|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
11-20-2007, 06:11 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 10
OS: Windows XP
|
system tray notification says malware is installed, also, lots of popups
Hi,
There's a yellow triangle on the system tray with an exclamation that keeps popping up notifications. It says that system performance is low or there is malware installed. A lot of popups also show up and IE keeps opening by itself, and eventually freezes. I followed the 5-step instructions but DSS crashes. I ran Hijackthis instead. Here's the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:07:08 PM, on 11/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\hokochkb.dll O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing) O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.4.0.4.cab O16 - DPF: {2C8EEB84-6D60-11D4-BD64-0050048A82BF} (eshare communications NetAgent Customer ActiveX Control version 2) - http://tech-c.mhi.aol.com/netagent/o.../custappx2.CAB O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...3/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (Yahoo! MailTo) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...20/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing) O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 9525 bytes |
|
     |
|
11-20-2007, 06:14 PM
|
#2 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 10
OS: Windows XP
|
Re: system tray notification says malware is installed, also, lots of popups
And also the Panda Activescan log:
Incident Status Location Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\hokochkb.dll Adware:adware/eshopper Not disinfected c:\windows\system32\ESHOPEE.exe Adware:adware/popuper Not disinfected c:\windows\system32\msole32.exe Potentially unwanted tool:application/activitymon Not disinfected c:\program files\amsys Adware:adware/activshopper Not disinfected c:\program files\e-zshopper Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\AltnetDM Potentially unwanted tool:application/need2find Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Need2FindBar Uninstall Spyware:spyware/searchcentrix Not disinfected Windows Registry Adware:adware/instafinder Not disinfected Windows Registry Adware:adware/adbars Not disinfected Windows Registry Dialer:dialer.xd Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546} Adware:adware/activesearch Not disinfected Windows Registry Adware:adware/deskwizz Not disinfected Windows Registry Adware:adware/404search Not disinfected Windows Registry Adware:adware/adblaster Not disinfected Windows Registry Spyware:spyware/media-motor Not disinfected Windows Registry Adware:adware/ieplugin Not disinfected Windows Registry Adware:adware/adsincontext Not disinfected Windows Registry Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.2o7.net/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.atdmt.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.advertising.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.zedo.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ella del rosario\Application Data\Mozilla\Firefox\Profiles\8dn6w8sk.default\cookies.txt[.apmebf.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@2o7[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[10].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[3].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[4].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[5].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[6].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[7].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[8].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ad.yieldmanager[9].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@ads.pointroll[2].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@advertising[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@bluestreak[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[3].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[4].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[5].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[6].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@casalemedia[7].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@doubleclick[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@enhance[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@fastclick[1].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@findwhat[1].txt Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@goclick[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@i.screensavers[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@media.adrevolver[2].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@mediaplex[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@questionmarket[2].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@revenue[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@searchportal.information[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@searchportal.information[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@searchportal.information[3].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@tribalfusion[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@www.burstbeacon[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ella del rosario\Cookies\ella_del_rosario@zedo[1].txt Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ella del rosario\Desktop\cleanPC\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ella del rosario\Desktop\cleanPC\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ella del rosario\Desktop\ComboFix.exe[nircmd.exe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\ella del rosario\Desktop\ComboFix.exe[nircmd.cfexe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\ella del rosario\Desktop\SmitfraudFix\Process.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\ella del rosario\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\dlwixoql.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\dswtmhmj.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\mofugclq.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\ngproxvf.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\qrjatydi.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\rhvqsuwb.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\urclqecd.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\vntmrykt.exe Potentially unwanted tool:Application/AVSystemCare Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\xqedqkpr.exe Potentially unwanted tool:Application/BestSellerAV Not disinfected C:\Documents and Settings\ella del rosario\Local Settings\Temp\~uga6psetup.exe Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\LocalService\Cookies\ella del rosario@doubleclick[1].txt Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt Adware:Adware/PurityScan Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir Adware:Adware/DnsInsider Not disinfected C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinUninstaller.exe.vir Adware:Adware/DollarRevenue Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\atmtd.dll.vir Adware:Adware/DollarRevenue Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\atmtd.dll._.vir Adware:Adware/Zenosearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\dwdsrngt.exe.vir Adware:Adware/Zenosearch Not disinfected C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\kqdsrngk.exe.vir Adware:Adware/SearchAid Not disinfected C:\qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\SYSTEM32\kdmwjkeo.dll Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\SYSTEM32\twinrldq.exe Spyware:Spyware/SecureCenter Not disinfected C:\WINDOWS\SYSTEM32\vvgeowbv.exe Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\yirdnqku.dll Adware:Adware/CommAd Not disinfected C:\WINDOWS\ZWxsYSBkZWwgcm9zYXJpbw\tqUPsm14tqT0wA6WsrLDvT.vbs |
|
|
|
|
11-28-2007, 08:11 AM
|
#4 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 20,048
OS: WinXP and Vista
|
Re: system tray notification says malware is installed, also, lots of popups
Hello chris_nwb,
When did you run ComboFix.exe? I'll want to see that report. Also run dss.exe again and take note of what area it is scanning when it 'crashes', then run dss.exe again, but use these instructions: Click Start>Select 'Run' - then copy/paste the following text into the run box & click OK "%userprofile%\desktop\dss.exe" /config Uncheck whichever area it hung up on. Click Scan! When finished, it shall produce main.txt and extra.txt for you. Post those here along with that C:\ComboFix.txt |
|
|
|
|
12-02-2007, 02:05 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jun 2005
Posts: 10
OS: Windows XP
|
Re: system tray notification says malware is installed, also, lots of popups
Right now, the frequency of popups and that system tray notification icon has been less. I'm not sure if an antivirus update or some other program took care of it. Combofix was run 2007-11-13 20:35:00. The cleaning temp files section was causing dss to hang so I unchecked that option. Attached are the log files. ComboFix 07-11-08.3 - ella del rosario 2007-11-13 20:35:00.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT -8:00] Running from: C:\Documents and Settings\ella del rosario\Desktop\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk C:\Documents and Settings\ella del rosario\Desktop\Live Safety Center.lnk C:\Documents and Settings\ella del rosario\Desktop\Online Security Guide.lnk C:\Documents and Settings\ella del rosario\Favorites\Online Security Guide.lnk C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Program Files\3721 C:\Program Files\3721\assist\asbar.dll C:\Program Files\3721\helper.dll C:\Program Files\Accoona C:\Program Files\Accoona\ASearchAssist.dll C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl\readme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\guid.dat C:\Program Files\amsys\ijl15.dll C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\Common Files\Yazzle1549OinAdmin.exe C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\network monitor C:\Program Files\p2pnetworks C:\Program Files\p2pnetworks\amp2pl.exe C:\WINDOWS\764.exe C:\WINDOWS\7search.dll C:\WINDOWS\aconti.exe C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\cookies.ini C:\WINDOWS\daxtime.dll C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\flt.dll C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\hcwprn.exe C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\iexplorr23.dll C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.dll C:\WINDOWS\kkcomp.exe C:\WINDOWS\kvnab$.exe C:\WINDOWS\kvnab.dll C:\WINDOWS\kvnab.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.dll C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.dll C:\WINDOWS\liqui.exe C:\WINDOWS\ngd.dll C:\WINDOWS\pbar.dll C:\WINDOWS\pbsysie.dll C:\WINDOWS\settn.dll C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\drivers\blank.gif C:\WINDOWS\system32\drivers\box_1.gif C:\WINDOWS\system32\drivers\box_2.gif C:\WINDOWS\system32\drivers\box_3.gif C:\WINDOWS\system32\drivers\button_buynow.gif C:\WINDOWS\system32\drivers\button_freescan.gif C:\WINDOWS\system32\drivers\cell_bg.gif C:\WINDOWS\system32\drivers\cell_footer.gif C:\WINDOWS\system32\drivers\cell_header_block.gif C:\WINDOWS\system32\drivers\cell_header_remove.gif C:\WINDOWS\system32\drivers\cell_header_scan.gif C:\WINDOWS\system32\drivers\detect.htm C:\WINDOWS\system32\drivers\download_box.gif C:\WINDOWS\system32\drivers\download_btn.jpg C:\WINDOWS\system32\drivers\download_now_btn.gif C:\WINDOWS\system32\drivers\footer_back.jpg C:\WINDOWS\system32\drivers\header_1.gif C:\WINDOWS\system32\drivers\header_2.gif C:\WINDOWS\system32\drivers\header_3.gif C:\WINDOWS\system32\drivers\header_4.gif C:\WINDOWS\system32\drivers\header_red_bg.gif C:\WINDOWS\system32\drivers\header_red_free_scan.gif C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif C:\WINDOWS\system32\drivers\infected.gif C:\WINDOWS\system32\drivers\main_back.gif C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg C:\WINDOWS\system32\drivers\product_1_header.gif C:\WINDOWS\system32\drivers\product_1_name_small.gif C:\WINDOWS\system32\drivers\product_2_header.gif C:\WINDOWS\system32\drivers\product_2_name_small.gif C:\WINDOWS\system32\drivers\product_3_header.gif C:\WINDOWS\system32\drivers\product_3_name_small.gif C:\WINDOWS\system32\drivers\product_features.gif C:\WINDOWS\system32\drivers\pt.htm C:\WINDOWS\system32\drivers\rating.gif C:\WINDOWS\system32\drivers\s_detect.htm C:\WINDOWS\system32\drivers\screenshot.jpg C:\WINDOWS\system32\drivers\sep_hor.gif C:\WINDOWS\system32\drivers\sep_vert.gif C:\WINDOWS\system32\drivers\shadow.jpg C:\WINDOWS\system32\drivers\shadow_bg.gif C:\WINDOWS\system32\drivers\spacer.gif C:\WINDOWS\system32\drivers\spy_away_box.jpg C:\WINDOWS\system32\drivers\star.gif C:\WINDOWS\system32\drivers\star_gray.gif C:\WINDOWS\system32\drivers\star_gray_small.gif C:\WINDOWS\system32\drivers\star_small.gif C:\WINDOWS\system32\drivers\style.css C:\WINDOWS\system32\drivers\v.gif C:\WINDOWS\system32\drivers\warning_icon.gif C:\WINDOWS\system32\drivers\win_logo.gif C:\WINDOWS\system32\drivers\x.gif C:\WINDOWS\system32\dwdsrngt.exe C:\WINDOWS\system32\ESHOPEE.exe C:\WINDOWS\system32\hokochkb.dllbox C:\WINDOWS\system32\kqdsrngk.exe C:\WINDOWS\system32\ldcore.dll C:\WINDOWS\system32\ldinfo.ldr C:\WINDOWS\system32\mllmm.dll C:\WINDOWS\SYSTEM32\mmllm.ini C:\WINDOWS\SYSTEM32\mmllm.ini2 C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\msole32.exe C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\vxddsk.exe C:\WINDOWS\system32\winpfz32.sys C:\WINDOWS\system32\wml.exe C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\vxddsk.exe C:\WINDOWS\wbeCheck.exe C:\WINDOWS\wbeInst$.exe C:\WINDOWS\wml.exe C:\WINDOWS\xadbrk.dll C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NETWORK_MONITOR -------\Network Monitor ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-13 20:54 19,200 --a------ C:\WINDOWS\764.exe 2007-11-13 20:45 <DIR> d-------- C:\Program Files\p2pnetworks 2007-11-13 20:45 <DIR> d-------- C:\Program Files\e-zshopper 2007-11-13 20:45 <DIR> d-------- C:\Program Files\amsys 2007-11-13 20:45 <DIR> d-------- C:\Program Files\akl 2007-11-13 20:45 <DIR> d-------- C:\Program Files\Accoona 2007-11-13 20:45 <DIR> d-------- C:\Program Files\3721 2007-11-13 20:32 18,432 --a------ C:\WINDOWS\fkwggshm.exe 2007-11-13 20:31 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-13 20:27 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-13 16:57 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Rabio 2007-11-13 16:56 <DIR> d-------- C:\Program Files\Cool 2007-11-12 23:17 88,128 --a------ C:\WINDOWS\SYSTEM32\kdmwjkeo.dll 2007-11-12 23:16 80,448 --a------ C:\WINDOWS\SYSTEM32\kjorteeh.dll 2007-11-12 23:15 145,984 --a------ C:\WINDOWS\SYSTEM32\hokochkb.dll 2007-11-12 23:14 145,984 --a------ C:\WINDOWS\SYSTEM32\yirdnqku.dll 2007-11-12 23:14 71,232 --a------ C:\WINDOWS\SYSTEM32\akhnjeng.exe 2007-11-12 16:01 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-12 14:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo! 2007-11-12 12:50 <DIR> d-------- C:\Program Files\AntispyStorm 2007-11-12 12:46 4 --a------ C:\WINDOWS\SYSTEM32\stfv.bin 2007-11-12 11:31 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy 2007-11-12 11:31 19,712 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll 2007-11-12 11:09 196,680 --a------ C:\WINDOWS\SYSTEM32\twinrldq.exe 2007-11-12 11:09 12 --a------ C:\WINDOWS\SYSTEM32\dpqaqlqx.bin 2007-11-12 11:08 <DIR> d--hs---- C:\WINDOWS\ZWxsYSBkZWwgcm9zYXJpbw 2007-11-12 11:08 125,444 --a------ C:\WINDOWS\SYSTEM32\vvgeowbv.exe 2007-11-12 11:08 21,504 --a------ C:\WINDOWS\SYSTEM32\aivskurq.dll 2007-11-12 11:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\rMa02yy 2007-11-12 11:05 <DIR> d----c--- C:\temp\abW9 2007-11-12 11:05 36,352 --a------ C:\WINDOWS\SYSTEM32\cbxwuss.dll 2007-10-28 11:46 <DIR> d----c--- C:\Garmin 2007-10-28 11:46 17,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmngen.sys 2007-10-28 11:46 7,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\grmnusb.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 04:45 9,472 ----a-w C:\WINDOWS\cbinst$.exe 2007-11-14 04:45 24,064 ----a-w C:\WINDOWS\wbeInst$.exe 2007-11-14 04:45 18,432 ----a-w C:\WINDOWS\SYSTEM32\ESHOPEE.exe 2007-11-14 04:44 9,472 ----a-w C:\WINDOWS\vxddsk.exe 2007-11-14 04:44 8,960 ----a-w C:\WINDOWS\xadbrk_.exe 2007-11-14 04:44 8,960 ----a-w C:\WINDOWS\SYSTEM32\msole32.exe 2007-11-14 04:44 8,960 ----a-w C:\WINDOWS\adbar.dll 2007-11-14 04:44 8,704 ----a-w C:\WINDOWS\wml.exe 2007-11-14 04:44 8,704 ----a-w C:\WINDOWS\jd2002.dll 2007-11-14 04:44 8,448 ----a-w C:\WINDOWS\xxxvideo.exe 2007-11-14 04:44 8,448 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe 2007-11-14 04:44 31,232 ----a-w C:\WINDOWS\pbsysie.dll 2007-11-14 04:44 31,232 ----a-w C:\WINDOWS\liqad$.exe 2007-11-14 04:44 30,976 ----a-w C:\WINDOWS\kkcomp.exe 2007-11-14 04:44 29,696 ----a-w C:\WINDOWS\liqui.exe 2007-11-14 04:44 28,928 ----a-w C:\WINDOWS\SYSTEM32\wml.exe 2007-11-14 04:44 28,928 ----a-w C:\WINDOWS\SYSTEM32\vxddsk.exe 2007-11-14 04:44 27,392 ----a-w C:\WINDOWS\liqui.dll 2007-11-14 04:44 26,880 ----a-w C:\WINDOWS\kvnab.dll 2007-11-14 04:44 26,112 ----a-w C:\WINDOWS\xadbrk.exe 2007-11-14 04:44 25,600 ----a-w C:\WINDOWS\pbar.dll 2007-11-14 04:44 25,088 ----a-w C:\WINDOWS\liqad.exe 2007-11-14 04:44 23,552 ----a-w C:\WINDOWS\ngd.dll 2007-11-14 04:44 23,552 ----a-w C:\WINDOWS\hcwprn.exe 2007-11-14 04:44 23,552 ----a-w C:\WINDOWS\dp0.dll 2007-11-14 04:44 22,528 ----a-w C:\WINDOWS\daxtime.dll 2007-11-14 04:44 21,504 ----a-w C:\WINDOWS\fhfmm.exe 2007-11-14 04:44 20,736 ----a-w C:\WINDOWS\settn.dll 2007-11-14 04:44 20,736 ----a-w C:\WINDOWS\hotporn.exe 2007-11-14 04:44 19,712 ----a-w C:\WINDOWS\aconti.exe 2007-11-14 04:44 17,408 ----a-w C:\WINDOWS\wbeCheck.exe 2007-11-14 04:44 17,408 ----a-w C:\WINDOWS\kkcomp.dll 2007-11-14 04:44 17,152 ----a-w C:\WINDOWS\spredirect.dll 2007-11-14 04:44 17,152 ----a-w C:\WINDOWS\kvnab$.exe 2007-11-14 04:44 17,152 ----a-w C:\WINDOWS\flt.dll 2007-11-14 04:44 16,640 ----a-w C:\WINDOWS\xadbrk.dll 2007-11-14 04:44 15,104 ----a-w C:\WINDOWS\liqad.dll 2007-11-14 04:44 15,104 ----a-w C:\WINDOWS\7search.dll 2007-11-14 04:44 13,568 ----a-w C:\WINDOWS\iexplorr23.dll 2007-11-14 04:44 13,312 ----a-w C:\WINDOWS\eventlowg.dll 2007-11-14 04:44 13,056 ----a-w C:\WINDOWS\kkcomp$.exe 2007-11-14 04:44 12,544 ----a-w C:\WINDOWS\kvnab.exe 2007-11-14 04:44 11,520 ----a-w C:\WINDOWS\liqui-Uninstaller.exe 2007-11-14 04:44 11,264 ----a-w C:\WINDOWS\ie_32.exe 2007-11-14 04:43 7,713 ----a-w C:\WINDOWS\SYSTEM32\ldcore.dll 2007-11-13 18:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-12 23:57 --------- d-----w C:\Documents and Settings\ella del rosario\Application Data\Yahoo! 2007-11-12 22:23 --------- dc-h--r C:\Documents and Settings\All Users\Application Data\yahoo! 2007-11-12 22:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-11-12 22:19 --------- d-----w C:\Program Files\Yahoo! 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll 2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll 2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll 2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll 2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll 2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll 2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll 2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll 2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll 2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll 2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll 2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll 2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll 2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll 2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll 2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll 2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll 2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll 2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll 2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll 2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll 2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll 2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll 2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll 2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll 2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe 2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe 2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll 2005-07-30 00:24:26 472 --sha-r C:\WINDOWS\ZWxsYSBkZWwgcm9zYXJpbw\tqUPsm14tqT0wA6WsrLDvT.vbs . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c458ac9-84dc-41a8-8eed-e00ec5314771}] 2007-11-12 23:16 80448 --a------ C:\WINDOWS\system32\kjorteeh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}] 2007-11-12 11:05 36352 --a------ C:\WINDOWS\system32\cbxwuss.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C2A9795-B130-4622-B036-BDCAD28602DC}] 2007-11-12 11:50 397312 --a------ C:\Program Files\Cool\Cool.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-12 23:15 145984 --a------ C:\WINDOWS\system32\hokochkb.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}] 2007-11-12 11:08 21504 --a------ C:\WINDOWS\system32\aivskurq.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hokochkb.dll [2007-11-12 23:15 145984] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\hokochkb.dll [2007-11-12 23:15 145984] [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 07:18] "CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-29 23:00] "CTHelper"="CTHELPER.EXE" [2003-02-20 14:45 C:\WINDOWS\SYSTEM32\CTHELPER.EXE] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 10:06] "VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 18:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05] "VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 21:50] "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-07 20:42] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-05-07 15:54] "HostManager"="C:\Program Files\Common Files\AOL\1127536498\ee\AOLSoftware.exe" [2006-09-25 16:52] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-06 20:26] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 14:10] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\cbxwuss.dll [2007-11-12 11:05 36352] [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwuss] cbxwuss.dll 2007-11-12 11:05 36352 C:\WINDOWS\SYSTEM32\cbxwuss.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hokochkb] hokochkb.dll 2007-11-12 23:15 145984 C:\WINDOWS\SYSTEM32\hokochkb.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\mllmm.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ella del rosario^Start Menu^Programs^Startup^Cool - Auto Update.lnk] path=C:\Documents and Settings\ella del rosario\Start Menu\Programs\Startup\Cool - Auto Update.lnk backup=C:\WINDOWS\pss\Cool - Auto Update.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ella del rosario^Start Menu^Programs^Startup^TA_Start.lnk] path=C:\Documents and Settings\ella del rosario\Start Menu\Programs\Startup\TA_Start.lnk backup=C:\WINDOWS\pss\TA_Start.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ella del rosario^Start Menu^Programs^Startup^Think-Adz.lnk] path=C:\Documents and Settings\ella del rosario\Start Menu\Programs\Startup\Think-Adz.lnk backup=C:\WINDOWS\pss\Think-Adz.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\686cf215] rundll32.exe "C:\WINDOWS\system32\kdmwjkeo.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg] REGSVR32.EXE /S CTASIO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] C:\WINDOWS\System32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetK] C:\Program Files\I\nvsr32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] C:\WINDOWS\System32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu] /L:ENG [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] %systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow] "C:\WINDOWS\winshow.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{CF-F2-2B-BA-ZN}] C:\WINDOWS\SYSTEM32\kqdsrngk.exe CHD001 R3 NaiFiltr;NaiFiltr;C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys R3 PRISM;D-Link Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMNDS.sys *Newly Created Service* - HTTPFILTER . Contents of the 'Scheduled Tasks' folder "2007-11-14 04:52:23 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (ELLA-ella del rosario).job" - c:\program files\mcafee.com\vso\mcmnhdlr.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 20:55:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\ESHOPEE.exe 29952 bytes C:\WINDOWS\system32\msole32.exe 20992 bytes scan completed successfully hidden files: 2 ************************************************************************** . Completion time: 2007-11-13 20:57:49 - machine was rebooted . --- E O F --- Deckard's System Scanner v20071014.68 Run by ella del rosario on 2007-12-02 12:54:56 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 5 Restore Point(s) -- 13: 2007-12-02 20:51:49 UTC - RP1146 - Deckard's System Scanner Restore Point 12: 2007-12-02 11:00:47 UTC - RP1145 - Software Distribution Service 3.0 11: 2007-12-01 11:00:35 UTC - RP1144 - Software Distribution Service 3.0 10: 2007-11-30 11:00:24 UTC - RP1143 - Software Distribution Service 3.0 9: 2007-11-29 15:34:22 UTC - RP1142 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2007-11-22 05:55:24 UTC - RP1134 - System Checkpoint Backed up registry hives. Total Physical Memory: 511 MiB (512 MiB recommended). System Drive C: has 10.2 GiB (less than 15%) free. -- HijackThis (run as ella del rosario.exe) ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:56:16 PM, on 12/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Canon\CAL\CALMAIN.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\svchost.exe c:\documents and Settings\ella del rosario\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\ella del rosario.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Connecti |
