 17:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-10-08 12:05 <DIR> d-------- C:\Program Files\UWICK
2007-10-08 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-08 10:22 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-10-08 10:20 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-08 10:20 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-08 10:20 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-10-08 10:20 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-10-08 10:20 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-08 10:19 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 10:19 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 09:47 <DIR> d-------- C:\Documents and Settings\Suzie Pun\Application Data\Lavasoft
2007-10-07 12:26 <DIR> d-------- C:\quarantine
2007-10-06 12:44 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-05 09:57 <DIR> d-------- C:\WINDOWS\system32\vMW02a
2007-10-05 09:57 <DIR> d-------- C:\Temp\xOe
2007-09-15 13:46 <DIR> dr-h----- C:\Documents and Settings\Suzie Pun\Application Data\SecuROM
2007-09-15 13:14 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-15 11:29 <DIR> d-------- C:\Program Files\Ubisoft
2007-09-15 11:28 1 --a------ C:\WINDOWS\system32\SI.bin
2007-09-14 08:01 <DIR> d-------- C:\Program Files\iPod
2007-09-14 07:58 <DIR> d-------- C:\Program Files\QuickTime
2007-09-14 07:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-14 07:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-14 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 22:41 --------- d-----w C:\Program Files\Java
2007-10-11 12:08 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\Wave Systems Corp
2007-10-08 19:17 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\U3
2007-10-08 19:06 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\SSH
2007-10-08 17:23 --------- d-----w C:\Program Files\Network Associates
2007-10-08 16:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:01 --------- d-----w C:\Program Files\iTunes
2007-09-14 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-14 14:53 --------- d-----w C:\Program Files\Apple Software Update
2007-09-05 19:57 --------- d-----w C:\Program Files\CambridgeSoft
2007-09-05 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CambridgeSoft
2007-09-04 17:53 --------- d-----w C:\Program Files\Infotriever
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
2003-02-13 13:16 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2003-02-13 13:15 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2003-02-13 13:02 35,190 ----a-w C:\WINDOWS\inf\i386\M5623_24.bin
2003-02-13 13:02 151,552 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2003-02-13 13:02 148,469 ----a-w C:\WINDOWS\inf\i386\M5623_24.dll
2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\UWICK ----

2006-10-25 12:53 32768 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\TectiaUserConfig.exe
2006-08-29 15:39 2672 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\global.dat
2006-08-16 10:30 368 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\licenses\stc51.dat
2006-08-15 22:53 888832 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-cmpclient-g3.exe
2006-08-15 22:53 737280 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-ekview-g3.exe
2006-08-15 22:53 614400 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-certview-g3.exe
2006-08-15 22:43 589824 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-keygen2.exe
2006-08-15 22:43 589824 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-keygen-g3.exe
2006-08-15 22:40 827392 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sftpg3.exe
2006-08-15 22:40 827392 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sftp2.exe
2006-08-15 22:40 790528 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\scpg3.exe
2006-08-15 22:40 790528 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\scp2.exe
2006-08-15 22:40 532480 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sshg3.exe
2006-08-15 22:40 532480 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\ssh2.exe
2006-08-15 22:40 393216 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-user-fileio.exe
2006-08-15 22:40 1118208 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\ssh-client-g3.exe
2006-08-15 22:39 180224 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\sshclientngres_en.dll
2006-08-15 22:39 1699840 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ssh-tectia-configuration.exe
2006-08-15 22:38 372736 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ssh-broker-g3.exe
2006-08-15 22:38 1949696 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-gui.exe
2006-08-15 22:38 1474560 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-cli.exe
2006-08-15 22:37 61440 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_cryptolib.dll
2006-08-15 22:37 53248 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_gssapi.dll
2006-08-15 22:37 45056 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_kbdint.dll
2006-08-15 22:37 40960 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_password.dll
2006-08-15 22:37 36864 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_kexdh.dll
2006-08-15 22:37 32768 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_authc_publickey.dll
2006-08-15 22:37 28672 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_mac_crypticore.dll
2006-08-15 22:37 28672 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\plugin_cipher_crypticore.dll
2006-08-15 22:36 110592 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\sshtectia.dll
2006-08-15 22:32 2408999 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSHClientHelp.chm
2006-08-15 22:32 2408999 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ConnectorHelp.chm
2006-08-15 20:59 25509 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\SSH_Tectia_Client_5.1_EULA.rtf
2006-08-15 20:59 17208 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\SSH_Tectia_Client_5.1_EULA.txt
2006-08-15 20:58 3187277 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\Server-admin.pdf
2006-08-15 20:55 3833252 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\Client-user.pdf
2006-08-15 20:53 3464223 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\Clientserver-product.pdf
2006-08-15 20:53 223967 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\documents\G3-migration.pdf
2006-07-03 09:21 5735 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Broker\ssh-broker-config-example.xml
2006-06-15 11:38 6859 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-broker-ng\ssh-broker-ng-config-1.dtd
2006-06-05 15:44 1476 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\ssh-broker-ng\ssh-broker-config-default.xml
2006-05-25 09:05 12769 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\ssh-broker-config.xml
2006-04-10 12:19 413696 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\msvcp60.dll
2006-03-24 11:27 871 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck.xml
2006-03-24 11:27 800 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck-gui.xml
2006-03-24 11:27 557 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-new-password.xml
2006-01-26 12:00 1197 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\8.ssh2
2006-01-26 12:00 1197 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\4.ssh2
2006-01-26 12:00 1197 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\12.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\7.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\3.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\11.ssh2
2006-01-26 12:00 1196 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\10.ssh2
2006-01-26 12:00 1195 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\9.ssh2
2006-01-26 12:00 1190 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\2.ssh2
2006-01-26 12:00 1189 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\1.ssh2
2006-01-26 12:00 1175 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\6.ssh2
2006-01-26 12:00 1174 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\5.ssh2
2006-01-26 11:24 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_83ad65c1a88ad330f71b7c8683154000ef5615ce
2006-01-25 11:33 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_d2617e619b28403252407782c8750e66e55a708a
2006-01-25 11:22 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_79ab3a976d9b4e522e782079daed1e6d9af4e083
2006-01-25 10:59 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_ff1c0898af6fed29488bd5c523b6c092fef4f5e1
2006-01-25 10:56 64 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\salt
2006-01-25 10:56 41 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\keys_a3cc3b283999c04f8f5a2fb0648c6a8e58652980
2005-09-28 12:47 8628 --a------ C:\Program Files\UWICK\TTermPro\TTP.GID
2005-09-28 10:07 655 --a------ C:\Program Files\UWICK\TTermPro\rename.vbs
2005-09-05 15:06 690 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck2.xml
2005-09-05 15:06 619 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeycheck2-gui.xml
2005-09-05 15:06 2128 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeychanged.xml
2005-09-05 15:06 1803 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostkeychanged-gui.xml
2005-08-08 12:21 7127 --a------ C:\Program Files\UWICK\TTermPro\TERATERM.INI
2005-08-08 09:07 9629 --a------ C:\Program Files\UWICK\TTermPro\ssh_known_hosts
2005-07-04 10:11 393 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-password.xml
2005-06-11 15:47 383 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-username.xml
2005-06-11 14:40 454 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-passphrase.xml
2005-03-30 15:17 57344 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\ccmac128.dll
2005-03-30 15:17 45056 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\ccsc128.dll
2005-03-08 09:12 27326 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\keymap22.map
2005-03-08 09:12 27326 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\keymap22.map
2005-03-08 09:12 2601 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\output.map
2005-03-08 09:12 2601 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\output.map
2005-02-15 15:23 303104 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Plugins\5.1\sshcrypto1.dll
2005-02-03 09:33 8464 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\Support binaries\SpOrder.dll
2005-01-31 11:18 4001792 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\qt-mt333.dll
2005-01-31 11:18 1069056 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\BCGCB62.dll
2005-01-18 14:14 334 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\af-hostname.xml
2004-12-03 12:05 756 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_cicero.myuw.net.pub
2004-12-02 21:54 3278 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia AUX\common\ssh-secsh-auth-form-1.dtd
2004-03-02 14:35 98304 --a------ C:\Program Files\UWICK\TTermPro\ttpdlg.dll
2004-03-02 14:35 87342 --a------ C:\Program Files\UWICK\TTermPro\ttermp.hlp
2004-03-02 14:35 81920 --a------ C:\Program Files\UWICK\TTermPro\ttpset.dll
2004-03-02 14:35 61440 --a------ C:\Program Files\UWICK\TTermPro\ttpcmn.dll
2004-03-02 14:35 241664 --a------ C:\Program Files\UWICK\TTermPro\ttermpro.exe
2004-03-02 14:35 114688 --a------ C:\Program Files\UWICK\TTermPro\ttpfile.dll
2003-06-03 10:58 225358 --a------ C:\Program Files\UWICK\TTermPro\ttxssh.dll
2003-06-03 10:27 6850 --a------ C:\Program Files\UWICK\TTermPro\curie.INI
2003-06-02 20:46 8373 --a------ C:\Program Files\UWICK\TTermPro\RSAREF.TXT
2003-06-02 20:46 751 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_shell.myuw.net.pub
2003-06-02 17:43 6850 --a------ C:\Program Files\UWICK\TTermPro\keynes.ini
2003-06-02 17:43 6843 --a------ C:\Program Files\UWICK\TTermPro\fms.ini
2003-06-02 17:43 2557 --a------ C:\Program Files\UWICK\TTermPro\kerberos.ini
2003-06-02 09:58 80384 --a------ C:\Program Files\UWICK\TTermPro\ttptek.dll
2003-06-02 09:58 770 --a------ C:\Program Files\UWICK\TTermPro\readme.txt
2003-06-02 09:58 74086 --a------ C:\Program Files\UWICK\TTermPro\macroj.hlp
2003-06-02 09:58 70868 --a------ C:\Program Files\UWICK\TTermPro\macro.hlp
2003-06-02 09:58 5262 --a------ C:\Program Files\UWICK\TTermPro\readmej.txt
2003-06-02 09:58 425 --a------ C:\Program Files\UWICK\TTermPro\login.ttl
2003-06-02 09:58 339968 --a------ C:\Program Files\UWICK\TTermPro\libeay32.dll
2003-06-02 09:58 3071 --a------ C:\Program Files\UWICK\TTermPro\lss.cnf
2003-06-02 09:58 3038 --a------ C:\Program Files\UWICK\TTermPro\keynes.CNF
2003-06-02 09:58 249 --a------ C:\Program Files\UWICK\TTermPro\delpassw.ttl
2003-06-02 09:58 1593 --a------ C:\Program Files\UWICK\TTermPro\fms.cnf
2003-06-02 09:58 13915 --a------ C:\Program Files\UWICK\TTermPro\keycodej.txt
2003-06-02 09:58 13120 --a------ C:\Program Files\UWICK\TTermPro\keycode.txt
2003-06-02 09:58 109222 --a------ C:\Program Files\UWICK\TTermPro\ttermpj.hlp
2003-06-02 09:58 1047 --a------ C:\Program Files\UWICK\TTermPro\dialup.ttl
2003-06-02 09:57 767 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_red.cac.washington.edu.pub
2003-06-02 09:57 762 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_fastrans.u.washington.edu.pub
2003-06-02 09:57 761 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_roswell.u.washington.edu.pub
2003-06-02 09:57 761 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_pisco.cac.washington.edu.pub
2003-06-02 09:57 761 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_aagaard.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_wheels.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_vitcos.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_keynes.u.washington.edu.pub
2003-06-02 09:57 760 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_becker.u.washington.edu.pub
2003-06-02 09:57 759 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_homer.u.washington.edu.pub
2003-06-02 09:57 759 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_dante.u.washington.edu.pub
2003-06-02 09:57 759 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_curie.u.washington.edu.pub
2003-06-02 09:57 758 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_mead.u.washington.edu.pub
2003-06-02 09:57 758 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_bank.u.washington.edu.pub
2003-06-02 09:57 378 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_littlejohn.u.washington.edu.pub
2003-06-02 09:57 377 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_secure2.cac.washington.edu.pub
2003-06-02 09:57 377 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_secure1.cac.washington.edu.pub
2003-06-02 09:57 376 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_sisyphus.u.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_rmequip.u.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_olympia.u.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_nazca.cac.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_hope2.cac.washington.edu.pub
2003-06-02 09:57 375 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_hope1.cac.washington.edu.pub
2003-06-02 09:57 374 --a------ C:\Program Files\UWICK\SSH Tectia\SSH Tectia Client\SSH\HostKeys\key_22_castor.u.washington.edu.pub
2003-06-02 09:57 3489 --a------ C:\Program Files\UWICK\TTermPro\Libeay.txt
2003-06-02 09:57 2600 --a------ C:\Program Files\UWICK\TTermPro\PC98KEYB.CNF
2003-06-02 09:57 2599 --a------ C:\Program Files\UWICK\TTermPro\NT98KEYB.CNF
2003-06-02 09:57 2562 --a------ C:\Program Files\UWICK\TTermPro\KEYBOARD.CNF
2003-06-02 09:57 2562 --a------ C:\Program Files\UWICK\TTermPro\IBMKEYB.CNF
2003-06-02 09:57 14497 --a------ C:\Program Files\UWICK\TTermPro\TTP.HLP
1999-09-22 12:25 28672 --a------ C:\Program Files\UWICK\TTermPro\ttssh.exe
1999-02-01 17:53 30720 --a------ C:\Program Files\UWICK\TTermPro\keycode.exe
1999-02-01 17:53 188416 --a------ C:\Program Files\UWICK\TTermPro\ttpmacro.exe

---- Directory of C:\quarantine ----

2007-10-10 15:38 154624 --a------ C:\quarantine\7d7aaf26211280.bup
2007-10-10 15:35 12288 --a------ C:\quarantine\7d7aaf231f2fd0.bup
2007-10-09 12:49 154624 --a------ C:\quarantine\7d7a9c311e1280.bup
2007-10-09 12:49 12288 --a------ C:\quarantine\7d7a9c312b2610.bup
2007-10-08 12:49 12288 --a------ C:\quarantine\7d7a8c31241f40.bup
2007-10-08 12:47 78336 --a------ C:\quarantine\7d7a8c2f327d0.bup
2007-10-08 12:47 78336 --a------ C:\quarantine\7d7a8c2f3138a0.bup

---- Directory of C:\Temp\xOe ----


---- Directory of C:\WINDOWS\SxsCaPendDel ----


---- Directory of C:\WINDOWS\system32\vMW02a ----



((((((((((((((((((((((((((((( snapshot@2007-10-11_23.04.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 10:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 14:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 14:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 14:45]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 06:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"BounceBack Setup"="C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2003-02-14 06:13]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 05:06]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 11:43]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2006-02-14 02:32]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-15 08:52:28]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-30 15:21:13]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 09:11:42]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2006-08-30 15:30:27]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 17:48:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WinDrvr.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5815557a-5e4a-11dc-8bdd-0016cf282806}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 15:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-12 22:42:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 15:48:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-12 15:49:25 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-11 23:04
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:32 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBReminder.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/uwin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BounceBack Setup] "C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6797354358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6799513718
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10634 bytes
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby random/random » October 13th, 2007, 8:25 am

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    Code: Select all
    Folder::
    C:\Temp\xOe
    C:\WINDOWS\SxsCaPendDel
    C:\WINDOWS\system32\vMW02a
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Please also post a description of any remaining problems
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby carrotgal » October 13th, 2007, 12:11 pm

Here is my Combofix file and Hijack file:
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\xOe
C:\WINDOWS\SxsCaPendDel
C:\WINDOWS\system32\vMW02a

.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-12 15:39 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-11 21:41 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 14:50 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-10 14:33 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-10-09 14:08 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-08 12:05 <DIR> d-------- C:\Program Files\UWICK
2007-10-08 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-08 10:22 1,495,552 --a------ C:\WINDOWS\system32\epoPGPsdk.dll
2007-10-08 10:20 168,776 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-10-08 10:20 72,264 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-10-08 10:20 64,360 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-10-08 10:20 52,136 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2007-10-08 10:20 34,152 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-10-08 10:19 <DIR> d-------- C:\Program Files\McAfee
2007-10-08 10:19 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-10-08 09:47 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-08 09:47 <DIR> d-------- C:\Documents and Settings\Suzie Pun\Application Data\Lavasoft
2007-10-07 12:26 <DIR> d-------- C:\quarantine
2007-10-06 12:44 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-15 13:46 <DIR> dr-h----- C:\Documents and Settings\Suzie Pun\Application Data\SecuROM
2007-09-15 13:14 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-09-15 11:29 <DIR> d-------- C:\Program Files\Ubisoft
2007-09-15 11:28 1 --a------ C:\WINDOWS\system32\SI.bin
2007-09-14 08:01 <DIR> d-------- C:\Program Files\iPod
2007-09-14 07:58 <DIR> d-------- C:\Program Files\QuickTime
2007-09-14 07:57 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-14 07:57 <DIR> d-------- C:\Program Files\Common Files\Apple
2007-09-14 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 22:41 --------- d-----w C:\Program Files\Java
2007-10-11 12:08 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\Wave Systems Corp
2007-10-08 19:17 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\U3
2007-10-08 19:06 --------- d-----w C:\Documents and Settings\Suzie Pun\Application Data\SSH
2007-10-08 17:23 --------- d-----w C:\Program Files\Network Associates
2007-10-08 16:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-08 16:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-15 18:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:01 --------- d-----w C:\Program Files\iTunes
2007-09-14 15:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-14 14:53 --------- d-----w C:\Program Files\Apple Software Update
2007-09-05 19:57 --------- d-----w C:\Program Files\CambridgeSoft
2007-09-05 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\CambridgeSoft
2007-09-04 17:53 --------- d-----w C:\Program Files\Infotriever
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-31 02:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 02:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-31 02:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-31 02:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 02:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 02:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 02:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2003-02-13 13:16 36,864 ----a-w C:\WINDOWS\inf\i386\Vizmicro.dll
2003-02-13 13:15 172,032 ----a-w C:\WINDOWS\inf\i386\viceo.dll
2003-02-13 13:02 35,190 ----a-w C:\WINDOWS\inf\i386\M5623_24.bin
2003-02-13 13:02 151,552 ----a-w C:\WINDOWS\inf\i386\rtscan.dll
2003-02-13 13:02 148,469 ----a-w C:\WINDOWS\inf\i386\M5623_24.dll
2001-08-04 01:29 13,824 ----a-w C:\WINDOWS\inf\i386\Usbscan.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-11_23.04.05.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-11-19 21:36:26 24,681 ----a-w C:\WINDOWS\system32\java.exe
+ 2007-09-25 05:30:28 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2003-11-19 21:36:30 28,779 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 05:30:30 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2007-09-25 06:31:42 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 10:13]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 14:44]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 14:41]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 14:45]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2005-12-19 06:08]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 14:30 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 18:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 12:58]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"BounceBack Setup"="C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" []
"IndexSearch"="C:\Program Files\Scansoft\PaperPort\IndexSearch.exe" [2002-09-23 09:50]
"OneTouch Monitor"="C:\Program Files\Visioneer OneTouch\OneTouchMon.exe" [2003-02-14 06:13]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 05:06]
"masqform.exe"="C:\Program Files\PureEdge\Viewer 6.0\masqform.exe" [2003-12-03 12:43]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-26 11:43]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2006-02-14 02:32]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 08:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 00:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-09-15 08:52:28]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-08-30 15:21:13]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 09:11:42]
BounceBack Launcher.lnk - C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe [2006-08-30 15:30:27]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-08-16 17:48:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"McTaskManager"=2 (0x2)
"McShield"=2 (0x2)
"McAfeeFramework"=2 (0x2)

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 portD;CMS PortIO Service;C:\WINDOWS\system32\DRIVERS\portd2k.sys
R2 WinDriver;WinDriver;C:\WINDOWS\system32\drivers\WinDrvr.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
S2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5815557a-5e4a-11dc-8bdd-0016cf282806}]
AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-26 15:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-13 08:50:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 09:01:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 9:01:47
C:\ComboFix2.txt ... 2007-10-12 15:49
C:\ComboFix3.txt ... 2007-10-11 23:04
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:49 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washington.edu/uwin/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ntu.edu.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BounceBack Setup] "C:\Program Files\CMS Peripherals\BounceBack Express\AppLaunch.exe" /Launchit
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} (InforbitHelper Class) - https://download.infotriever.com/bin/ifhelper.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6797354358
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6799513718
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10566 bytes
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby carrotgal » October 13th, 2007, 2:54 pm

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2590 (20071012)
# vers_arch_module=1.058 (20070906)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=160f3e89b0e6cf48b784591f0cc9cff2
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2007-10-13 06:09:33
# local_time=2007-10-13 11:09:33 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=425856
# found=0
# scan_time=6739
carrotgal
Active Member
 
Posts: 11
Joined: October 9th, 2007, 2:16 pm

Unread postby random/random » October 13th, 2007, 5:52 pm

Delete combofix.exe from your desktop and delete the C:\QooBox\ folder

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  1. Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  2. Install and use a firewall with outbound protection
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
    I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewallor Zonealarm
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  3. Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  4. Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  5. Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  6. Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  7. Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  8. Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  9. Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  10. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware