Thread: Unable to attach anything to emails and keep getting popups/ads
View Single Post
Old 01-22-2008, 09:18 PM   #7 (permalink)
loreto08
Registered User
 
Join Date: Jan 2008
Posts: 61
OS: Windows XP SP2


Re: Unable to attach anything to emails and keep getting popups/ads
Hi Reid,

Thanks for replying back. I have attached the ComboFix.txt.

ComboFix 08-01-23.1 - Arana 2008-01-22 21:54:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -6:00]
Running from: C:\Documents and Settings\Arana\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Arana\My Documents\CROSOF~1
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\QXJhbmE\
C:\WINDOWS\system32\anuaocrp.dll
C:\WINDOWS\system32\axksgwjr.ini
C:\WINDOWS\system32\ayiytwdj.dll
C:\WINDOWS\system32\bklpbqxm.dll
C:\WINDOWS\system32\bndqdpuk.dll
C:\WINDOWS\system32\bqgfvwjh.dll
C:\WINDOWS\system32\bsdadlsm.dll
C:\WINDOWS\system32\btydfmps.ini
C:\WINDOWS\system32\ceqkurxh.dll
C:\WINDOWS\system32\ciwcdqdm.ini
C:\WINDOWS\system32\covsjauq.ini
C:\WINDOWS\system32\cphptsnq.ini
C:\WINDOWS\system32\ddmvrxff.dll
C:\WINDOWS\system32\dfgvsivh.dll
C:\WINDOWS\system32\dfnnteia.dll
C:\WINDOWS\system32\drqnlppw.ini
C:\WINDOWS\system32\edhxanib.ini
C:\WINDOWS\system32\elgjwlxf.dll
C:\WINDOWS\system32\fchbpbdb.dll
C:\WINDOWS\system32\ffxrvmdd.ini
C:\WINDOWS\system32\fxlwjgle.ini
C:\WINDOWS\system32\gqofxtpu.dll
C:\WINDOWS\system32\gtgnghsv.ini
C:\WINDOWS\system32\gttwtnrq.dll
C:\WINDOWS\system32\gxntjmbv.dll
C:\WINDOWS\system32\gyxpelqq.dll
C:\WINDOWS\system32\hdylmfaa.dll
C:\WINDOWS\system32\hkyggfvx.dll
C:\WINDOWS\system32\hoxpibuq.ini
C:\WINDOWS\system32\hxrukqec.ini
C:\WINDOWS\system32\iemadlpg.dll
C:\WINDOWS\system32\ifcdnsac.dll
C:\WINDOWS\system32\ifdghufj.ini
C:\WINDOWS\system32\iwlybxcb.dll
C:\WINDOWS\system32\jbnmjiac.dll
C:\WINDOWS\system32\jdwtyiya.ini
C:\WINDOWS\system32\kobbftrn.dll
C:\WINDOWS\system32\krcglvyr.ini
C:\WINDOWS\system32\kupdqdnb.ini
C:\WINDOWS\system32\ljhatamb.ini
C:\WINDOWS\system32\lrhrfclt.dll
C:\WINDOWS\system32\lxlnsvdb.dll
C:\WINDOWS\system32\lyrocmaw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdqdcwic.dll
C:\WINDOWS\system32\mgqswbds.dll
C:\WINDOWS\system32\mjfabbfb.ini
C:\WINDOWS\system32\mludwvmw.ini
C:\WINDOWS\system32\mxqbplkb.ini
C:\WINDOWS\system32\najibnrh.ini
C:\WINDOWS\system32\nhxuwikv.dll
C:\WINDOWS\system32\nvebpnet.dll
C:\WINDOWS\system32\nwrcpnkk.dll
C:\WINDOWS\system32\obyphxpo.dll
C:\WINDOWS\system32\opxhpybo.ini
C:\WINDOWS\system32\ovxtsttv.dll
C:\WINDOWS\system32\oxlkvrhj.dll
C:\WINDOWS\system32\oytllbeo.dll
C:\WINDOWS\system32\payhdtdl.dll
C:\WINDOWS\system32\phcgjyjs.ini
C:\WINDOWS\system32\powdoecf.ini
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\prbwsvga.dll
C:\WINDOWS\system32\qjsbqubj.ini
C:\WINDOWS\system32\qnstphpc.dll
C:\WINDOWS\system32\qocpnexv.ini
C:\WINDOWS\system32\qtijugrp.dll
C:\WINDOWS\system32\quajsvoc.dll
C:\WINDOWS\system32\qubipxoh.dll
C:\WINDOWS\system32\rqtxuxrq.dll
C:\WINDOWS\system32\sjrpdjvk.ini
C:\WINDOWS\system32\spikbnss.ini
C:\WINDOWS\system32\spmfdytb.dll
C:\WINDOWS\system32\srkxaurr.exe
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\tldghfxi.dll
C:\WINDOWS\system32\tlrpuwif.dll
C:\WINDOWS\system32\trbwoyjh.ini
C:\WINDOWS\system32\trsfnkfv.dll
C:\WINDOWS\system32\txjjfkfo.dll
C:\WINDOWS\system32\usbdbjxk.ini
C:\WINDOWS\system32\vfknfsrt.ini
C:\WINDOWS\system32\vshgngtg.dll
C:\WINDOWS\system32\vttstxvo.ini
C:\WINDOWS\system32\wchflhdt.dll
C:\WINDOWS\system32\wgvkbuhu.dll
C:\WINDOWS\system32\wmvwdulm.dll
C:\WINDOWS\system32\wtvclpes.dll
C:\WINDOWS\system32\wwbubwly.dll
C:\WINDOWS\system32\xwmqafuo.dll

----- BITS: Possible infected sites -----

hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 15:10 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys
2008-01-22 15:06 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-01-14 23:20 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-14 22:54 . 2008-01-22 15:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-14 22:54 . 2008-01-22 15:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-14 22:54 . 2008-01-22 15:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-14 22:53 . 2008-01-22 16:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02 . 2008-01-14 20:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-14 19:29 . 2008-01-14 19:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 15:27 . 2008-01-14 20:12 <DIR> d-------- C:\Program Files\Turbo C++
2008-01-10 18:24 . 2008-01-22 21:48 16,609 --a------ C:\WINDOWS\BM97b9cf3f.xml
2008-01-10 18:24 . 2008-01-22 21:55 21 --a------ C:\WINDOWS\pskt.ini
2008-01-06 22:33 . 2008-01-12 14:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 22:33 . 2008-01-06 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 23:26 . 2008-01-04 23:38 <DIR> d-------- C:\Program Files\Media Converter SA Edition
2008-01-03 18:30 . 2008-01-04 09:49 354 --ahs---- C:\WINDOWS\system32\uyxmqrpg.ini
2007-12-30 18:02 . 2007-12-30 18:02 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-27 22:52 . 2007-12-27 22:52 <DIR> d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 22:04 --------- d-----w C:\Program Files\iTunes
2008-01-22 22:03 --------- d-----w C:\Program Files\GoogleAFE
2008-01-22 22:03 --------- d-----w C:\Program Files\Google
2008-01-22 21:58 --------- d-----w C:\Program Files\Apoint
2008-01-15 02:00 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-15 01:09 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-01-14 22:35 --------- d-----w C:\Program Files\IrfanView
2008-01-09 15:15 --------- d-----w C:\Program Files\Java
2007-12-31 00:11 --------- d-----w C:\Program Files\QuickTime
2007-12-26 23:20 --------- d-----w C:\Program Files\SopCast
2007-12-17 04:48 --------- d-----w C:\Program Files\Trend Micro
2007-12-17 03:46 10 ----a-w C:\Program Files\.autoreg
2007-12-17 03:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-17 03:39 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-12-03 01:26 --------- d-----w C:\Program Files\Crazy Browser
2007-12-01 16:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-30 00:18 --------- d-----w C:\Program Files\LizardTech
2007-10-11 06:23 56 --sh--r C:\WINDOWS\system32\502EB1F13D.sys
2006-03-18 18:45 56 -csh--r C:\WINDOWS\system32\FA654F8D24.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 11:39 176201]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 06:22 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-08 09:43 1953792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:59 68856]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22 3739648]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 19:20 8192]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:30 823362]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-28 19:41 1122304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-01 20:44 168448]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 06:45 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]
nnnlkkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-28 18:33]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-28 19:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
\Shell\AutoRun\command - reper.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 22:07:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 22:10:17 - machine was rebooted [Arana]
ComboFix-quarantined-files.txt 2008-01-23 04:10:13
.
2008-01-08 21:44:40 --- E O F ---



Here's the new DSS HJT main.txt log (btw, I didn't get any extra.txt during this run):-

Deckard's System Scanner v20071014.68
Run by Arana on 2008-01-22 22:15:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.59 GiB (less than 15%) free.


-- HijackThis (run as Arana.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:37, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Animesh Spyware removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arana.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnlkkh - nnnlkkh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10841 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 15:10:55 8576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-16 18:58:03 0 d-------- C:\Documents and Settings\Kiran\Application Data\Mozilla
2008-01-15 19:27:50 0 d-------- C:\Borland
2008-01-14 23:20:29 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-14 22:53:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02:55 0 d-------- C:\Program Files\Lavasoft
2008-01-14 20:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:35:13 0 d--h----- C:\Documents and Settings\Arana\.huptlzo
2008-01-14 17:35:13 0 d-------- C:\Documents and Settings\Arana\.borland
2008-01-14 15:27:17 0 d-------- C:\Program Files\Turbo C++ <TURBOC~1>
2008-01-14 14:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-04 23:26:00 0 d-------- C:\Program Files\Media Converter SA Edition
2007-12-30 18:02:41 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-27 22:52:16 0 d-------- C:\Garmin


-- Find3M Report ---------------------------------------------------------------

2008-01-22 16:04:04 0 d-------- C:\Program Files\iTunes
2008-01-22 16:03:32 0 d-------- C:\Program Files\GoogleAFE
2008-01-22 16:03:31 0 d-------- C:\Program Files\Google
2008-01-22 15:58:17 0 d-------- C:\Program Files\Apoint
2008-01-14 22:19:50 0 d-------- C:\Program Files\Common Files
2008-01-14 20:00:04 0 d-------- C:\Program Files\Microsoft.NET
2008-01-14 19:09:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-14 16:35:31 0 d-------- C:\Program Files\IrfanView
2008-01-09 10:18:41 5278 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 09:15:30 0 d-------- C:\Program Files\Java
2007-12-30 18:11:18 0 d-------- C:\Program Files\QuickTime
2007-12-26 17:20:59 0 d-------- C:\Program Files\SopCast
2007-12-17 10:09:52 0 d-------- C:\Documents and Settings\Arana\Application Data\Skype
2007-12-17 09:20:47 0 d-------- C:\Documents and Settings\Arana\Application Data\Adobe
2007-12-17 09:20:43 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 22:48:01 0 d-------- C:\Program Files\Trend Micro
2007-12-16 21:46:37 10 --a------ C:\Program Files\.autoreg
2007-12-16 21:39:08 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-16 21:39:03 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-15 17:58:20 0 d-------- C:\Documents and Settings\Arana\Application Data\Ahead
2007-12-11 00:10:00 0 d-------- C:\Documents and Settings\Arana\Application Data\SopCast
2007-12-10 10:32:06 0 d-------- C:\Documents and Settings\Arana\Application Data\AdobeUM
2007-12-03 2255 0 d-------- C:\Documents and Settings\Arana\Application Data\Mozilla
2007-12-02 19:30:57 0 --ahs---- C:\Documents and Settings\Arana\Application Data\f1a797a6f964dcab1e0706db9cb0aec4bf6e3f0a.dat
2007-12-02 19:26:45 0 d-------- C:\Program Files\Crazy Browser
2007-12-01 10:51:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 18:18:07 0 d-------- C:\Program Files\LizardTech
2007-11-25 14:43:00 0 d-------- C:\Documents and Settings\Arana\Application Data\Viewpoint


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 16:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [01/09/2005 17:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [08/09/2005 19:20]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [30/08/2005 16:30]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [28/07/2004 19:41]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/02/2006 20:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [23/02/2006 06:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 10:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [11/04/2006 11:39]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [27/03/2007 06:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 10:24]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [08/04/2005 09:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 15:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [08/08/2006 13:50:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]
nnnlkkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
AutoRun\command- reper.exe




-- End of Deckard's System Scanner: finished at 2008-01-22 22:16:52 ------------
Attached Files
File Type: txt ComboFix.txt (11.3 KB, 3 views)
Last edited by Ried; 01-22-2008 at 09:24 PM.
loreto08 is offline